hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into rust-type-inference-tweaks

Browse Source
This commit is contained in:
Simon Friis Vindum
2025-03-17 13:18:45 +01:00
parent 75355e9e53 e9ca43ae94
commit 81b28df089
270 changed files with 5231 additions and 4686 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
cpp/ql/lib/ext/CA2CAEX.model.yml
View File

@@ -3,16 +3,16 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["ATL", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]

20
cpp/ql/lib/ext/CAtlArray.model.yml
View File

@@ -3,13 +3,13 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]

8
cpp/ql/lib/ext/CAtlFile.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]

18
cpp/ql/lib/ext/CAtlFileMappingBase.model.yml
View File

@@ -3,12 +3,12 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

20
cpp/ql/lib/ext/CAtlList.model.yml
View File

@@ -3,13 +3,13 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]

6
cpp/ql/lib/ext/CAtlTemporaryFile.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

56
cpp/ql/lib/ext/CComBSTR.model.yml
View File

@@ -3,31 +3,31 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"]
- ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
- ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"]
- ["ATL", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
- ["ATL", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

42
cpp/ql/lib/ext/CComSafeArray.model.yml
View File

@@ -3,24 +3,24 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray<T>", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"]
- ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"]
- ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray<T>", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["ATL", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

34
cpp/ql/lib/ext/CPathT.model.yml
View File

@@ -3,21 +3,21 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["ATL", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"]
- ["ATL", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
# Note: These don't work currently since we cannot use the template parameter in the name of the function
# - ["", "CPathT<T>", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
# - ["", "CPathT<T>", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
# - ["ATL", "CPathT<T>", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
# - ["ATL", "CPathT<T>", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

30
cpp/ql/lib/ext/CRegKey.model.yml
View File

@@ -3,18 +3,18 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

14
cpp/ql/lib/ext/CSimpleArray.model.yml
View File

@@ -3,10 +3,10 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]

16
cpp/ql/lib/ext/CSimpleMap.model.yml
View File

@@ -3,11 +3,11 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["ATL", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]

74
cpp/ql/lib/ext/CSimpleStringT.model.yml
View File

@@ -3,40 +3,40 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "taint", "manual"]
- ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]

6
cpp/ql/lib/ext/CStrBufT.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data:
- ["", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]

2
cpp/ql/lib/ext/CStringData.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data:
- ["", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]

226
cpp/ql/lib/ext/CStringT.model.yml
View File

@@ -3,116 +3,116 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const YCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(LPCSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(LPCWSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(char,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "CStringT", "(const YCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "AllocSysString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "FormatV", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Insert", "(int,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Insert", "(int,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Left", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "Right", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "LoadString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "LoadString", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "MakeLower", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "MakeReverse", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "MakeUpper", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "Mid", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "Replace", "(PCXSTR,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "Replace", "(XCHAR,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
- ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "Argument[**0]", "value", "manual"]
- ["", "CStringT", True, "SpanExcluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "SpanIncluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "Tokenize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CStringT", True, "Trim", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "TrimLeft", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "TrimRight", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["", "", True, "operator+", "(const CStringT &,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(const CStringT &,PCXSTR)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(PCXSTR,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(wchar_t, const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+", "(wchar_t,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"]
- ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const YCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(LPCSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(LPCWSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(char,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "CStringT", "(const YCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "AllocSysString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Format", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessageV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatMessageV", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "FormatV", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Insert", "(int,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Insert", "(int,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Left", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "Right", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "LoadString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "LoadString", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "MakeLower", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "MakeReverse", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "MakeUpper", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "Mid", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "Replace", "(PCXSTR,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "Replace", "(XCHAR,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"]
- ["ATL", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "Argument[**0]", "value", "manual"]
- ["ATL", "CStringT", True, "SpanExcluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "SpanIncluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "Tokenize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["ATL", "CStringT", True, "Trim", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "TrimLeft", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "TrimRight", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,PCXSTR)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(PCXSTR,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(char,const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(char,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,char)", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,char)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(wchar_t, const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+", "(wchar_t,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(PCYSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "", True, "operator+=", "(const VARIANT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]

34
cpp/ql/lib/ext/CUrl.model.yml
View File

@@ -3,20 +3,20 @@ extensions:
pack: codeql/cpp-all
extensible: summaryModel
data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["ATL", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["ATL", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["ATL", "CUrl", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll
View File

@@ -6,7 +6,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow
* The `CA2AEX` (and related) classes from the Windows Active Template library.
*/
class Ca2Aex extends Class {
Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) }
Ca2Aex() { this.hasQualifiedName("ATL", ["CA2AEX", "CA2CAEX", "CA2WEX"]) }
}
private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll
View File

@@ -4,7 +4,7 @@ import semmle.code.cpp.models.interfaces.FlowSource
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlFile extends Class {
CAtlFile() { this.hasGlobalName("CAtlFile") }
CAtlFile() { this.hasQualifiedName("ATL", "CAtlFile") }
}
private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction {

4
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll
View File

@@ -4,14 +4,14 @@ import semmle.code.cpp.models.interfaces.FlowSource
* The `CAtlFileMapping` class from Microsoft's Active Template Library.
*/
class CAtlFileMapping extends Class {
CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") }
CAtlFileMapping() { this.hasQualifiedName("ATL", "CAtlFileMapping") }
}
/**
* The `CAtlFileMappingBase` class from Microsoft's Active Template Library.
*/
class CAtlFileMappingBase extends Class {
CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") }
CAtlFileMappingBase() { this.hasQualifiedName("ATL", "CAtlFileMappingBase") }
}
private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction {

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll
View File

@@ -4,7 +4,7 @@ import semmle.code.cpp.models.interfaces.FlowSource
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlTemporaryFile extends Class {
CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") }
CAtlTemporaryFile() { this.hasQualifiedName("ATL", "CAtlTemporaryFile") }
}
private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction {

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll
View File

@@ -4,7 +4,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CComBSTR` class from the Microsoft "Active Template Library". */
class CcomBstr extends Class {
CcomBstr() { this.hasGlobalName("CComBSTR") }
CcomBstr() { this.hasQualifiedName("ATL", "CComBSTR") }
}
private class Mstr extends Field {

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll
View File

@@ -4,7 +4,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CPathT` class from the Microsoft "Active Template Library". */
class CPathT extends Class {
CPathT() { this.hasGlobalName("CPathT") }
CPathT() { this.hasQualifiedName("ATL", "CPathT") }
}
private class MStrPath extends Field {

2
cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll
View File

@@ -5,7 +5,7 @@ private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CRegKey` class from the Microsoft "Active Template Library". */
class CRegKey extends Class {
CRegKey() { this.hasGlobalName("CRegKey") }
CRegKey() { this.hasQualifiedName("ATL", "CRegKey") }
}
module CRegKey {

4
cpp/ql/src/change-notes/2025-03-14-mad-atl-fix.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed a bug in the models for Microsoft's Active Template Library (ATL).

