hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into marcogario-patch-1

Browse Source
This commit is contained in:
Marco Gario
2025-03-31 20:42:12 +02:00
committed by GitHub
parent 29a23a3d20 c89c403e0e
commit 820dacd151
535 changed files with 17375 additions and 7001 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.bazelrc
View File

@@ -37,5 +37,6 @@ build --java_language_version=17
build --tool_java_language_version=17
build --tool_java_runtime_version=remotejdk_17
build --java_runtime_version=remotejdk_17
build --@rules_python//python/config_settings:python_version=3.12
try-import %workspace%/local.bazelrc

2
.bazelrc.internal
View File

@@ -8,3 +8,5 @@ common --registry=https://bcr.bazel.build
# its implementation packages without providing any code itself.
# We either can depend on internal implementation details, or turn of strict deps.
common --@rules_dotnet//dotnet/settings:strict_deps=false
build --@rules_python//python/config_settings:python_version=3.12

2
.pre-commit-config.yaml
View File

@@ -72,7 +72,7 @@ repos:
- id: rust-codegen
name: Run Rust checked in code generation
files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list)
files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list|ast-generator/)
language: system
entry: bazel run //rust/codegen -- --quiet
pass_filenames: false

455
Cargo.lock generated
View File

@@ -18,13 +18,10 @@ dependencies = [
]
[[package]]
name = "always-assert"
version = "0.2.0"
name = "allocator-api2"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1078fa1ce1e34b1872d8611ad921196d76bdd7027e949fbe31231abde201892"
dependencies = [
"tracing",
]
checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
[[package]]
name = "android-tzdata"
@@ -93,9 +90,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.96"
version = "1.0.97"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b964d184e89d9b6b67dd2715bc8e74cf3107fb2b529990c90cf517326150bf4"
checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"
[[package]]
name = "argfile"
@@ -170,6 +167,15 @@ dependencies = [
"cfg_aliases",
]
[[package]]
name = "boxcar"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6740c6e2fc6360fa57c35214c7493826aee95993926092606f27c983b40837be"
dependencies = [
"loom",
]
[[package]]
name = "bstr"
version = "1.11.3"
@@ -253,9 +259,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
[[package]]
name = "chalk-derive"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "572583d9b97f9d277e5c7607f8239a30e2e04d3ed3b47c87d1cb2152ae724073"
checksum = "ab2d131019373f0d0d1f2af0abd4f719739f6583c1b33965112455f643a910af"
dependencies = [
"proc-macro2",
"quote",
@@ -265,9 +271,9 @@ dependencies = [
[[package]]
name = "chalk-ir"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e60e0ef9c81dce1336a9ed3c76f08775f5b623151d96d85ba45f7b10de76d1c7"
checksum = "4f114996bda14c0213f014a4ef31a7867dcf5f539a3900477fc6b20138e7a17b"
dependencies = [
"bitflags 2.8.0",
"chalk-derive",
@@ -275,9 +281,9 @@ dependencies = [
[[package]]
name = "chalk-recursive"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a06350d614e22b03a69b8105e3541614450a7ea48bc58ecc6c6bd92731a3995"
checksum = "551e956e031c09057c7b21f17d48d91de99c9b6b6e34bceaf5e7202d71021268"
dependencies = [
"chalk-derive",
"chalk-ir",
@@ -288,9 +294,9 @@ dependencies = [
[[package]]
name = "chalk-solve"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e428761e9b55bee516bfe2457caed8b6d1b86353f92ae825bbe438a36ce91e8"
checksum = "cd7ca50181156ce649efe8e5dd00580f573651554e4dcd11afa4e2ac93f53324"
dependencies = [
"chalk-derive",
"chalk-ir",
@@ -304,9 +310,9 @@ dependencies = [
[[package]]
name = "chrono"
version = "0.4.39"