660
cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp
View File

@@ -13,377 +13,381 @@ typedef long long LONGLONG;
typedef unsigned long* ULONG_PTR;
typedef char *LPTSTR;
typedef DWORD* LPDWORD;
typedef ULONG REGSAM;
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;
typedef GUID* REFGUID;
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
typedef struct _FILETIME {
DWORD dwLowDateTime;
DWORD dwHighDateTime;
} FILETIME, *PFILETIME, *LPFILETIME;
using size_t = decltype(sizeof(int));
using SIZE_T = size_t;
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
union {
struct {
DWORD Offset;
DWORD OffsetHigh;
} DUMMYSTRUCTNAME;
PVOID Pointer;
} DUMMYUNIONNAME;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
namespace ATL {
using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED);
typedef ULONG REGSAM;
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;
typedef GUID* REFGUID;
using HKEY = void*;
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
class CAtlTransactionManager;
typedef struct _FILETIME {
DWORD dwLowDateTime;
DWORD dwHighDateTime;
} FILETIME, *PFILETIME, *LPFILETIME;
class CHandle {
CHandle() throw();
CHandle(CHandle& h) throw();
explicit CHandle(HANDLE h) throw();
};
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
union {
struct {
DWORD Offset;
DWORD OffsetHigh;
} DUMMYSTRUCTNAME;
PVOID Pointer;
} DUMMYUNIONNAME;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
struct CAtlFile : public CHandle {
CAtlFile() throw();
CAtlFile(CAtlTransactionManager* pTM) throw();
CAtlFile(CAtlFile& file) throw();
explicit CAtlFile(HANDLE hFile) throw();
using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED);
HRESULT Create(
LPCTSTR szFilename,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
LPSECURITY_ATTRIBUTES lpsa,
HANDLE hTemplateFile) throw();
using HKEY = void*;
class CAtlTransactionManager;
class CHandle {
CHandle() throw();
CHandle(CHandle& h) throw();
explicit CHandle(HANDLE h) throw();
};
struct CAtlFile : public CHandle {
CAtlFile() throw();
CAtlFile(CAtlTransactionManager* pTM) throw();
CAtlFile(CAtlFile& file) throw();
explicit CAtlFile(HANDLE hFile) throw();
HRESULT Create(
LPCTSTR szFilename,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
LPSECURITY_ATTRIBUTES lpsa,
HANDLE hTemplateFile) throw();
HRESULT Flush() throw();
HRESULT GetOverlappedResult(
LPOVERLAPPED pOverlapped,
DWORD& dwBytesTransferred,
BOOL bWait
) throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Seek(
LONGLONG nOffset,
DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
};
void test_CAtlFile() {
CAtlFile catFile;
char buffer[1024];
catFile.Read(buffer, 1024); // $ local_source
}
struct CAtlFileMappingBase {
CAtlFileMappingBase(CAtlFileMappingBase& orig);
CAtlFileMappingBase() throw();
~CAtlFileMappingBase() throw();
HRESULT CopyFrom(CAtlFileMappingBase& orig) throw();
void* GetData() const throw();
HANDLE GetHandle() throw ();
SIZE_T GetMappingSize() throw();
HRESULT MapFile(
HANDLE hFile,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT MapSharedMem(
SIZE_T nMappingSize,
LPCTSTR szName,
BOOL* pbAlreadyExisted,
LPSECURITY_ATTRIBUTES lpsa,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT OpenMapping(
LPCTSTR szName,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwViewDesiredAccess) throw();
HRESULT Unmap() throw();
};
template <typename T>
struct CAtlFileMapping : public CAtlFileMappingBase {
operator T*() const throw();
};
void test_CAtlFileMapping(CAtlFileMapping<char> mapping) {
char* data = static_cast<char*>(mapping); // $ local_source
void* data2 = mapping.GetData(); // $ local_source
}
struct CAtlTemporaryFile {
CAtlTemporaryFile() throw();
~CAtlTemporaryFile() throw();
HRESULT Close(LPCTSTR szNewName) throw();
HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw();
HRESULT Flush() throw();
HRESULT GetOverlappedResult(
LPOVERLAPPED pOverlapped,
DWORD& dwBytesTransferred,
BOOL bWait
) throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT HandsOff() throw();
HRESULT HandsOn() throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize) throw();
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
LPCTSTR TempFileName() throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
operator HANDLE() throw();
};
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
void test_CAtlTemporaryFile() {
CAtlTemporaryFile file;
char buffer[1024];
DWORD bytesRead;
file.Read(buffer, 1024, bytesRead); // $ local_source
}
HRESULT Seek(
LONGLONG nOffset,
DWORD dwFrom) throw();
struct CRegKey {
CRegKey() throw();
CRegKey(CRegKey& key) throw();
explicit CRegKey(HKEY hKey) throw();
CRegKey(CAtlTransactionManager* pTM) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
~CRegKey() throw();
void Attach(HKEY hKey) throw();
LONG Close() throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
LONG Create(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPTSTR lpszClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecAttr,
LPDWORD lpdwDisposition) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
};
LONG DeleteSubKey(LPCTSTR lpszSubKey) throw();
LONG DeleteValue(LPCTSTR lpszValue) throw();
HKEY Detach() throw();
LONG EnumKey(
DWORD iIndex,
LPTSTR pszName,
LPDWORD pnNameLength,
FILETIME* pftLastWriteTime) throw();
LONG Flush() throw();
void test_CAtlFile() {
CAtlFile catFile;
char buffer[1024];
catFile.Read(buffer, 1024); // $ local_source
}
LONG GetKeySecurity(
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR psd,
LPDWORD pnBytes) throw();
LONG NotifyChangeKeyValue(
BOOL bWatchSubtree,
DWORD dwNotifyFilter,
HANDLE hEvent,
BOOL bAsync) throw();
struct CAtlFileMappingBase {
CAtlFileMappingBase(CAtlFileMappingBase& orig);
CAtlFileMappingBase() throw();
~CAtlFileMappingBase() throw();
LONG Open(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
REGSAM samDesired) throw();
HRESULT CopyFrom(CAtlFileMappingBase& orig) throw();
void* GetData() const throw();
HANDLE GetHandle() throw ();
SIZE_T GetMappingSize() throw();
HRESULT MapFile(
HANDLE hFile,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT MapSharedMem(
SIZE_T nMappingSize,
LPCTSTR szName,
BOOL* pbAlreadyExisted,
LPSECURITY_ATTRIBUTES lpsa,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT OpenMapping(
LPCTSTR szName,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwViewDesiredAccess) throw();
HRESULT Unmap() throw();
};
template <typename T>
struct CAtlFileMapping : public CAtlFileMappingBase {
operator T*() const throw();
};
void test_CAtlFileMapping(CAtlFileMapping<char> mapping) {
char* data = static_cast<char*>(mapping); // $ local_source
void* data2 = mapping.GetData(); // $ local_source
}
struct CAtlTemporaryFile {
CAtlTemporaryFile() throw();
~CAtlTemporaryFile() throw();
HRESULT Close(LPCTSTR szNewName) throw();
HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw();
HRESULT Flush() throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT HandsOff() throw();
HRESULT HandsOn() throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
LPCTSTR TempFileName() throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
operator HANDLE() throw();
};
void test_CAtlTemporaryFile() {
CAtlTemporaryFile file;
char buffer[1024];
DWORD bytesRead;
file.Read(buffer, 1024, bytesRead); // $ local_source
}
struct CRegKey {
CRegKey() throw();
CRegKey(CRegKey& key) throw();
explicit CRegKey(HKEY hKey) throw();
CRegKey(CAtlTransactionManager* pTM) throw();
~CRegKey() throw();
void Attach(HKEY hKey) throw();
LONG Close() throw();
LONG Create(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPTSTR lpszClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecAttr,
LPDWORD lpdwDisposition) throw();
LONG DeleteSubKey(LPCTSTR lpszSubKey) throw();
LONG DeleteValue(LPCTSTR lpszValue) throw();
HKEY Detach() throw();
LONG EnumKey(
DWORD iIndex,
LPTSTR pszName,
LPDWORD pnNameLength,
FILETIME* pftLastWriteTime) throw();
LONG Flush() throw();
LONG GetKeySecurity(
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR psd,
LPDWORD pnBytes) throw();
LONG NotifyChangeKeyValue(
BOOL bWatchSubtree,
DWORD dwNotifyFilter,
HANDLE hEvent,
BOOL bAsync) throw();
LONG Open(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
REGSAM samDesired) throw();
LONG QueryBinaryValue(
LPCTSTR pszValueName,
void* pValue,
ULONG* pnBytes) throw();
LONG QueryDWORDValue(
LPCTSTR pszValueName,
DWORD& dwValue) throw();
LONG QueryGUIDValue(
LPCTSTR pszValueName,
GUID& guidValue) throw();
LONG QueryMultiStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryQWORDValue(
LPCTSTR pszValueName,
ULONGLONG& qwValue) throw();
LONG QueryStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryValue(
LONG QueryBinaryValue(
LPCTSTR pszValueName,
DWORD* pdwType,
void* pData,
void* pValue,
ULONG* pnBytes) throw();
LONG QueryValue(
DWORD& dwValue,
LPCTSTR lpszValueName);
LONG QueryDWORDValue(
LPCTSTR pszValueName,
DWORD& dwValue) throw();
LONG QueryValue(
LPTSTR szValue,
LPCTSTR lpszValueName,
DWORD* pdwCount);
LONG QueryGUIDValue(
LPCTSTR pszValueName,
GUID& guidValue) throw();
LONG RecurseDeleteKey(LPCTSTR lpszKey) throw();
LONG QueryMultiStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG SetBinaryValue(
LPCTSTR pszValueName,
const void* pValue,
ULONG nBytes) throw();
LONG QueryQWORDValue(
LPCTSTR pszValueName,
ULONGLONG& qwValue) throw();
LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw();
LONG QueryStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw();
LONG QueryValue(
LPCTSTR pszValueName,
DWORD* pdwType,
void* pData,
ULONG* pnBytes) throw();
LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw();
LONG QueryValue(
DWORD& dwValue,
LPCTSTR lpszValueName);
LONG SetKeyValue(
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName) throw();
LONG QueryValue(
LPTSTR szValue,
LPCTSTR lpszValueName,
DWORD* pdwCount);
LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw();
LONG RecurseDeleteKey(LPCTSTR lpszKey) throw();
LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw();
LONG SetBinaryValue(
LPCTSTR pszValueName,
const void* pValue,
ULONG nBytes) throw();
LONG SetStringValue(
LPCTSTR pszValueName,
LPCTSTR pszValue,
DWORD dwType) throw();
LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw();
LONG SetValue(
LPCTSTR pszValueName,
DWORD dwType,
const void* pValue,
ULONG nBytes) throw();
LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw();
static LONG SetValue(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName);
LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw();
LONG SetValue(
DWORD dwValue,
LPCTSTR lpszValueName);
LONG SetKeyValue(
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName) throw();
LONG SetValue(
LPCTSTR lpszValue,
LPCTSTR lpszValueName,
bool bMulti,
int nValueLen);
LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw();
operator HKEY() const throw();
CRegKey& operator= (CRegKey& key) throw();
LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw();
HKEY m_hKey;
};
LONG SetStringValue(
LPCTSTR pszValueName,
LPCTSTR pszValue,
DWORD dwType) throw();
void test_CRegKey() {
CRegKey key;
char data[1024];
ULONG bytesRead;
key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source
LONG SetValue(
LPCTSTR pszValueName,
DWORD dwType,
const void* pValue,
ULONG nBytes) throw();
DWORD value;
key.QueryDWORDValue("foo", value); // $ local_source
GUID guid;
key.QueryGUIDValue("foo", guid); // $ local_source
key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source
ULONGLONG qword;
key.QueryQWORDValue("foo", qword); // $ local_source
key.QueryStringValue("foo", data, &bytesRead); // $ local_source
key.QueryValue(data, "foo", &bytesRead); // $ local_source
DWORD type;
key.QueryValue("foo", &type, data, &bytesRead); // $ local_source
DWORD value2;
key.QueryValue(value2, "foo"); // $ local_source
static LONG SetValue(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName);
LONG SetValue(
DWORD dwValue,
LPCTSTR lpszValueName);
LONG SetValue(
LPCTSTR lpszValue,
LPCTSTR lpszValueName,
bool bMulti,
int nValueLen);
operator HKEY() const throw();
CRegKey& operator= (CRegKey& key) throw();
HKEY m_hKey;
};
void test_CRegKey() {
CRegKey key;
char data[1024];
ULONG bytesRead;
key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source
DWORD value;
key.QueryDWORDValue("foo", value); // $ local_source
GUID guid;
key.QueryGUIDValue("foo", guid); // $ local_source
key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source
ULONGLONG qword;
key.QueryQWORDValue("foo", qword); // $ local_source
key.QueryStringValue("foo", data, &bytesRead); // $ local_source
key.QueryValue(data, "foo", &bytesRead); // $ local_source
DWORD type;
key.QueryValue("foo", &type, data, &bytesRead); // $ local_source
DWORD value2;
key.QueryValue(value2, "foo"); // $ local_source
}
}

2282
cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
View File

File diff suppressed because it is too large Load Diff

2276
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

File diff suppressed because it is too large Load Diff

1152
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
View File

File diff suppressed because it is too large Load Diff

5
javascript/extractor/src/com/semmle/js/ast/MemberExpression.java
View File

@@ -69,4 +69,9 @@ public class MemberExpression extends Expression
public void setSymbol(int symbol) {
this.symbol = symbol;
}
@Override
public boolean isValidTypeExpression() {
return object instanceof ITypeExpression && ((ITypeExpression)object).isValidTypeExpression() || object instanceof DynamicImport;
}
}

4
javascript/extractor/src/com/semmle/ts/ast/ITypeExpression.java
View File

@@ -10,4 +10,6 @@ import com.semmle.js.ast.Literal;
* however, some expressions such as {@link Literal} type may occur in a type annotation because the
* TypeScript AST does not distinguish <code>null</code> literals from the <code>null</code> type.
*/
public interface ITypeExpression extends INode, ITypedAstNode {}
public interface ITypeExpression extends INode, ITypedAstNode {
public default boolean isValidTypeExpression() { return true; }
}

2
javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java
View File

@@ -1907,7 +1907,7 @@ public class TypeScriptASTConverter {
}
private ITypeExpression asType(Node node) {
return node instanceof ITypeExpression ? (ITypeExpression) node : null;
return node instanceof ITypeExpression && ((ITypeExpression)node).isValidTypeExpression() ? (ITypeExpression) node : null;
}
private List<ITypeExpression> convertChildrenAsTypes(JsonObject node, String child)

6
javascript/extractor/tests/ts/input/invalidExtends.ts Normal file
View File

@@ -0,0 +1,6 @@
interface Invalid extends (foo.bar) {}
interface Invalid extends (foo).bar {}
interface Invalid extends foo[bar] {}
interface Invalid extends foo?.bar {}
interface Invalid extends foo!.bar {}
interface Invalid extends foo() {}

451
javascript/extractor/tests/ts/output/trap/invalidExtends.ts.trap Normal file
View File