version = "0.4.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c"
dependencies = [
"android-tzdata",
"iana-time-zone",
@@ -314,14 +320,14 @@ dependencies = [
"num-traits",
"serde",
"wasm-bindgen",
"windows-targets 0.52.6",
"windows-link",
]
[[package]]
name = "clap"
version = "4.5.31"
version = "4.5.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "027bb0d98429ae334a8698531da7077bdf906419543a35a55c2cb1b66437d767"
checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83"
dependencies = [
"clap_builder",
"clap_derive",
@@ -329,9 +335,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.31"
version = "4.5.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5589e0cba072e0f3d23791efac0fd8627b49c829c196a492e88168e6a669d863"
checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8"
dependencies = [
"anstream",
"anstyle",
@@ -341,11 +347,11 @@ dependencies = [
[[package]]
name = "clap_derive"
version = "4.5.28"
version = "4.5.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed"
checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7"
dependencies = [
"heck 0.5.0",
"heck",
"proc-macro2",
"quote",
"syn",
@@ -505,6 +511,15 @@ dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-queue"
version = "0.3.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.21"
@@ -559,6 +574,20 @@ dependencies = [
"parking_lot_core",
]
[[package]]
name = "dashmap"
version = "6.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
dependencies = [
"cfg-if",
"crossbeam-utils",
"hashbrown 0.14.5",
"lock_api",
"once_cell",
"parking_lot_core",
]
[[package]]
name = "deranged"
version = "0.3.11"
@@ -583,9 +612,9 @@ checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "either"
version = "1.14.0"
version = "1.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7914353092ddf589ad78f25c5c1c21b7f80b0ff8621e7c814c3485b5306da9d"
checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
[[package]]
name = "ena"
@@ -714,6 +743,12 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foldhash"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
[[package]]
name = "fs-err"
version = "2.11.0"
@@ -738,6 +773,19 @@ version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ab85b9b05e3978cc9a9cf8fea7f01b494e1a09ed3037e16ba39edc7a29eb61a"
[[package]]
name = "generator"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd"
dependencies = [
"cfg-if",
"libc",
"log 0.4.25",
"rustversion",
"windows",
]
[[package]]
name = "getrandom"
version = "0.3.1"
@@ -786,12 +834,20 @@ name = "hashbrown"
version = "0.15.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
dependencies = [
"allocator-api2",
"equivalent",
"foldhash",
]
[[package]]
name = "heck"
version = "0.4.1"
name = "hashlink"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1"
dependencies = [
"hashbrown 0.15.2",
]
[[package]]
name = "heck"
@@ -831,7 +887,7 @@ dependencies = [
"iana-time-zone-haiku",
"js-sys",
"wasm-bindgen",
"windows-core",
"windows-core 0.52.0",
]
[[package]]
@@ -1027,6 +1083,19 @@ version = "0.4.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
[[package]]
name = "loom"
version = "0.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca"
dependencies = [
"cfg-if",
"generator",
"scoped-tls",
"tracing",
"tracing-subscriber",
]
[[package]]
name = "lz4_flex"
version = "0.11.3"
@@ -1271,6 +1340,12 @@ version = "0.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
[[package]]
name = "portable-atomic"
version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e"
[[package]]
name = "powerfmt"
version = "0.2.0"
@@ -1288,9 +1363,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
version = "1.0.93"
version = "1.0.94"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
dependencies = [
"unicode-ident",
]
@@ -1310,18 +1385,18 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.38"
version = "1.0.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
dependencies = [
"proc-macro2",
]
[[package]]
name = "ra-ap-rustc_abi"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3829c3355d1681ffeaf1450ec71edcdace6820fe2e86469d8fc1ad45e2c96460"
checksum = "f1651b0f7e8c3eb7c27a88f39d277e69c32bfe58e3be174d286c1a24d6a7a4d8"
dependencies = [
"bitflags 2.8.0",
"ra-ap-rustc_hashes",
@@ -1331,18 +1406,18 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_hashes"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bd4d6d4c434bec08e02370a4f64a4985312097215a62e82d0f757f3a98e502e"
checksum = "2bcd85e93dc0ea850bcfe7957a115957df799ccbc9eea488bdee5ec6780d212b"
dependencies = [
"rustc-stable-hash",
]
[[package]]
name = "ra-ap-rustc_index"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bad6fc4bd7522e31096e2de5b0351144fe0684b608791ee26c842bf2da1b19ae"
checksum = "62b295fc0640cd9fe0ecab872ee4a17a96f90a3998ec9f0c4765e9b8415c12cc"
dependencies = [
"ra-ap-rustc_index_macros",
"smallvec",
@@ -1350,9 +1425,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_index_macros"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cfb234e1f84b92be45276c3025bee18789e9bc95bec8789bec961e78edb01c52"
checksum = "c675f4257023aa933882906f13802cae287e88cc39ab13cbb96809083db0c801"
dependencies = [
"proc-macro2",
"quote",
@@ -1361,9 +1436,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_lexer"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a3a40bd11dc43d1cb110e730b80620cf8102f4cca8920a02b65954da0ed931f"
checksum = "c8358702c2a510ea84ba5801ddc047d9ad9520902cfb0e6173277610cdce2c9c"
dependencies = [
"memchr",
"unicode-properties",
@@ -1372,9 +1447,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_parse_format"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5feb877478994cb4c0c0c7a5116a352eefc0634aefc8636feb00a893fa5b7135"
checksum = "b98f402011d46732c35c47bfd111dec0495747fef2ec900ddee7fe15d78449a7"
dependencies = [
"ra-ap-rustc_index",
"ra-ap-rustc_lexer",
@@ -1382,9 +1457,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_pattern_analysis"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a76774d35934d464c4115908cde16f76a4f7e540fe1eea6b79336c556e37bdd3"
checksum = "bef3ff73fa4653252ffe1d1e9177a446f49ef46d97140e4816b7ff2dad59ed53"
dependencies = [
"ra-ap-rustc_index",
"rustc-hash 2.1.1",
@@ -1395,20 +1470,22 @@ dependencies = [
[[package]]
name = "ra_ap_base_db"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d8e4a327f1a8ace5afced54ebaa1a34f8cf0bb535a28aefb8300e8ea49a7d6e"
checksum = "4baa9734d254af14fd603528ad594650dea601b1764492bd39988da38598ae67"
dependencies = [
"dashmap 5.5.3",
"la-arena",
"lz4_flex",
"ra_ap_cfg",
"ra_ap_intern",
"ra_ap_salsa",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rustc-hash 2.1.1",
"salsa",
"semver",
"tracing",
"triomphe",
@@ -1416,9 +1493,9 @@ dependencies = [
[[package]]
name = "ra_ap_cfg"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d974450788b1f90243c5f2231875ed4d7087444975c0190a1c2cb02c3ed465d"
checksum = "0ef2ba45636c5e585040c0c4bee640737a6001b08309f1a25ca78cf04abfbf90"
dependencies = [
"ra_ap_intern",
"ra_ap_tt",
@@ -1428,15 +1505,15 @@ dependencies = [
[[package]]
name = "ra_ap_edition"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3b1b961a84cb09a4e06e44d06b2e77bcf546d0c2623df9545ba9cc694880989"
checksum = "8955c1484d5e7274f755187788ba0d51eb149f870c69cdf0d87c3b7edea20ea0"
[[package]]
name = "ra_ap_hir"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff0672e35a6cf12333cb6b9e3fd18aba4bc724fa7c7b24c3253df4730be1f9c3"