@@ -0,0 +1,451 @@
#10000=@"/invalidExtends.ts;sourcefile"
files(#10000,"/invalidExtends.ts")
#10001=@"/;folder"
folders(#10001,"/")
containerparent(#10001,#10000)
#10002=@"loc,{#10000},0,0,0,0"
locations_default(#10002,#10000,0,0,0,0)
hasLocation(#10000,#10002)
#20000=@"global_scope"
scopes(#20000,0)
#20001=@"script;{#10000},1,1"
#20002=*
lines(#20002,#20001,"interface Invalid extends (foo.bar) {}","
")
#20003=@"loc,{#10000},1,1,1,38"
locations_default(#20003,#10000,1,1,1,38)
hasLocation(#20002,#20003)
#20004=*
lines(#20004,#20001,"interface Invalid extends (foo).bar {}","
")
#20005=@"loc,{#10000},2,1,2,38"
locations_default(#20005,#10000,2,1,2,38)
hasLocation(#20004,#20005)
#20006=*
lines(#20006,#20001,"interface Invalid extends foo[bar] {}","
")
#20007=@"loc,{#10000},3,1,3,37"
locations_default(#20007,#10000,3,1,3,37)
hasLocation(#20006,#20007)
#20008=*
lines(#20008,#20001,"interface Invalid extends foo?.bar {}","
")
#20009=@"loc,{#10000},4,1,4,37"
locations_default(#20009,#10000,4,1,4,37)
hasLocation(#20008,#20009)
#20010=*
lines(#20010,#20001,"interface Invalid extends foo!.bar {}","
")
#20011=@"loc,{#10000},5,1,5,37"
locations_default(#20011,#10000,5,1,5,37)
hasLocation(#20010,#20011)
#20012=*
lines(#20012,#20001,"interface Invalid extends foo() {}","
")
#20013=@"loc,{#10000},6,1,6,34"
locations_default(#20013,#10000,6,1,6,34)
hasLocation(#20012,#20013)
numlines(#20001,6,6,0)
#20014=*
tokeninfo(#20014,7,#20001,0,"interface")
#20015=@"loc,{#10000},1,1,1,9"
locations_default(#20015,#10000,1,1,1,9)
hasLocation(#20014,#20015)
#20016=*
tokeninfo(#20016,6,#20001,1,"Invalid")
#20017=@"loc,{#10000},1,11,1,17"
locations_default(#20017,#10000,1,11,1,17)
hasLocation(#20016,#20017)
#20018=*
tokeninfo(#20018,7,#20001,2,"extends")
#20019=@"loc,{#10000},1,19,1,25"
locations_default(#20019,#10000,1,19,1,25)
hasLocation(#20018,#20019)
#20020=*
tokeninfo(#20020,8,#20001,3,"(")
#20021=@"loc,{#10000},1,27,1,27"
locations_default(#20021,#10000,1,27,1,27)
hasLocation(#20020,#20021)
#20022=*
tokeninfo(#20022,6,#20001,4,"foo")
#20023=@"loc,{#10000},1,28,1,30"
locations_default(#20023,#10000,1,28,1,30)
hasLocation(#20022,#20023)
#20024=*
tokeninfo(#20024,8,#20001,5,".")
#20025=@"loc,{#10000},1,31,1,31"
locations_default(#20025,#10000,1,31,1,31)
hasLocation(#20024,#20025)
#20026=*
tokeninfo(#20026,6,#20001,6,"bar")
#20027=@"loc,{#10000},1,32,1,34"
locations_default(#20027,#10000,1,32,1,34)
hasLocation(#20026,#20027)
#20028=*
tokeninfo(#20028,8,#20001,7,")")
#20029=@"loc,{#10000},1,35,1,35"
locations_default(#20029,#10000,1,35,1,35)
hasLocation(#20028,#20029)
#20030=*
tokeninfo(#20030,8,#20001,8,"{")
#20031=@"loc,{#10000},1,37,1,37"
locations_default(#20031,#10000,1,37,1,37)
hasLocation(#20030,#20031)
#20032=*
tokeninfo(#20032,8,#20001,9,"}")
#20033=@"loc,{#10000},1,38,1,38"
locations_default(#20033,#10000,1,38,1,38)
hasLocation(#20032,#20033)
#20034=*
tokeninfo(#20034,7,#20001,10,"interface")
#20035=@"loc,{#10000},2,1,2,9"
locations_default(#20035,#10000,2,1,2,9)
hasLocation(#20034,#20035)
#20036=*
tokeninfo(#20036,6,#20001,11,"Invalid")
#20037=@"loc,{#10000},2,11,2,17"
locations_default(#20037,#10000,2,11,2,17)
hasLocation(#20036,#20037)
#20038=*
tokeninfo(#20038,7,#20001,12,"extends")
#20039=@"loc,{#10000},2,19,2,25"
locations_default(#20039,#10000,2,19,2,25)
hasLocation(#20038,#20039)
#20040=*
tokeninfo(#20040,8,#20001,13,"(")
#20041=@"loc,{#10000},2,27,2,27"
locations_default(#20041,#10000,2,27,2,27)
hasLocation(#20040,#20041)
#20042=*
tokeninfo(#20042,6,#20001,14,"foo")
#20043=@"loc,{#10000},2,28,2,30"
locations_default(#20043,#10000,2,28,2,30)
hasLocation(#20042,#20043)
#20044=*
tokeninfo(#20044,8,#20001,15,")")
#20045=@"loc,{#10000},2,31,2,31"
locations_default(#20045,#10000,2,31,2,31)
hasLocation(#20044,#20045)
#20046=*
tokeninfo(#20046,8,#20001,16,".")
#20047=@"loc,{#10000},2,32,2,32"
locations_default(#20047,#10000,2,32,2,32)
hasLocation(#20046,#20047)
#20048=*
tokeninfo(#20048,6,#20001,17,"bar")
#20049=@"loc,{#10000},2,33,2,35"
locations_default(#20049,#10000,2,33,2,35)
hasLocation(#20048,#20049)
#20050=*
tokeninfo(#20050,8,#20001,18,"{")
#20051=@"loc,{#10000},2,37,2,37"
locations_default(#20051,#10000,2,37,2,37)
hasLocation(#20050,#20051)
#20052=*
tokeninfo(#20052,8,#20001,19,"}")
#20053=@"loc,{#10000},2,38,2,38"
locations_default(#20053,#10000,2,38,2,38)
hasLocation(#20052,#20053)
#20054=*
tokeninfo(#20054,7,#20001,20,"interface")
#20055=@"loc,{#10000},3,1,3,9"
locations_default(#20055,#10000,3,1,3,9)
hasLocation(#20054,#20055)
#20056=*
tokeninfo(#20056,6,#20001,21,"Invalid")
#20057=@"loc,{#10000},3,11,3,17"
locations_default(#20057,#10000,3,11,3,17)
hasLocation(#20056,#20057)
#20058=*
tokeninfo(#20058,7,#20001,22,"extends")
#20059=@"loc,{#10000},3,19,3,25"
locations_default(#20059,#10000,3,19,3,25)
hasLocation(#20058,#20059)
#20060=*
tokeninfo(#20060,6,#20001,23,"foo")
#20061=@"loc,{#10000},3,27,3,29"
locations_default(#20061,#10000,3,27,3,29)
hasLocation(#20060,#20061)
#20062=*
tokeninfo(#20062,8,#20001,24,"[")
#20063=@"loc,{#10000},3,30,3,30"
locations_default(#20063,#10000,3,30,3,30)
hasLocation(#20062,#20063)
#20064=*
tokeninfo(#20064,6,#20001,25,"bar")
#20065=@"loc,{#10000},3,31,3,33"
locations_default(#20065,#10000,3,31,3,33)
hasLocation(#20064,#20065)
#20066=*
tokeninfo(#20066,8,#20001,26,"]")
#20067=@"loc,{#10000},3,34,3,34"
locations_default(#20067,#10000,3,34,3,34)
hasLocation(#20066,#20067)
#20068=*
tokeninfo(#20068,8,#20001,27,"{")
#20069=@"loc,{#10000},3,36,3,36"
locations_default(#20069,#10000,3,36,3,36)
hasLocation(#20068,#20069)
#20070=*
tokeninfo(#20070,8,#20001,28,"}")
#20071=@"loc,{#10000},3,37,3,37"
locations_default(#20071,#10000,3,37,3,37)
hasLocation(#20070,#20071)
#20072=*
tokeninfo(#20072,7,#20001,29,"interface")
#20073=@"loc,{#10000},4,1,4,9"
locations_default(#20073,#10000,4,1,4,9)
hasLocation(#20072,#20073)
#20074=*
tokeninfo(#20074,6,#20001,30,"Invalid")
#20075=@"loc,{#10000},4,11,4,17"
locations_default(#20075,#10000,4,11,4,17)
hasLocation(#20074,#20075)
#20076=*
tokeninfo(#20076,7,#20001,31,"extends")
#20077=@"loc,{#10000},4,19,4,25"
locations_default(#20077,#10000,4,19,4,25)
hasLocation(#20076,#20077)
#20078=*
tokeninfo(#20078,6,#20001,32,"foo")
#20079=@"loc,{#10000},4,27,4,29"
locations_default(#20079,#10000,4,27,4,29)
hasLocation(#20078,#20079)
#20080=*
tokeninfo(#20080,8,#20001,33,"?.")
#20081=@"loc,{#10000},4,30,4,31"
locations_default(#20081,#10000,4,30,4,31)
hasLocation(#20080,#20081)
#20082=*
tokeninfo(#20082,6,#20001,34,"bar")
#20083=@"loc,{#10000},4,32,4,34"
locations_default(#20083,#10000,4,32,4,34)
hasLocation(#20082,#20083)
#20084=*
tokeninfo(#20084,8,#20001,35,"{")
#20085=@"loc,{#10000},4,36,4,36"
locations_default(#20085,#10000,4,36,4,36)
hasLocation(#20084,#20085)
#20086=*
tokeninfo(#20086,8,#20001,36,"}")
#20087=@"loc,{#10000},4,37,4,37"
locations_default(#20087,#10000,4,37,4,37)
hasLocation(#20086,#20087)
#20088=*
tokeninfo(#20088,7,#20001,37,"interface")
#20089=@"loc,{#10000},5,1,5,9"
locations_default(#20089,#10000,5,1,5,9)
hasLocation(#20088,#20089)
#20090=*
tokeninfo(#20090,6,#20001,38,"Invalid")
#20091=@"loc,{#10000},5,11,5,17"
locations_default(#20091,#10000,5,11,5,17)
hasLocation(#20090,#20091)
#20092=*
tokeninfo(#20092,7,#20001,39,"extends")
#20093=@"loc,{#10000},5,19,5,25"
locations_default(#20093,#10000,5,19,5,25)
hasLocation(#20092,#20093)
#20094=*
tokeninfo(#20094,6,#20001,40,"foo")
#20095=@"loc,{#10000},5,27,5,29"
locations_default(#20095,#10000,5,27,5,29)
hasLocation(#20094,#20095)
#20096=*
tokeninfo(#20096,8,#20001,41,"!")
#20097=@"loc,{#10000},5,30,5,30"
locations_default(#20097,#10000,5,30,5,30)
hasLocation(#20096,#20097)
#20098=*
tokeninfo(#20098,8,#20001,42,".")
#20099=@"loc,{#10000},5,31,5,31"
locations_default(#20099,#10000,5,31,5,31)
hasLocation(#20098,#20099)
#20100=*
tokeninfo(#20100,6,#20001,43,"bar")
#20101=@"loc,{#10000},5,32,5,34"
locations_default(#20101,#10000,5,32,5,34)
hasLocation(#20100,#20101)
#20102=*
tokeninfo(#20102,8,#20001,44,"{")
#20103=@"loc,{#10000},5,36,5,36"
locations_default(#20103,#10000,5,36,5,36)
hasLocation(#20102,#20103)
#20104=*
tokeninfo(#20104,8,#20001,45,"}")
#20105=@"loc,{#10000},5,37,5,37"
locations_default(#20105,#10000,5,37,5,37)
hasLocation(#20104,#20105)
#20106=*
tokeninfo(#20106,7,#20001,46,"interface")
#20107=@"loc,{#10000},6,1,6,9"
locations_default(#20107,#10000,6,1,6,9)
hasLocation(#20106,#20107)
#20108=*
tokeninfo(#20108,6,#20001,47,"Invalid")
#20109=@"loc,{#10000},6,11,6,17"
locations_default(#20109,#10000,6,11,6,17)
hasLocation(#20108,#20109)
#20110=*
tokeninfo(#20110,7,#20001,48,"extends")
#20111=@"loc,{#10000},6,19,6,25"
locations_default(#20111,#10000,6,19,6,25)
hasLocation(#20110,#20111)
#20112=*
tokeninfo(#20112,6,#20001,49,"foo")
#20113=@"loc,{#10000},6,27,6,29"
locations_default(#20113,#10000,6,27,6,29)
hasLocation(#20112,#20113)
#20114=*
tokeninfo(#20114,8,#20001,50,"(")
#20115=@"loc,{#10000},6,30,6,30"
locations_default(#20115,#10000,6,30,6,30)
hasLocation(#20114,#20115)
#20116=*
tokeninfo(#20116,8,#20001,51,")")
#20117=@"loc,{#10000},6,31,6,31"
locations_default(#20117,#10000,6,31,6,31)
hasLocation(#20116,#20117)
#20118=*
tokeninfo(#20118,8,#20001,52,"{")
#20119=@"loc,{#10000},6,33,6,33"
locations_default(#20119,#10000,6,33,6,33)
hasLocation(#20118,#20119)
#20120=*
tokeninfo(#20120,8,#20001,53,"}")
#20121=@"loc,{#10000},6,34,6,34"
locations_default(#20121,#10000,6,34,6,34)
hasLocation(#20120,#20121)
#20122=*
tokeninfo(#20122,0,#20001,54,"")
#20123=@"loc,{#10000},7,1,7,0"
locations_default(#20123,#10000,7,1,7,0)
hasLocation(#20122,#20123)
toplevels(#20001,0)
#20124=@"loc,{#10000},1,1,7,0"
locations_default(#20124,#10000,1,1,7,0)
hasLocation(#20001,#20124)
#20125=@"local_type_name;{Invalid};{#20000}"
local_type_names(#20125,"Invalid",#20000)
#20126=*
stmts(#20126,34,#20001,0,"interfa ... bar) {}")
hasLocation(#20126,#20003)
stmt_containers(#20126,#20001)
#20127=*
typeexprs(#20127,1,#20126,0,"Invalid")
hasLocation(#20127,#20017)
enclosing_stmt(#20127,#20126)
expr_containers(#20127,#20001)
literals("Invalid","Invalid",#20127)
typedecl(#20127,#20125)
#20128=*
stmts(#20128,34,#20001,1,"interfa ... .bar {}")
hasLocation(#20128,#20005)
stmt_containers(#20128,#20001)
#20129=*
typeexprs(#20129,1,#20128,0,"Invalid")
hasLocation(#20129,#20037)
enclosing_stmt(#20129,#20128)
expr_containers(#20129,#20001)
literals("Invalid","Invalid",#20129)
typedecl(#20129,#20125)
#20130=*
stmts(#20130,34,#20001,2,"interfa ... bar] {}")
hasLocation(#20130,#20007)
stmt_containers(#20130,#20001)
#20131=*
typeexprs(#20131,13,#20130,-1,"foo[bar]")
#20132=@"loc,{#10000},3,27,3,34"
locations_default(#20132,#10000,3,27,3,34)
hasLocation(#20131,#20132)
enclosing_stmt(#20131,#20130)
expr_containers(#20131,#20001)
#20133=*
typeexprs(#20133,25,#20131,0,"foo")
hasLocation(#20133,#20061)
enclosing_stmt(#20133,#20130)
expr_containers(#20133,#20001)
literals("foo","foo",#20133)
#20134=*
typeexprs(#20134,15,#20131,1,"bar")
hasLocation(#20134,#20065)
enclosing_stmt(#20134,#20130)
expr_containers(#20134,#20001)
literals("bar","bar",#20134)
#20135=*
typeexprs(#20135,1,#20130,0,"Invalid")
hasLocation(#20135,#20057)
enclosing_stmt(#20135,#20130)
expr_containers(#20135,#20001)
literals("Invalid","Invalid",#20135)
typedecl(#20135,#20125)
#20136=*
stmts(#20136,34,#20001,3,"interfa ... .bar {}")
hasLocation(#20136,#20009)
stmt_containers(#20136,#20001)
#20137=*
typeexprs(#20137,13,#20136,-1,"foo?.bar")
#20138=@"loc,{#10000},4,27,4,34"
locations_default(#20138,#10000,4,27,4,34)
hasLocation(#20137,#20138)
enclosing_stmt(#20137,#20136)
expr_containers(#20137,#20001)
#20139=*
typeexprs(#20139,25,#20137,0,"foo")
hasLocation(#20139,#20079)
enclosing_stmt(#20139,#20136)
expr_containers(#20139,#20001)
literals("foo","foo",#20139)
#20140=*
typeexprs(#20140,15,#20137,1,"bar")
hasLocation(#20140,#20083)
enclosing_stmt(#20140,#20136)
expr_containers(#20140,#20001)
literals("bar","bar",#20140)
isOptionalChaining(#20137)
#20141=*
typeexprs(#20141,1,#20136,0,"Invalid")
hasLocation(#20141,#20075)
enclosing_stmt(#20141,#20136)
expr_containers(#20141,#20001)
literals("Invalid","Invalid",#20141)
typedecl(#20141,#20125)
#20142=*
stmts(#20142,34,#20001,4,"interfa ... .bar {}")
hasLocation(#20142,#20011)
stmt_containers(#20142,#20001)
#20143=*
typeexprs(#20143,1,#20142,0,"Invalid")
hasLocation(#20143,#20091)
enclosing_stmt(#20143,#20142)
expr_containers(#20143,#20001)
literals("Invalid","Invalid",#20143)
typedecl(#20143,#20125)
#20144=*
stmts(#20144,34,#20001,5,"interfa ... oo() {}")
hasLocation(#20144,#20013)
stmt_containers(#20144,#20001)
#20145=*
typeexprs(#20145,1,#20144,0,"Invalid")
hasLocation(#20145,#20109)
enclosing_stmt(#20145,#20144)
expr_containers(#20145,#20001)
literals("Invalid","Invalid",#20145)
typedecl(#20145,#20125)
#20146=*
entry_cfg_node(#20146,#20001)
#20147=@"loc,{#10000},1,1,1,0"
locations_default(#20147,#10000,1,1,1,0)
hasLocation(#20146,#20147)
#20148=*
exit_cfg_node(#20148,#20001)
hasLocation(#20148,#20123)
successor(#20144,#20148)
successor(#20142,#20144)
successor(#20136,#20142)
successor(#20130,#20136)
successor(#20128,#20130)
successor(#20126,#20128)
successor(#20146,#20126)
numlines(#10000,6,6,0)
filetype(#10000,"typescript")