checksum = "a51d7955beff2212701b149bea36d4cf2dc0f5cd129652c9bcf0cb5c0b021078"
dependencies = [
"arrayvec",
"either",
@@ -1460,14 +1537,14 @@ dependencies = [
[[package]]
name = "ra_ap_hir_def"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fde2fb9361257e31e73e63eb2d07445ea3fd4cd1e7bae7f45e7ba82bcfcde29a"
checksum = "e5c97e617e4c585d24b3d4f668861452aedddfbe0262f4c53235dcea77e62f9b"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
"cov-mark",
"dashmap",
"dashmap 5.5.3",
"drop_bomb",
"either",
"fst",
@@ -1483,12 +1560,14 @@ dependencies = [
"ra_ap_hir_expand",
"ra_ap_intern",
"ra_ap_mbe",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_tt",
"rustc-hash 2.1.1",
"rustc_apfloat",
"salsa",
"smallvec",
"text-size",
"tracing",
@@ -1497,9 +1576,9 @@ dependencies = [
[[package]]
name = "ra_ap_hir_expand"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1823b649710bf1829c894f774dfe66acb33a3e5bc7409ff7836cd19f6e09c250"
checksum = "be57c0d7e3f2180dd8ea584b11447f34060eadc06f0f6d559e2a790f6e91b6c5"
dependencies = [
"cov-mark",
"either",
@@ -1511,12 +1590,14 @@ dependencies = [
"ra_ap_intern",
"ra_ap_mbe",
"ra_ap_parser",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_syntax-bridge",
"ra_ap_tt",
"rustc-hash 2.1.1",
"salsa",
"smallvec",
"tracing",
"triomphe",
@@ -1524,9 +1605,9 @@ dependencies = [
[[package]]
name = "ra_ap_hir_ty"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72a591a02787bd2e938c25fceb1f831d0929b9c08726e6d831f85c4a9fba04b5"
checksum = "f260f35748f3035b46a8afcdebda7cb75d95c24750105fad86101d09a9d387c8"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
@@ -1535,6 +1616,7 @@ dependencies = [
"chalk-recursive",
"chalk-solve",
"cov-mark",
"dashmap 5.5.3",
"either",
"ena",
"indexmap 2.7.0",
@@ -1543,18 +1625,19 @@ dependencies = [
"nohash-hasher",
"oorandom",
"ra-ap-rustc_abi",
"ra-ap-rustc_hashes",
"ra-ap-rustc_index",
"ra-ap-rustc_pattern_analysis",
"ra_ap_base_db",
"ra_ap_hir_def",
"ra_ap_hir_expand",
"ra_ap_intern",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"rustc-hash 2.1.1",
"rustc_apfloat",
"salsa",
"scoped-tls",
"smallvec",
"tracing",
@@ -1564,14 +1647,15 @@ dependencies = [
[[package]]
name = "ra_ap_ide_db"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c74386061453edc3ebfd52141c7c3cde109a7427faff9792a303c3c09a762a01"
checksum = "0426263be26e27cb55a3b9ef88b120511b66fe7d9b418a2473d6d5f3ac2fe0a6"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
"cov-mark",
"crossbeam-channel",
"dashmap 5.5.3",
"either",
"fst",
"indexmap 2.7.0",
@@ -1583,22 +1667,25 @@ dependencies = [
"ra_ap_hir",
"ra_ap_parser",
"ra_ap_profile",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rayon",
"rustc-hash 2.1.1",
"salsa",
"tracing",
"triomphe",
]
[[package]]
name = "ra_ap_intern"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8239ffde688b558a4335f03d14fa42dcebb203f452367830554b18e17ff1c683"
checksum = "f6ea8c9615b3b0688cf557e7310dbd9432f43860c8ea766d54f4416cbecf3571"
dependencies = [
"dashmap",
"dashmap 5.5.3",
"hashbrown 0.14.5",
"rustc-hash 2.1.1",
"triomphe",
@@ -1606,9 +1693,9 @@ dependencies = [
[[package]]
name = "ra_ap_load-cargo"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01dd50ca287042b06ca3cc62b60e6891bacee3886d39381d26f9f966e509b1c7"
checksum = "570907e16725c13a678bfd8050ce8839af2831da042a0878b75ee8c41b0f7b0c"
dependencies = [
"anyhow",
"crossbeam-channel",
@@ -1628,9 +1715,9 @@ dependencies = [
[[package]]
name = "ra_ap_mbe"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c193592a0d1dcd315cf8c60f25d37a15c6b50c2b58bfbc6eac38b123e45c8c21"
checksum = "e893fe03b04b30c9b5a339ac2bf39ce32ac9c05a8b50121b7d89ce658346e164"
dependencies = [
"arrayvec",
"cov-mark",
@@ -1649,9 +1736,9 @@ dependencies = [
[[package]]
name = "ra_ap_parser"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b380f96951dd56b8231eeb47884fea12c57b8515ac748eedd590b26cd156681c"
checksum = "6fd9a264120968b14a66b6ba756cd7f99435385b5dbc2f0a611cf3a12221c385"
dependencies = [
"drop_bomb",
"ra-ap-rustc_lexer",
@@ -1661,18 +1748,18 @@ dependencies = [
[[package]]
name = "ra_ap_paths"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0801105582f532bc59a2b5714a30966c4cf9bd3e5b66f4161763c1d974d2c7d5"
checksum = "f47817351651e36b56ff3afc483b41600053c9cb7e67d945467c0abe93416032"
dependencies = [
"camino",
]
[[package]]
name = "ra_ap_proc_macro_api"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da377b243e376b82819f875c1c6624125d27b682a740bd4cafc30b4f496d0ffa"
checksum = "d96da3b8b9f6b813a98f5357eef303905450741f47ba90adaab8a5371b748416"
dependencies = [
"indexmap 2.7.0",
"ra_ap_intern",
@@ -1689,9 +1776,9 @@ dependencies = [
[[package]]
name = "ra_ap_profile"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d6d1391bee4f86e56385438a2dcb739cbb96bd0fbf49799a492332d57e6db62"
checksum = "13637377287c84f88a628e40229d271ef0081c0d683956bd99a6c8278a4f8b14"
dependencies = [
"cfg-if",
"libc",
@@ -1701,9 +1788,9 @@ dependencies = [
[[package]]
name = "ra_ap_project_model"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8b1ac2712d5f6a20197b360890031e64b4ea097b511f50e2cb8ab1a0e24f577"
checksum = "053c5207a638fc7a752c7a454bc952b28b0d02f0bf9f6d7ec785ec809579d8fa"
dependencies = [
"anyhow",
"cargo_metadata",
@@ -1726,71 +1813,54 @@ dependencies = [
]
[[package]]
name = "ra_ap_salsa"
version = "0.0.266"
name = "ra_ap_query-group-macro"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc3a0a272f50e2ab831452bd3f4e7f8a571ccf01282d76f4a078f661135ed0ce"
checksum = "0f1a38f07b442e47a234cbe2e8fd1b8a41ff0cc5123cb1cf994c5ce20edb5bd6"
dependencies = [
"indexmap 2.7.0",
"itertools 0.12.1",
"lock_api",
"oorandom",
"parking_lot",
"ra_ap_salsa-macros",
"rustc-hash 2.1.1",
"smallvec",
"tracing",
"triomphe",
]
[[package]]
name = "ra_ap_salsa-macros"
version = "0.0.266"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5d59b47a54fd5468ce0dc03b146afd0932ae0f3d05a5c15ca78d29d5e85bc31"
dependencies = [
"heck 0.4.1",
"heck",
"proc-macro2",
"quote",
"salsa",
"syn",
]
[[package]]
name = "ra_ap_span"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f10dbdd611d2546be7c400934007865e85bb37570566c715edb3aac76367a782"
checksum = "8818680c6f7da3b32cb2bb0992940b24264b1aa90203aa94812e09ab34d362d1"
dependencies = [
"hashbrown 0.14.5",
"la-arena",
"ra_ap_salsa",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rustc-hash 2.1.1",
"salsa",
"text-size",
]
[[package]]
name = "ra_ap_stdx"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7d5c58fcda9b35d61e23f334b2b11221abf53e7f5e4344fc7eb1de18b2cbf68"
checksum = "f1c10bee1b03fc48083862c13cf06bd3ed17760463ecce2734103a2f511e5ed4"
dependencies = [
"always-assert",
"crossbeam-channel",
"itertools 0.12.1",
"jod-thread",
"libc",
"miow",
"tracing",
"windows-sys 0.59.0",
]
[[package]]
name = "ra_ap_syntax"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75334f45a8095223823ef1d2789c085460b7b9368c63a6430d46f6f2b9bd5cb5"
checksum = "92bc32f3946fc5fcbdc79e61b7e26a8c2a3a56f3ef6ab27c7d298a9e21a462f2"
dependencies = [
"cov-mark",
"either",
@@ -1808,9 +1878,9 @@ dependencies = [
[[package]]
name = "ra_ap_syntax-bridge"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b331a50f90ae587d230b1b55b3852ebf67ab740dec33c1a4b0900005037e77c2"
checksum = "a42052c44c98c122c37aac476260c8f19d8fec495edc9c05835307c9ae86194d"
dependencies = [
"ra_ap_intern",
"ra_ap_parser",
@@ -1824,9 +1894,9 @@ dependencies = [
[[package]]