4
javascript/ql/lib/change-notes/2025-03-14-escape.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added additional flow step for `unescape()` and `escape()`.

3
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -494,7 +494,8 @@ module TaintTracking {
succ = c and
c =
DataFlow::globalVarRef([
"encodeURI", "decodeURI", "encodeURIComponent", "decodeURIComponent", "unescape"
"encodeURI", "decodeURI", "encodeURIComponent", "decodeURIComponent", "unescape",
"escape"
]).getACall() and
pred = c.getArgument(0)
)

8
javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
View File

@@ -892,7 +892,13 @@ module TaintedPath {
TaintTracking::uriStep(node1, node2)
or
exists(DataFlow::CallNode decode |
decode.getCalleeName() = "decodeURIComponent" or decode.getCalleeName() = "decodeURI"
decode =
DataFlow::globalVarRef([
"decodeURIComponent",
"decodeURI",
"escape",
"unescape"
]).getACall()
|
node1 = decode.getArgument(0) and
node2 = decode

2
javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -53,7 +53,7 @@ module Shared {
class UriEncodingSanitizer extends Sanitizer, DataFlow::CallNode {
UriEncodingSanitizer() {
exists(string name | this = DataFlow::globalVarRef(name).getACall() |
name = "encodeURI" or name = "encodeURIComponent"
name in ["encodeURI", "encodeURIComponent", "escape"]
)
}
}

9
javascript/ql/test/library-tests/TypeScript/Types/printAst.expected
View File

@@ -2,9 +2,6 @@ nodes
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} |
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | semmle.order | 1 |
| badTypes.ts:5:11:5:11 | [Identifier] A | semmle.label | [Identifier] A |
| badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.label | [ThisVarTypeAccess] this |
| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.label | [TypeAccess] this.B |
| badTypes.ts:5:26:5:26 | [Identifier] B | semmle.label | [Identifier] B |
| badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | semmle.label | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; |
| badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | semmle.order | 2 |
| badTypes.ts:6:6:6:6 | [Identifier] T | semmle.label | [Identifier] T |
@@ -2171,12 +2168,6 @@ nodes
edges
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:11:5:11 | [Identifier] A | semmle.label | 1 |
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:11:5:11 | [Identifier] A | semmle.order | 1 |
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.label | 2 |
| badTypes.ts:5:1:5:29 | [InterfaceDeclaration,TypeDefinition] interfa ... is.B {} | badTypes.ts:5:21:5:26 | [TypeAccess] this.B | semmle.order | 2 |
| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.label | 1 |
| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:21:5:24 | [ThisVarTypeAccess] this | semmle.order | 1 |
| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:26:5:26 | [Identifier] B | semmle.label | 2 |
| badTypes.ts:5:21:5:26 | [TypeAccess] this.B | badTypes.ts:5:26:5:26 | [Identifier] B | semmle.order | 2 |
| badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:6:6:6 | [Identifier] T | semmle.label | 1 |
| badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:6:6:6 | [Identifier] T | semmle.order | 1 |
| badTypes.ts:6:1:6:24 | [TypeAliasDeclaration,TypeDefinition] type T ... ar.bar; | badTypes.ts:6:10:6:23 | [TypeofTypeExpr] typeof var.bar | semmle.label | 2 |

2
javascript/ql/test/library-tests/TypeScript/Types/tests.expected
View File

@@ -864,8 +864,6 @@ getTypeDefinitionType
| type_definitions.ts:21:1:21:20 | type Alias<T> = T[]; | Alias<T> |
getTypeExprType
| badTypes.ts:5:11:5:11 | A | A |
| badTypes.ts:5:21:5:26 | this.B | any |
| badTypes.ts:5:26:5:26 | B | any |
| badTypes.ts:6:6:6:6 | T | any |
| badTypes.ts:6:10:6:23 | typeof var.bar | any |
| badTypes.ts:6:17:6:19 | var | any |