name = "ra_ap_toolchain"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d56e1b3a34eac0448e54afccf63a6b7699ef14a734b2f1b340246ccdd00c0d3"
checksum = "75996e70b3a0c68cd5157ba01f018964c7c6a5d7b209047d449b393139d0b57f"
dependencies = [
"camino",
"home",
@@ -1834,9 +1904,9 @@ dependencies = [
[[package]]
name = "ra_ap_tt"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b974b1211e0b1e17e44b1f256ca1b4a3734d4d98f43ba09ee0a8476fc3a5b83"
checksum = "0e4ee31e93bfabe83e6720b7469db88d7ad7ec5c59a1f011efec4aa1327ffc5c"
dependencies = [
"arrayvec",
"ra-ap-rustc_lexer",
@@ -1847,9 +1917,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b004e20f901dae213cb1673111a2b56fec4f0d1c4c894b62668a0f69ce25065"
checksum = "f6aac1e277ac70bb073f40f8a3fc44e4b1bb9e4d4b1d0e0bd2f8269543560f80"
dependencies = [
"crossbeam-channel",
"fst",
@@ -1863,9 +1933,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs-notify"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95f9e8df03407d76e044f99ef45fafd686d775508aa7d1ba836e9eca58b833a3"
checksum = "cd95285146049621ee8f7a512c982a008bf036321fcc9b01a95c1ad7e6aeae57"
dependencies = [
"crossbeam-channel",
"notify",
@@ -2030,12 +2100,59 @@ dependencies = [
"smallvec",
]
[[package]]
name = "rustversion"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
[[package]]
name = "ryu"
version = "1.0.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd"
[[package]]
name = "salsa"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd55c6549513b2a42884dae31e3d4f4ac8a6cc51062e68e24d162133889f327c"
dependencies = [
"boxcar",
"crossbeam-queue",
"dashmap 6.1.0",
"hashbrown 0.15.2",
"hashlink",
"indexmap 2.7.0",
"parking_lot",
"portable-atomic",
"rayon",
"rustc-hash 2.1.1",
"salsa-macro-rules",
"salsa-macros",
"smallvec",
"tracing",
]
[[package]]
name = "salsa-macro-rules"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2619b4b451beab0a7e4364ff1e6f31950e7e418888fd9bf2f28889671563166a"
[[package]]
name = "salsa-macros"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4be57a99b3896e8d26850428a6874fb86849e2db874e1db3528e5cee4337d277"
dependencies = [
"heck",
"proc-macro2",
"quote",
"syn",
"synstructure",
]
[[package]]
name = "same-file"
version = "1.0.6"
@@ -2068,18 +2185,18 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [
"proc-macro2",
"quote",
@@ -2088,9 +2205,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.139"
version = "1.0.140"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44f86c3acccc9c65b153fe1b85a3be07fe5515274ec9f0653b4a0875731c72a6"
checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
dependencies = [
"itoa",
"memchr",
@@ -2201,9 +2318,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.98"
version = "2.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
dependencies = [
"proc-macro2",
"quote",
@@ -2636,6 +2753,16 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6"
dependencies = [
"windows-core 0.58.0",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-core"
version = "0.52.0"
@@ -2645,6 +2772,66 @@ dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-core"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99"
dependencies = [
"windows-implement",
"windows-interface",
"windows-result",
"windows-strings",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-implement"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-interface"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-link"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
[[package]]
name = "windows-result"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-strings"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
dependencies = [
"windows-result",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-sys"
version = "0.48.0"