27
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -45,6 +45,8 @@
| TaintedPath.js:195:29:195:85 | path.re ... '), '') | TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:195:29:195:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:191:24:191:30 | req.url | user-provided value |
| TaintedPath.js:202:29:202:68 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:202:29:202:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
| TaintedPath.js:205:31:205:69 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:205:31:205:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
| TaintedPath.js:214:29:214:42 | improperEscape | TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:214:29:214:42 | improperEscape | This path depends on a $@. | TaintedPath.js:212:24:212:30 | req.url | user-provided value |
| TaintedPath.js:216:29:216:43 | improperEscape2 | TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:216:29:216:43 | improperEscape2 | This path depends on a $@. | TaintedPath.js:212:24:212:30 | req.url | user-provided value |
| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
@@ -320,6 +322,18 @@ edges
| TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:200:14:200:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:202:29:202:32 | path | TaintedPath.js:202:29:202:68 | path.re ... '), '') | provenance | Config |
| TaintedPath.js:205:31:205:34 | path | TaintedPath.js:205:31:205:69 | path.re ... '), '') | provenance | Config |
| TaintedPath.js:212:7:212:48 | path | TaintedPath.js:213:33:213:36 | path | provenance | |
| TaintedPath.js:212:7:212:48 | path | TaintedPath.js:215:36:215:39 | path | provenance | |
| TaintedPath.js:212:14:212:37 | url.par ... , true) | TaintedPath.js:212:14:212:43 | url.par ... ).query | provenance | Config |
| TaintedPath.js:212:14:212:43 | url.par ... ).query | TaintedPath.js:212:14:212:48 | url.par ... ry.path | provenance | Config |
| TaintedPath.js:212:14:212:48 | url.par ... ry.path | TaintedPath.js:212:7:212:48 | path | provenance | |
| TaintedPath.js:212:24:212:30 | req.url | TaintedPath.js:212:14:212:37 | url.par ... , true) | provenance | Config |
| TaintedPath.js:213:9:213:37 | improperEscape | TaintedPath.js:214:29:214:42 | improperEscape | provenance | |
| TaintedPath.js:213:26:213:37 | escape(path) | TaintedPath.js:213:9:213:37 | improperEscape | provenance | |
| TaintedPath.js:213:33:213:36 | path | TaintedPath.js:213:26:213:37 | escape(path) | provenance | Config |
| TaintedPath.js:215:9:215:40 | improperEscape2 | TaintedPath.js:216:29:216:43 | improperEscape2 | provenance | |
| TaintedPath.js:215:27:215:40 | unescape(path) | TaintedPath.js:215:9:215:40 | improperEscape2 | provenance | |
| TaintedPath.js:215:36:215:39 | path | TaintedPath.js:215:27:215:40 | unescape(path) | provenance | Config |
| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:10:36:10:43 | filePath | provenance | |
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config |
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config |
@@ -780,6 +794,19 @@ nodes
| TaintedPath.js:202:29:202:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
| TaintedPath.js:205:31:205:34 | path | semmle.label | path |
| TaintedPath.js:205:31:205:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
| TaintedPath.js:212:7:212:48 | path | semmle.label | path |
| TaintedPath.js:212:14:212:37 | url.par ... , true) | semmle.label | url.par ... , true) |
| TaintedPath.js:212:14:212:43 | url.par ... ).query | semmle.label | url.par ... ).query |
| TaintedPath.js:212:14:212:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| TaintedPath.js:212:24:212:30 | req.url | semmle.label | req.url |
| TaintedPath.js:213:9:213:37 | improperEscape | semmle.label | improperEscape |
| TaintedPath.js:213:26:213:37 | escape(path) | semmle.label | escape(path) |
| TaintedPath.js:213:33:213:36 | path | semmle.label | path |
| TaintedPath.js:214:29:214:42 | improperEscape | semmle.label | improperEscape |
| TaintedPath.js:215:9:215:40 | improperEscape2 | semmle.label | improperEscape2 |
| TaintedPath.js:215:27:215:40 | unescape(path) | semmle.label | unescape(path) |
| TaintedPath.js:215:36:215:39 | path | semmle.label | path |
| TaintedPath.js:216:29:216:43 | improperEscape2 | semmle.label | improperEscape2 |
| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |

7
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
View File

@@ -208,3 +208,10 @@ var server = http.createServer(function(req, res) {
}
});
var srv = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path; // $ Source
const improperEscape = escape(path);
res.write(fs.readFileSync(improperEscape)); // $ Alert
const improperEscape2 = unescape(path);
res.write(fs.readFileSync(improperEscape2)); // $ Alert
});

4
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/string-manipulations.js
View File

@@ -8,5 +8,5 @@ document.write(document.location.href.toUpperCase()); // $ Alert
document.write(document.location.href.trimLeft()); // $ Alert
document.write(String.fromCharCode(document.location.href)); // $ Alert
document.write(String(document.location.href)); // $ Alert
document.write(escape(document.location.href)); // OK - for now
document.write(escape(escape(escape(document.location.href)))); // OK - for now
document.write(escape(document.location.href));
document.write(escape(escape(escape(document.location.href))));

10
misc/codegen/templates/ql_class.mustache
View File

@@ -29,7 +29,15 @@ module Generated {
/**
* Gets the string representation of this element.
*/
string toString() { none() } // overridden by subclasses
cached
final string toString() { result = this.toStringImpl() }
/**
* INTERNAL: Do not use.
*
* Gets the string representation of this element.
*/
abstract string toStringImpl();
/**
* Gets the name of a primary CodeQL class to which this element belongs.

2
rust/ql/.generated.list generated
View File

@@ -504,7 +504,7 @@ lib/codeql/rust/elements/internal/generated/ConstParam.qll 310342603959a4d521418
lib/codeql/rust/elements/internal/generated/ContinueExpr.qll e2010feb14fb6edeb83a991d9357e50edb770172ddfde2e8670b0d3e68169f28 48d09d661e1443002f6d22b8710e22c9c36d9daa9cde09c6366a61e960d717cb
lib/codeql/rust/elements/internal/generated/Crate.qll 2d7124b095738cb13dca8e1c402986ae575062f19104c331a6928dd86f8f01e6 8cd20d12e3a5f9202a12c81479fb9d2741109eb0b74c1541c6aa4258501b0478
lib/codeql/rust/elements/internal/generated/DynTraitTypeRepr.qll a9d540717af1f00dbea1c683fd6b846cddfb2968c7f3e021863276f123337787 1972efb9bca7aae9a9708ca6dcf398e5e8c6d2416a07d525dba1649b80fbe4d1
lib/codeql/rust/elements/internal/generated/Element.qll fb483b636180c699181c8aff83bc471b2c416206694f7028c671015918547663 542d1b9ae80c997974c94db3655887186df3921a8fa3f565eaf292dcfdac3c4c
lib/codeql/rust/elements/internal/generated/Element.qll 69ce882811f2bef7e0a93c0a24494dd16120a108ba4180d455344e29144a98c4 7781bc5c69b5b08775902fcb97cb23f85359ef2303545afe9d44301b19024b3a
lib/codeql/rust/elements/internal/generated/Enum.qll 4f4cbc9cd758c20d476bc767b916c62ba434d1750067d0ffb63e0821bb95ec86 3da735d54022add50cec0217bbf8ec4cf29b47f4851ee327628bcdd6454989d0
lib/codeql/rust/elements/internal/generated/Expr.qll 5fa34f2ed21829a1509417440dae42d416234ff43433002974328e7aabb8f30f 46f3972c7413b7db28a3ea8acb5a50a74b6dd9b658e8725f6953a8829ac912f8
lib/codeql/rust/elements/internal/generated/ExprStmt.qll d1112230015fbeb216b43407a268dc2ccd0f9e0836ab2dca4800c51b38fa1d7d 4a80562dcc55efa5e72c6c3b1d6747ab44fe494e76faff2b8f6e9f10a4b08b5b

7
rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll
View File

@@ -126,8 +126,11 @@ private predicate cannotCauseMatchFailure(Pat pat) {
pat instanceof RangePat or
// Identifier patterns that are in fact path patterns can cause failures. For
// instance `None`. Only if an `@ ...` part is present can we be sure that
// it's an actual identifier pattern.
pat = any(IdentPat p | p.hasPat()) or
// it's an actual identifier pattern. As a heuristic, if the identifier starts
// with a lower case letter, then we assume that it's an identifier. This
// works for code that follows the Rust naming convention for enums and
// constants.
pat = any(IdentPat p | p.hasPat() or p.getName().getText().charAt(0).isLowercase()) or
pat instanceof WildcardPat or
pat instanceof RestPat or
pat instanceof RefPat or

21
rust/ql/lib/codeql/rust/dataflow/DataFlow.qll
View File

@@ -6,7 +6,8 @@
private import rust
private import codeql.dataflow.DataFlow
private import internal.DataFlowImpl as DataFlowImpl
private import DataFlowImpl::Node as Node
private import internal.Node as Node
private import internal.Content as Content
/**
* Provides classes for performing local (intra-procedural) and global
@@ -23,9 +24,23 @@ module DataFlow {
final class PostUpdateNode = Node::PostUpdateNodePublic;
final class Content = DataFlowImpl::Content;
final class Content = Content::Content;
final class ContentSet = DataFlowImpl::ContentSet;
final class FieldContent = Content::FieldContent;
final class TuplePositionContent = Content::TuplePositionContent;
final class TupleFieldContent = Content::TupleFieldContent;
final class RecordFieldContent = Content::RecordFieldContent;
final class ReferenceContent = Content::ReferenceContent;
final class ElementContent = Content::ElementContent;
final class FutureContent = Content::FutureContent;
final class ContentSet = Content::ContentSet;
/**
* Holds if data flows from `nodeFrom` to `nodeTo` in exactly one local

239
rust/ql/lib/codeql/rust/dataflow/internal/Content.qll Normal file
View File

@@ -0,0 +1,239 @@
/**
* Provides the `Content` class and subclasses thereof.
*/
private import rust
private import codeql.rust.controlflow.CfgNodes
private import DataFlowImpl
/**
* A path to a value contained in an object. For example a field name of a struct.
*/
abstract class Content extends TContent {
/** Gets a textual representation of this content. */
abstract string toString();
/** Gets the location of this content. */
abstract Location getLocation();
}
/** A field belonging to either a variant or a struct. */
abstract class FieldContent extends Content {
/** Gets an access to this field. */
pragma[nomagic]
abstract FieldExprCfgNode getAnAccess();
}
/** A tuple field belonging to either a variant or a struct. */
class TupleFieldContent extends FieldContent, TTupleFieldContent {
private TupleField field;
TupleFieldContent() { this = TTupleFieldContent(field) }
/** Holds if this field belongs to an enum variant. */
predicate isVariantField(Variant v, int pos) { field.isVariantField(v, pos) }
/** Holds if this field belongs to a struct. */
predicate isStructField(Struct s, int pos) { field.isStructField(s, pos) }
override FieldExprCfgNode getAnAccess() { field = result.getFieldExpr().getTupleField() }
final override string toString() {
exists(Variant v, int pos, string vname |
this.isVariantField(v, pos) and
vname = v.getName().getText() and
// only print indices when the arity is > 1
if exists(v.getTupleField(1)) then result = vname + "(" + pos + ")" else result = vname
)
or
exists(Struct s, int pos, string sname |
this.isStructField(s, pos) and
sname = s.getName().getText() and
// only print indices when the arity is > 1
if exists(s.getTupleField(1)) then result = sname + "(" + pos + ")" else result = sname
)
}
final override Location getLocation() { result = field.getLocation() }
}
/** A record field belonging to either a variant or a struct. */
class RecordFieldContent extends FieldContent, TRecordFieldContent {
private RecordField field;
RecordFieldContent() { this = TRecordFieldContent(field) }
/** Holds if this field belongs to an enum variant. */
predicate isVariantField(Variant v, string name) { field.isVariantField(v, name) }
/** Holds if this field belongs to a struct. */
predicate isStructField(Struct s, string name) { field.isStructField(s, name) }
override FieldExprCfgNode getAnAccess() { field = result.getFieldExpr().getRecordField() }
final override string toString() {
exists(Variant v, string name, string vname |
this.isVariantField(v, name) and
vname = v.getName().getText() and
// only print field when the arity is > 1
if strictcount(v.getRecordField(_)) > 1 then result = vname + "." + name else result = vname
)
or
exists(Struct s, string name, string sname |
this.isStructField(s, name) and
sname = s.getName().getText() and
// only print field when the arity is > 1
if strictcount(s.getRecordField(_)) > 1 then result = sname + "." + name else result = sname
)
}
final override Location getLocation() { result = field.getLocation() }
}
/** A captured variable. */
final class CapturedVariableContent extends Content, TCapturedVariableContent {
private Variable v;
CapturedVariableContent() { this = TCapturedVariableContent(v) }
/** Gets the captured variable. */
Variable getVariable() { result = v }
override string toString() { result = "captured " + v }
override Location getLocation() { result = v.getLocation() }
}
/** A value referred to by a reference. */
final class ReferenceContent extends Content, TReferenceContent {
override string toString() { result = "&ref" }
override Location getLocation() { result instanceof EmptyLocation }
}
/**
* An element in a collection where we do not track the specific collection
* type nor the placement of the element in the collection. Therefore the
* collection should be one where the elements are reasonably homogeneous,
* i.e., if one is tainted all elements are considered tainted.
*
* Examples include the elements of a set, array, vector, or stack.
*/
final class ElementContent extends Content, TElementContent {
override string toString() { result = "element" }
override Location getLocation() { result instanceof EmptyLocation }
}
/**
* A value that a future resolves to.
*/
final class FutureContent extends Content, TFutureContent {
override string toString() { result = "future" }
override Location getLocation() { result instanceof EmptyLocation }
}
/**
* Content stored at a position in a tuple.
*
* NOTE: Unlike `struct`s and `enum`s tuples are structural and not nominal,
* hence we don't store a canonical path for them.
*/
final class TuplePositionContent extends FieldContent, TTuplePositionContent {
private int pos;
TuplePositionContent() { this = TTuplePositionContent(pos) }
/** Gets the index of this tuple position. */
int getPosition() { result = pos }
override FieldExprCfgNode getAnAccess() {
// TODO: limit to tuple types
result.getNameRef().getText().toInt() = pos
}
override string toString() { result = "tuple." + pos.toString() }
override Location getLocation() { result instanceof EmptyLocation }
}
/**
* A content for the index of an argument to at function call.
*
* Used by the model generator to create flow summaries for higher-order
* functions.
*/
final class FunctionCallArgumentContent extends Content, TFunctionCallArgumentContent {
private int pos;
FunctionCallArgumentContent() { this = TFunctionCallArgumentContent(pos) }
int getPosition() { result = pos }
override string toString() { result = "function argument at " + pos }
override Location getLocation() { result instanceof EmptyLocation }
}
/**
* A content for the return value of function call.
*
* Used by the model generator to create flow summaries for higher-order
* functions.
*/
final class FunctionCallReturnContent extends Content, TFunctionCallReturnContent {
override string toString() { result = "function return" }
override Location getLocation() { result instanceof EmptyLocation }
}
/** A value that represents a set of `Content`s. */
abstract class ContentSet extends TContentSet {
/** Gets a textual representation of this element. */
abstract string toString();
/** Gets a content that may be stored into when storing into this set. */
abstract Content getAStoreContent();
/** Gets a content that may be read from when reading from this set. */
abstract Content getAReadContent();
}
final class SingletonContentSet extends ContentSet, TSingletonContentSet {
private Content c;
SingletonContentSet() { this = TSingletonContentSet(c) }
Content getContent() { result = c }
override string toString() { result = c.toString() }
override Content getAStoreContent() { result = c }
override Content getAReadContent() { result = c }
}
private import codeql.rust.internal.CachedStages
cached
newtype TContent =
TTupleFieldContent(TupleField field) { Stages::DataFlowStage::ref() } or
TRecordFieldContent(RecordField field) or
// TODO: Remove once library types are extracted
TVariantInLibTupleFieldContent(VariantInLib::VariantInLib v, int pos) { pos = v.getAPosition() } or
TElementContent() or
TFutureContent() or
TTuplePositionContent(int pos) {
pos in [0 .. max([
any(TuplePat pat).getNumberOfFields(),
any(FieldExpr access).getNameRef().getText().toInt()
]
)]
} or
TFunctionCallReturnContent() or
TFunctionCallArgumentContent(int pos) {
pos in [0 .. any(CallExpr c).getArgList().getNumberOfArgs() - 1]
} or
TCapturedVariableContent(VariableCapture::CapturedVariable v) or
TReferenceContent()

1
rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll
View File

@@ -1,6 +1,7 @@
import codeql.rust.dataflow.DataFlow::DataFlow as DataFlow
private import rust
private import codeql.rust.dataflow.internal.DataFlowImpl
private import codeql.rust.dataflow.internal.Node as Node
private import codeql.rust.dataflow.internal.TaintTrackingImpl
private import codeql.dataflow.internal.DataFlowImplConsistency

807
rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
View File

File diff suppressed because it is too large Load Diff

1
rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -7,6 +7,7 @@ private import codeql.dataflow.internal.FlowSummaryImpl
private import codeql.dataflow.internal.AccessPathSyntax as AccessPath
private import codeql.rust.dataflow.internal.DataFlowImpl
private import codeql.rust.dataflow.FlowSummary
private import Content
module Input implements InputSig<Location, RustDataFlow> {
private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl

480
rust/ql/lib/codeql/rust/dataflow/internal/Node.qll Normal file
View File

@@ -0,0 +1,480 @@
/**
* Provides the `Node` class and subclasses thereof.
*
* Classes with names ending in `Public` are exposed as `final` aliases in the
* public `DataFlow` API, so they should not expose internal implementation details.
*/
private import codeql.util.Boolean
private import codeql.dataflow.DataFlow
private import codeql.dataflow.internal.DataFlowImpl
private import rust
private import SsaImpl as SsaImpl
private import codeql.rust.controlflow.ControlFlowGraph
private import codeql.rust.controlflow.CfgNodes
private import codeql.rust.dataflow.Ssa
private import codeql.rust.dataflow.FlowSummary
private import Node as Node
private import DataFlowImpl
private import FlowSummaryImpl as FlowSummaryImpl
/** An element, viewed as a node in a data flow graph. */
abstract class NodePublic extends TNode {
/** Gets the location of this node. */
abstract Location getLocation();
/** Gets a textual representation of this node. */
abstract string toString();
/**
* Gets the expression that corresponds to this node, if any.
*/
ExprCfgNode asExpr() { none() }
/**
* Gets the parameter that corresponds to this node, if any.
*/
ParamBase asParameter() { result = this.(SourceParameterNode).getParameter().getParamBase() }
/**
* Gets the pattern that corresponds to this node, if any.
*/
PatCfgNode asPat() { none() }
}
abstract class Node extends NodePublic {
/** Gets the enclosing callable. */
DataFlowCallable getEnclosingCallable() { result = TCfgScope(this.getCfgScope()) }
/** Do not call: use `getEnclosingCallable()` instead. */
abstract CfgScope getCfgScope();
/**
* Gets the control flow node that corresponds to this data flow node.
*/
CfgNode getCfgNode() { none() }
}
/** A node type that is not implemented. */
final class NaNode extends Node {
NaNode() { none() }
override CfgScope getCfgScope() { none() }
override string toString() { result = "N/A" }
override Location getLocation() { none() }
}
/** A data flow node used to model flow summaries. */
class FlowSummaryNode extends Node, TFlowSummaryNode {
FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) }
/** Gets the summarized callable that this node belongs to, if any. */
FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() {
result = this.getSummaryNode().getSummarizedCallable()
}
/** Gets the AST source node that this node belongs to, if any */
FlowSummaryImpl::Public::SourceElement getSourceElement() {
result = this.getSummaryNode().getSourceElement()
}
/** Gets the AST sink node that this node belongs to, if any */
FlowSummaryImpl::Public::SinkElement getSinkElement() {
result = this.getSummaryNode().getSinkElement()
}
/** Holds is this node is a source node of kind `kind`. */
predicate isSource(string kind, string model) {
this.getSummaryNode().(FlowSummaryImpl::Private::SourceOutputNode).isEntry(kind, model)
}
/** Holds is this node is a sink node of kind `kind`. */
predicate isSink(string kind, string model) {
this.getSummaryNode().(FlowSummaryImpl::Private::SinkInputNode).isExit(kind, model)
}
override CfgScope getCfgScope() {
result = this.getSummaryNode().getSourceElement().getEnclosingCfgScope()
or
result = this.getSummaryNode().getSinkElement().getEnclosingCfgScope()
}
override DataFlowCallable getEnclosingCallable() {
result.asLibraryCallable() = this.getSummarizedCallable()
or
result.asCfgScope() = this.getCfgScope()
}
override Location getLocation() {
exists(this.getSummarizedCallable()) and
result instanceof EmptyLocation
or
result = this.getSourceElement().getLocation()
or
result = this.getSinkElement().getLocation()
}
override string toString() { result = this.getSummaryNode().toString() }
}
/** A data flow node that corresponds directly to a CFG node for an AST node. */
abstract class AstCfgFlowNode extends Node {
AstCfgNode n;
final override CfgNode getCfgNode() { result = n }
final override CfgScope getCfgScope() { result = n.getAstNode().getEnclosingCfgScope() }
final override Location getLocation() { result = n.getAstNode().getLocation() }
final override string toString() { result = n.getAstNode().toString() }
}
/**
* A node in the data flow graph that corresponds to an expression in the
* AST.
*
* Note that because of control flow splitting, one `Expr` may correspond
* to multiple `ExprNode`s, just like it may correspond to multiple
* `ControlFlow::Node`s.
*/
class ExprNode extends AstCfgFlowNode, TExprNode {
override ExprCfgNode n;
ExprNode() { this = TExprNode(n) }
override ExprCfgNode asExpr() { result = n }
}
final class PatNode extends AstCfgFlowNode, TPatNode {
override PatCfgNode n;
PatNode() { this = TPatNode(n) }
override PatCfgNode asPat() { result = n }
}
/** A data flow node that corresponds to a name node in the CFG. */
final class NameNode extends AstCfgFlowNode, TNameNode {
override NameCfgNode n;
NameNode() { this = TNameNode(n) }
NameCfgNode asName() { result = n }
}
/**
* The value of a parameter at function entry, viewed as a node in a data
* flow graph.
*/
abstract class ParameterNode extends Node {
/** Holds if this node is a parameter of `c` at position `pos`. */
abstract predicate isParameterOf(DataFlowCallable c, ParameterPosition pos);
}
final class SourceParameterNode extends AstCfgFlowNode, ParameterNode, TSourceParameterNode {
override ParamBaseCfgNode n;
SourceParameterNode() { this = TSourceParameterNode(n) }
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
n.getAstNode() = pos.getParameterIn(c.asCfgScope().(Callable).getParamList())
}
/** Get the parameter position of this parameter. */
ParameterPosition getPosition() { this.isParameterOf(_, result) }
/** Gets the parameter in the CFG that this node corresponds to. */
ParamBaseCfgNode getParameter() { result = n }
}
/** A parameter for a library callable with a flow summary. */
final class SummaryParameterNode extends ParameterNode, FlowSummaryNode {
private ParameterPosition pos_;
SummaryParameterNode() {
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), pos_)
}
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
this.getSummarizedCallable() = c.asLibraryCallable() and pos = pos_
}
}
/**
* The run-time representation of a closure itself at function entry, viewed
* as a node in a data flow graph.
*/
final class ClosureParameterNode extends ParameterNode, TClosureSelfReferenceNode {
private CfgScope cfgScope;
ClosureParameterNode() { this = TClosureSelfReferenceNode(cfgScope) }
final override CfgScope getCfgScope() { result = cfgScope }
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
cfgScope = c.asCfgScope() and pos.isClosureSelf()
}
override Location getLocation() { result = cfgScope.getLocation() }
override string toString() { result = "closure self in " + cfgScope }
}
abstract class ArgumentNode extends Node {
abstract predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos);
}
final class ExprArgumentNode extends ArgumentNode, ExprNode {
private CallExprBaseCfgNode call_;
private RustDataFlow::ArgumentPosition pos_;
ExprArgumentNode() { isArgumentForCall(n, call_, pos_) }
override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
call.asCallBaseExprCfgNode() = call_ and pos = pos_
}
}
/**
* The receiver of a method call _after_ any implicit borrow or dereferencing
* has taken place.
*/
final class ReceiverNode extends ArgumentNode, TReceiverNode {
private MethodCallExprCfgNode n;
ReceiverNode() { this = TReceiverNode(n, false) }
ExprCfgNode getReceiver() { result = n.getReceiver() }
MethodCallExprCfgNode getMethodCall() { result = n }
override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
call.asMethodCallExprCfgNode() = n and pos = TSelfParameterPosition()
}
override CfgScope getCfgScope() { result = n.getAstNode().getEnclosingCfgScope() }
override Location getLocation() { result = this.getReceiver().getLocation() }
override string toString() { result = "receiver for " + this.getReceiver() }
}
final class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode {
private FlowSummaryImpl::Private::SummaryNode receiver;
private RustDataFlow::ArgumentPosition pos_;
SummaryArgumentNode() {
FlowSummaryImpl::Private::summaryArgumentNode(receiver, this.getSummaryNode(), pos_)
}
override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
call.isSummaryCall(_, receiver) and pos = pos_
}
}
/**
* A data flow node that represents the run-time representation of a closure
* passed into the closure body at an invocation.
*/
final class ClosureArgumentNode extends ArgumentNode, ExprNode {
private CallExprCfgNode call_;
ClosureArgumentNode() { lambdaCallExpr(call_, _, this.asExpr()) }
override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
call.asCallExprCfgNode() = call_ and
pos.isClosureSelf()
}
}
/** An SSA node. */
class SsaNode extends Node, TSsaNode {
SsaImpl::DataFlowIntegration::SsaNode node;
SsaNode() { this = TSsaNode(node) }
override CfgScope getCfgScope() { result = node.getBasicBlock().getScope() }
/** Gets the definition this node corresponds to, if any. */
SsaImpl::Definition asDefinition() {
result = node.(SsaImpl::DataFlowIntegration::SsaDefinitionNode).getDefinition()
}
override Location getLocation() { result = node.getLocation() }
override string toString() { result = "[SSA] " + node.toString() }
}
/** A data flow node that represents a value returned by a callable. */
abstract class ReturnNode extends Node {
abstract ReturnKind getKind();
}
final class ExprReturnNode extends ExprNode, ReturnNode {
ExprReturnNode() { this.getCfgNode().getASuccessor() instanceof AnnotatedExitCfgNode }
override ReturnKind getKind() { result = TNormalReturnKind() }
}
final class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
private ReturnKind rk;
SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), rk) }
override ReturnKind getKind() { result = rk }
}
/** A data flow node that represents the output of a call. */
abstract class OutNode extends Node {
/** Gets the underlying call for this node. */
abstract DataFlowCall getCall(ReturnKind kind);
}
final private class ExprOutNode extends ExprNode, OutNode {
ExprOutNode() { this.asExpr() instanceof CallExprBaseCfgNode }
/** Gets the underlying call CFG node that includes this out node. */
override DataFlowCall getCall(ReturnKind kind) {
result.asCallBaseExprCfgNode() = this.getCfgNode() and
kind = TNormalReturnKind()
}
}
final class SummaryOutNode extends FlowSummaryNode, OutNode {
private DataFlowCall call;
private ReturnKind kind_;
SummaryOutNode() {
exists(FlowSummaryImpl::Private::SummaryNode receiver |
call.isSummaryCall(_, receiver) and
FlowSummaryImpl::Private::summaryOutNode(receiver, this.getSummaryNode(), kind_)
)
}
override DataFlowCall getCall(ReturnKind kind) { result = call and kind = kind_ }
}
/**
* A synthesized data flow node representing a closure object that tracks
* captured variables.
*/
class CaptureNode extends Node, TCaptureNode {
private VariableCapture::Flow::SynthesizedCaptureNode cn;
CaptureNode() { this = TCaptureNode(cn) }
VariableCapture::Flow::SynthesizedCaptureNode getSynthesizedCaptureNode() { result = cn }
override CfgScope getCfgScope() { result = cn.getEnclosingCallable() }
override Location getLocation() { result = cn.getLocation() }
override string toString() { result = cn.toString() }
}
/**
* A node associated with an object after an operation that might have
* changed its state.
*
* This can be either the argument to a callable after the callable returns
* (which might have mutated the argument), or the qualifier of a field after
* an update to the field.
*
* Nodes corresponding to AST elements, for example `ExprNode`, usually refer
* to the value before the update.
*/
abstract class PostUpdateNodePublic extends NodePublic {
/** Gets the node before the state update. */
abstract NodePublic getPreUpdateNode();
}
abstract class PostUpdateNode extends PostUpdateNodePublic, Node {
override string toString() { result = "[post] " + this.getPreUpdateNode().toString() }
}
final class ExprPostUpdateNode extends PostUpdateNode, TExprPostUpdateNode {
private ExprCfgNode n;
ExprPostUpdateNode() { this = TExprPostUpdateNode(n) }
override Node getPreUpdateNode() { result = TExprNode(n) }
override CfgScope getCfgScope() { result = n.getScope() }
override Location getLocation() { result = n.getLocation() }
}
final class ReceiverPostUpdateNode extends PostUpdateNode, TReceiverNode {
private MethodCallExprCfgNode n;
ReceiverPostUpdateNode() { this = TReceiverNode(n, true) }
override Node getPreUpdateNode() { result = TReceiverNode(n, false) }
override CfgScope getCfgScope() { result = n.getAstNode().getEnclosingCfgScope() }
override Location getLocation() { result = n.getReceiver().getLocation() }
}
final class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNode {
private FlowSummaryNode pre;
SummaryPostUpdateNode() {
FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(), pre.getSummaryNode())
}
override Node getPreUpdateNode() { result = pre }
final override string toString() { result = PostUpdateNode.super.toString() }
}
private class CapturePostUpdateNode extends PostUpdateNode, CaptureNode {
private CaptureNode pre;
CapturePostUpdateNode() {
VariableCapture::Flow::capturePostUpdateNode(this.getSynthesizedCaptureNode(),
pre.getSynthesizedCaptureNode())
}
override Node getPreUpdateNode() { result = pre }
final override string toString() { result = PostUpdateNode.super.toString() }
}
final class CastNode = NaNode;
private import codeql.rust.internal.CachedStages
cached
newtype TNode =
TExprNode(ExprCfgNode n) { Stages::DataFlowStage::ref() } or
TSourceParameterNode(ParamBaseCfgNode p) or
TPatNode(PatCfgNode p) or
TNameNode(NameCfgNode n) { n.getName() = any(Variable v).getName() } or
TExprPostUpdateNode(ExprCfgNode e) {
isArgumentForCall(e, _, _)
or
lambdaCallExpr(_, _, e)
or
lambdaCreationExpr(e.getExpr(), _)
or
// Whenever `&mut e` has a post-update node we also create one for `e`.
// E.g., for `e` in `f(..., &mut e, ...)` or `*(&mut e) = ...`.
e = any(RefExprCfgNode ref | ref.isMut() and exists(TExprPostUpdateNode(ref))).getExpr()
or
e =
[
any(IndexExprCfgNode i).getBase(), any(FieldExprCfgNode access).getExpr(),
any(TryExprCfgNode try).getExpr(),
any(PrefixExprCfgNode pe | pe.getOperatorName() = "*").getExpr(),
any(AwaitExprCfgNode a).getExpr(), any(MethodCallExprCfgNode mc).getReceiver()
]
} or
TReceiverNode(MethodCallExprCfgNode mc, Boolean isPost) or
TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or
TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c, _) } or
TCaptureNode(VariableCapture::Flow::SynthesizedCaptureNode cn)