54
MODULE.bazel
View File

@@ -71,13 +71,13 @@ use_repo(
tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r")
use_repo(
tree_sitter_extractors_deps,
"vendor_ts__anyhow-1.0.96",
"vendor_ts__anyhow-1.0.97",
"vendor_ts__argfile-0.2.1",
"vendor_ts__chalk-ir-0.99.0",
"vendor_ts__chrono-0.4.39",
"vendor_ts__clap-4.5.31",
"vendor_ts__chalk-ir-0.100.0",
"vendor_ts__chrono-0.4.40",
"vendor_ts__clap-4.5.32",
"vendor_ts__dunce-1.0.5",
"vendor_ts__either-1.14.0",
"vendor_ts__either-1.15.0",
"vendor_ts__encoding-0.2.33",
"vendor_ts__figment-0.10.19",
"vendor_ts__flate2-1.1.0",
@@ -88,31 +88,31 @@ use_repo(
"vendor_ts__mustache-0.9.0",
"vendor_ts__num-traits-0.2.19",
"vendor_ts__num_cpus-1.16.0",
"vendor_ts__proc-macro2-1.0.93",
"vendor_ts__quote-1.0.38",
"vendor_ts__ra_ap_base_db-0.0.266",
"vendor_ts__ra_ap_cfg-0.0.266",
"vendor_ts__ra_ap_hir-0.0.266",
"vendor_ts__ra_ap_hir_def-0.0.266",
"vendor_ts__ra_ap_hir_expand-0.0.266",
"vendor_ts__ra_ap_hir_ty-0.0.266",
"vendor_ts__ra_ap_ide_db-0.0.266",
"vendor_ts__ra_ap_intern-0.0.266",
"vendor_ts__ra_ap_load-cargo-0.0.266",
"vendor_ts__ra_ap_parser-0.0.266",
"vendor_ts__ra_ap_paths-0.0.266",
"vendor_ts__ra_ap_project_model-0.0.266",
"vendor_ts__ra_ap_span-0.0.266",
"vendor_ts__ra_ap_stdx-0.0.266",
"vendor_ts__ra_ap_syntax-0.0.266",
"vendor_ts__ra_ap_vfs-0.0.266",
"vendor_ts__proc-macro2-1.0.94",
"vendor_ts__quote-1.0.40",
"vendor_ts__ra_ap_base_db-0.0.270",
"vendor_ts__ra_ap_cfg-0.0.270",
"vendor_ts__ra_ap_hir-0.0.270",
"vendor_ts__ra_ap_hir_def-0.0.270",
"vendor_ts__ra_ap_hir_expand-0.0.270",
"vendor_ts__ra_ap_hir_ty-0.0.270",
"vendor_ts__ra_ap_ide_db-0.0.270",
"vendor_ts__ra_ap_intern-0.0.270",
"vendor_ts__ra_ap_load-cargo-0.0.270",
"vendor_ts__ra_ap_parser-0.0.270",
"vendor_ts__ra_ap_paths-0.0.270",
"vendor_ts__ra_ap_project_model-0.0.270",
"vendor_ts__ra_ap_span-0.0.270",
"vendor_ts__ra_ap_stdx-0.0.270",
"vendor_ts__ra_ap_syntax-0.0.270",
"vendor_ts__ra_ap_vfs-0.0.270",
"vendor_ts__rand-0.9.0",
"vendor_ts__rayon-1.10.0",
"vendor_ts__regex-1.11.1",
"vendor_ts__serde-1.0.218",
"vendor_ts__serde_json-1.0.139",
"vendor_ts__serde-1.0.219",
"vendor_ts__serde_json-1.0.140",
"vendor_ts__serde_with-3.12.0",
"vendor_ts__syn-2.0.98",
"vendor_ts__syn-2.0.100",
"vendor_ts__toml-0.8.20",
"vendor_ts__tracing-0.1.41",
"vendor_ts__tracing-flame-0.2.0",
@@ -155,7 +155,7 @@ use_repo(csharp_main_extension, "paket.main")
pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "codegen_deps",
python_version = "3.11",
python_version = "3.12",
requirements_lock = "//misc/codegen:requirements_lock.txt",
)
use_repo(pip, "codegen_deps")

0
actions/ql/lib/change-notes/2025-03-20.md → actions/ql/lib/change-notes/2025-03-20-code-injection-pr.md
View File

0
actions/ql/src/codeql-suites/actions-ccr.qls → actions/ql/src/codeql-suites/actions-code-quality.qls
View File