2
rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
View File

@@ -4,6 +4,8 @@ private import codeql.rust.controlflow.CfgNodes
private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.FlowSummary
private import DataFlowImpl
private import Node as Node
private import Content
private import FlowSummaryImpl as FlowSummaryImpl
private import codeql.rust.internal.CachedStages

2
rust/ql/lib/codeql/rust/elements/internal/ArrayListExprImpl.qll
View File

@@ -22,6 +22,6 @@ module Impl {
* ```
*/
class ArrayListExpr extends Generated::ArrayListExpr {
override string toString() { result = "[...]" }
override string toStringImpl() { result = "[...]" }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/ArrayRepeatExprImpl.qll
View File

@@ -21,7 +21,7 @@ module Impl {
* ```
*/
class ArrayRepeatExpr extends Generated::ArrayRepeatExpr {
override string toString() {
override string toStringImpl() {
result =
"[" + this.getRepeatOperand().toAbbreviatedString() + "; " +
this.getRepeatLength().toAbbreviatedString() + "]"

2
rust/ql/lib/codeql/rust/elements/internal/AwaitExprImpl.qll
View File

@@ -22,6 +22,6 @@ module Impl {
* ```
*/
class AwaitExpr extends Generated::AwaitExpr {
override string toString() { result = "await " + this.getExpr().toAbbreviatedString() }
override string toStringImpl() { result = "await " + this.getExpr().toAbbreviatedString() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/BecomeExprImpl.qll
View File

@@ -25,6 +25,6 @@ module Impl {
* ```
*/
class BecomeExpr extends Generated::BecomeExpr {
override string toString() { result = "become " + this.getExpr().toAbbreviatedString() }
override string toStringImpl() { result = "become " + this.getExpr().toAbbreviatedString() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/BinaryExprImpl.qll
View File

@@ -23,6 +23,6 @@ module Impl {
* ```
*/
class BinaryExpr extends Generated::BinaryExpr {
override string toString() { result = "... " + this.getOperatorName() + " ..." }
override string toStringImpl() { result = "... " + this.getOperatorName() + " ..." }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/BoxPatImpl.qll
View File

@@ -22,6 +22,6 @@ module Impl {
* ```
*/
class BoxPat extends Generated::BoxPat {
override string toString() { result = "box " + this.getPat().toAbbreviatedString() }
override string toStringImpl() { result = "box " + this.getPat().toAbbreviatedString() }
}
}

4
rust/ql/lib/codeql/rust/elements/internal/BreakExprImpl.qll
View File

@@ -104,14 +104,14 @@ module Impl {
)
}
override string toString() {
override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i), " " order by i)
}
private string toStringPart(int index) {
index = 0 and result = "break"
or
index = 1 and result = this.getLifetime().toString()
index = 1 and result = this.getLifetime().toStringImpl()
or
index = 2 and result = this.getExpr().toAbbreviatedString()
}

2
rust/ql/lib/codeql/rust/elements/internal/CallExprImpl.qll
View File

@@ -34,7 +34,7 @@ module Impl {
* ```
*/
class CallExpr extends Generated::CallExpr {
override string toString() { result = this.getFunction().toAbbreviatedString() + "(...)" }
override string toStringImpl() { result = this.getFunction().toAbbreviatedString() + "(...)" }
override Callable getStaticTarget() { result = getResolvedFunction(this) }

2
rust/ql/lib/codeql/rust/elements/internal/CastExprImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class CastExpr extends Generated::CastExpr {
override string toString() {
override string toStringImpl() {
result =
this.getExpr().toAbbreviatedString() + " as " + this.getTypeRepr().toAbbreviatedString()
}

2
rust/ql/lib/codeql/rust/elements/internal/ClosureExprImpl.qll
View File

@@ -25,6 +25,6 @@ module Impl {
* ```
*/
class ClosureExpr extends Generated::ClosureExpr {
override string toString() { result = "|...| " + this.getBody().toAbbreviatedString() }
override string toStringImpl() { result = "|...| " + this.getBody().toAbbreviatedString() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/CommentImpl.qll
View File

@@ -20,7 +20,7 @@ module Impl {
* ```
*/
class Comment extends Generated::Comment {
override string toString() {
override string toStringImpl() {
result = this.getCommentMarker() + "..." + this.getCommentEndMarker()
}

2
rust/ql/lib/codeql/rust/elements/internal/ContinueExprImpl.qll
View File

@@ -49,7 +49,7 @@ module Impl {
* ```
*/
class ContinueExpr extends Generated::ContinueExpr {
override string toString() {
override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i), " " order by i)
}

4
rust/ql/lib/codeql/rust/elements/internal/CrateImpl.qll
View File

@@ -14,7 +14,9 @@ module Impl {
private import rust
class Crate extends Generated::Crate {
override string toString() { result = strictconcat(int i | | this.toStringPart(i) order by i) }
override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i) order by i)
}
private string toStringPart(int i) {
i = 0 and result = "Crate("

6
rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll
View File

@@ -12,13 +12,13 @@ private import codeql.rust.elements.internal.generated.Element
*/
module Impl {
class Element extends Generated::Element {
override string toString() { result = this.getAPrimaryQlClass() }
override string toStringImpl() { result = this.getAPrimaryQlClass() }
/**
* INTERNAL: Do not use.
*
* Returns a string suitable to be inserted into the name of the parent. Typically `"..."`,
* but may be overridden by subclasses.
*
* INTERNAL: Do not use.
*/
string toAbbreviatedString() { result = "..." }

2
rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll
View File

@@ -19,6 +19,6 @@ module Impl {
* ```
*/
class Enum extends Generated::Enum {
override string toString() { result = "enum " + this.getName().getText() }
override string toStringImpl() { result = "enum " + this.getName().getText() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/ExtractorStepImpl.qll
View File

@@ -12,7 +12,7 @@ private import codeql.rust.elements.internal.generated.ExtractorStep
*/
module Impl {
class ExtractorStep extends Generated::ExtractorStep {
override string toString() {
override string toStringImpl() {
result = this.getAction() + "(" + this.getFile().getAbsolutePath() + ")"
or
not this.hasFile() and result = this.getAction()

2
rust/ql/lib/codeql/rust/elements/internal/FieldExprImpl.qll
View File

@@ -28,7 +28,7 @@ module Impl {
/** Gets the tuple field that this access references, if any. */
TupleField getTupleField() { result = TypeInference::resolveTupleFieldExpr(this) }
override string toString() {
override string toStringImpl() {
exists(string abbr, string name |
abbr = this.getExpr().toAbbreviatedString() and
name = this.getNameRef().getText() and

2
rust/ql/lib/codeql/rust/elements/internal/FormatArgumentImpl.qll
View File

@@ -36,7 +36,7 @@ module Impl {
FormatArgument() { this = Synth::TFormatArgument(parent, index, kind, name, _, offset) }
override string toString() { result = name }
override string toStringImpl() { result = name }
override Format getParent() { result = Synth::TFormat(parent, index, _, _) }

2
rust/ql/lib/codeql/rust/elements/internal/FormatImpl.qll
View File

@@ -36,7 +36,7 @@ module Impl {
Format() { this = Synth::TFormat(parent, index, text, offset) }
override string toString() { result = text }
override string toStringImpl() { result = text }
override FormatArgsExpr getParent() { result = Synth::convertFormatArgsExprFromRaw(parent) }

2
rust/ql/lib/codeql/rust/elements/internal/FormatTemplateVariableAccessImpl.qll
View File

@@ -29,7 +29,7 @@ module Impl {
override Location getLocation() { result = argument.getLocation() }
override string toString() { result = this.getName() }
override string toStringImpl() { result = this.getName() }
/** Gets the name of the variable */
string getName() { result = argument.getName() }

2
rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll
View File

@@ -25,6 +25,6 @@ module Impl {
* ```
*/
class Function extends Generated::Function {
override string toString() { result = "fn " + this.getName().getText() }
override string toStringImpl() { result = "fn " + this.getName().getText() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/GenericArgListImpl.qll
View File

@@ -21,7 +21,7 @@ module Impl {
* ```
*/
class GenericArgList extends Generated::GenericArgList {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = "<...>" }

2
rust/ql/lib/codeql/rust/elements/internal/GenericParamListImpl.qll
View File

@@ -21,7 +21,7 @@ module Impl {
* ```
*/
class GenericParamList extends Generated::GenericParamList {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = "<...>" }

2
rust/ql/lib/codeql/rust/elements/internal/IdentPatImpl.qll
View File

@@ -28,7 +28,7 @@ module Impl {
* ```
*/
class IdentPat extends Generated::IdentPat {
override string toString() {
override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i), " " order by i)
}

4
rust/ql/lib/codeql/rust/elements/internal/IfExprImpl.qll
View File

@@ -28,7 +28,9 @@ module Impl {
* ```
*/
class IfExpr extends Generated::IfExpr {
override string toString() { result = concat(int i | | this.toStringPart(i), " " order by i) }
override string toStringImpl() {
result = concat(int i | | this.toStringPart(i), " " order by i)
}
private string toStringPart(int index) {
index = 0 and result = "if"

2
rust/ql/lib/codeql/rust/elements/internal/ImplImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class Impl extends Generated::Impl {
override string toString() {
override string toStringImpl() {
exists(string trait |
(
trait = this.getTrait().toAbbreviatedString() + " for "

2
rust/ql/lib/codeql/rust/elements/internal/IndexExprImpl.qll
View File

@@ -20,7 +20,7 @@ module Impl {
* ```
*/
class IndexExpr extends Generated::IndexExpr {
override string toString() {
override string toStringImpl() {
result =
this.getBase().toAbbreviatedString() + "[" + this.getIndex().toAbbreviatedString() + "]"
}

2
rust/ql/lib/codeql/rust/elements/internal/InferTypeReprImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class InferTypeRepr extends Generated::InferTypeRepr {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = "_" }
}

2
rust/ql/lib/codeql/rust/elements/internal/LabelImpl.qll
View File

@@ -22,7 +22,7 @@ module Impl {
* ```
*/
class Label extends Generated::Label {
override string toString() { result = this.getText() }
override string toStringImpl() { result = this.getText() }
override string toAbbreviatedString() { result = this.getText() }

2
rust/ql/lib/codeql/rust/elements/internal/LabelableExprImpl.qll
View File

@@ -16,7 +16,7 @@ module Impl {
* The base class for expressions that can be labeled (`LoopExpr`, `ForExpr`, `WhileExpr` or `BlockExpr`).
*/
class LabelableExpr extends Generated::LabelableExpr {
final override string toString() {
final override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i), " " order by i)
}

2
rust/ql/lib/codeql/rust/elements/internal/LetElseImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class LetElse extends Generated::LetElse {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = "else {...}" }
}

4
rust/ql/lib/codeql/rust/elements/internal/LetExprImpl.qll
View File

@@ -21,7 +21,9 @@ module Impl {
* ```
*/
class LetExpr extends Generated::LetExpr {
override string toString() { result = concat(int i | | this.toStringPart(i), " " order by i) }
override string toStringImpl() {
result = concat(int i | | this.toStringPart(i), " " order by i)
}
private string toStringPart(int index) {
index = 0 and result = "let"

2
rust/ql/lib/codeql/rust/elements/internal/LetStmtImpl.qll
View File

@@ -26,7 +26,7 @@ module Impl {
* ```
*/
class LetStmt extends Generated::LetStmt {
override string toString() {
override string toStringImpl() {
result = strictconcat(int i | | this.toStringPart(i), " " order by i)
}

2
rust/ql/lib/codeql/rust/elements/internal/LifetimeImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class Lifetime extends Generated::Lifetime {
override string toString() {
override string toStringImpl() {
result = "'" + this.getText()
or
not this.hasText() and result = "'_"

2
rust/ql/lib/codeql/rust/elements/internal/LiteralExprImpl.qll
View File

@@ -26,7 +26,7 @@ module Impl {
* ```
*/
class LiteralExpr extends Generated::LiteralExpr {
override string toString() { result = this.getTrimmedText() }
override string toStringImpl() { result = this.getTrimmedText() }
override string toAbbreviatedString() { result = this.getTrimmedText() }

2
rust/ql/lib/codeql/rust/elements/internal/LiteralPatImpl.qll
View File

@@ -22,7 +22,7 @@ module Impl {
* ```
*/
class LiteralPat extends Generated::LiteralPat {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = this.getLiteral().getTrimmedText() }
}

2
rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll
View File

@@ -19,6 +19,6 @@ module Impl {
* ```
*/
class MacroCall extends Generated::MacroCall {
override string toString() { result = this.getPath().toAbbreviatedString() + "!..." }
override string toStringImpl() { result = this.getPath().toAbbreviatedString() + "!..." }
}
}

4
rust/ql/lib/codeql/rust/elements/internal/MatchArmImpl.qll
View File

@@ -28,7 +28,9 @@ module Impl {
* ```
*/
class MatchArm extends Generated::MatchArm {
override string toString() { result = concat(int i | | this.toStringPart(i), " " order by i) }
override string toStringImpl() {
result = concat(int i | | this.toStringPart(i), " " order by i)
}
private string toStringPart(int index) {
index = 0 and result = this.getPat().toAbbreviatedString()

2
rust/ql/lib/codeql/rust/elements/internal/MatchExprImpl.qll
View File

@@ -28,7 +28,7 @@ module Impl {
* ```
*/
class MatchExpr extends Generated::MatchExpr {
override string toString() {
override string toStringImpl() {
result = "match " + this.getScrutinee().toAbbreviatedString() + " { ... }"
}

4
rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll
View File

@@ -42,11 +42,11 @@ module Impl {
)
}
override string toString() {
override string toStringImpl() {
exists(string base, string separator |
base = this.getReceiver().toAbbreviatedString() and
(if base = "..." then separator = " ." else separator = ".") and
result = base + separator + this.getNameRef().toString() + "(...)"
result = base + separator + this.getNameRef().toStringImpl() + "(...)"
)
}
}

2
rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll
View File

@@ -24,6 +24,6 @@ module Impl {
* ```
*/
class Module extends Generated::Module {
override string toString() { result = "mod " + this.getName() }
override string toStringImpl() { result = "mod " + this.getName() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/NameImpl.qll
View File

@@ -19,6 +19,6 @@ module Impl {
* ```
*/
class Name extends Generated::Name {
override string toString() { result = this.getText() }
override string toStringImpl() { result = this.getText() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/NameRefImpl.qll
View File

@@ -19,6 +19,6 @@ module Impl {
* ```
*/
class NameRef extends Generated::NameRef {
override string toString() { result = this.getText() }
override string toStringImpl() { result = this.getText() }
}
}

2
rust/ql/lib/codeql/rust/elements/internal/NeverTypeReprImpl.qll
View File

@@ -19,7 +19,7 @@ module Impl {
* ```
*/
class NeverTypeRepr extends Generated::NeverTypeRepr {
override string toString() { result = this.toAbbreviatedString() }
override string toStringImpl() { result = this.toAbbreviatedString() }
override string toAbbreviatedString() { result = "!" }
}

2
rust/ql/lib/codeql/rust/elements/internal/OrPatImpl.qll
View File

@@ -21,7 +21,7 @@ module Impl {
* ```
*/
class OrPat extends Generated::OrPat {
override string toString() {
override string toStringImpl() {
result = concat(int i | | this.getPat(i).toAbbreviatedString(), " | " order by i)
}

2
rust/ql/lib/codeql/rust/elements/internal/ParamImpl.qll
View File

@@ -21,7 +21,7 @@ module Impl {
* ```
*/
class Param extends Generated::Param {
override string toString() { result = concat(int i | | this.toStringPart(i) order by i) }
override string toStringImpl() { result = concat(int i | | this.toStringPart(i) order by i) }
private string toStringPart(int index) {
index = 0 and result = this.getPat().toAbbreviatedString()

2
rust/ql/lib/codeql/rust/elements/internal/ParenExprImpl.qll
View File

@@ -19,6 +19,6 @@ module Impl {
* ```
*/
class ParenExpr extends Generated::ParenExpr {
override string toString() { result = "(" + this.getExpr().toAbbreviatedString() + ")" }
override string toStringImpl() { result = "(" + this.getExpr().toAbbreviatedString() + ")" }
}
}

Some files were not shown because too many files have changed in this diff Show More