14
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -956,8 +956,6 @@ class GlobalDef extends Definition {
private module SsaImpl = SsaImplCommon::Make<Location, SsaInput>;
private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationInputSig {
private import codeql.util.Void
class Expr extends Instruction {
Expr() {
exists(IRBlock bb, int i |
@@ -977,13 +975,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI
)
}
predicate ssaDefAssigns(SsaImpl::WriteDefinition def, Expr value) { none() }
class Parameter extends Void {
Location getLocation() { none() }
}
predicate ssaDefInitializesParam(SsaImpl::WriteDefinition def, Parameter p) { none() }
predicate ssaDefHasSource(SsaImpl::WriteDefinition def) { none() }
predicate allowFlowIntoUncertainDef(SsaImpl::UncertainWriteDefinition def) { any() }
@@ -1007,9 +999,11 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI
}
}
predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
guard.(IRGuards::IRGuardCondition).controls(bb, branch)
}
predicate keepAllPhiInputBackEdges() { any() }
}
private module DataFlowIntegrationImpl = SsaImpl::DataFlowIntegration<DataFlowIntegrationInput>;

4
cpp/ql/src/Diagnostics/ExtractionWarnings.ql
View File

@@ -14,5 +14,5 @@ where
or
warning instanceof ExtractionUnknownProblem
select warning,
"Extraction failed in " + warning.getFile() + " with warning " + warning.getProblemMessage(),
warning.getSeverity()
"Extraction failed in " + warning.getFile() + " with warning " +
warning.getProblemMessage().replaceAll("$", "$$"), warning.getSeverity()

5
cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql
View File

@@ -17,5 +17,6 @@ from ExtractionError error
where
error instanceof ExtractionUnknownError or
exists(error.getFile().getRelativePath())
select error, "Extraction failed in " + error.getFile() + " with error " + error.getErrorMessage(),
error.getSeverity()
select error,
"Extraction failed in " + error.getFile() + " with error " +
error.getErrorMessage().replaceAll("$", "$$"), error.getSeverity()

0
cpp/ql/src/codeql-suites/cpp-ccr.qls → cpp/ql/src/codeql-suites/cpp-code-quality.qls
View File

22
cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected
View File

@@ -68,31 +68,23 @@
| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi read(t2) |
| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi(*t2) |
| test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 |
| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:3:15:6 | SSA phi read(t2) |
| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:3:15:6 | SSA phi(*t2) |
| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 |
| test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 |
| test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... |
| test.cpp:13:5:13:8 | [input] SSA phi read(t2) | test.cpp:15:3:15:6 | SSA phi read(t2) |
| test.cpp:13:5:13:8 | [input] SSA phi(*t2) | test.cpp:15:3:15:6 | SSA phi(*t2) |
| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | [input] SSA phi read(t2) |
| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | [input] SSA phi(*t2) |
| test.cpp:15:3:15:6 | SSA phi read(t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:3:15:6 | SSA phi(*t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(*t2) |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(t2) |
| test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 |
| test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | [input] SSA phi read(t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | [input] SSA phi(*t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi read(t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi(*t1) |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | [input] SSA phi(*i) |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | SSA phi(*i) |
| test.cpp:23:15:23:16 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) |
| test.cpp:23:15:23:16 | [input] SSA phi read(i) | test.cpp:23:19:23:19 | SSA phi read(i) |
| test.cpp:23:15:23:16 | [input] SSA phi read(t1) | test.cpp:23:19:23:19 | SSA phi read(t1) |
| test.cpp:23:15:23:16 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) |
| test.cpp:23:15:23:16 | [input] SSA phi(*i) | test.cpp:23:19:23:19 | SSA phi(*i) |
| test.cpp:23:15:23:16 | [input] SSA phi(*t1) | test.cpp:23:19:23:19 | SSA phi(*t1) |
| test.cpp:23:19:23:19 | SSA phi read(*t2) | test.cpp:24:10:24:11 | t2 |
| test.cpp:23:19:23:19 | SSA phi read(i) | test.cpp:23:19:23:19 | i |
| test.cpp:23:19:23:19 | SSA phi read(t1) | test.cpp:23:23:23:24 | t1 |

127
cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp
View File

@@ -10,7 +10,7 @@
// semmle-extractor-options: -I${testdir}/more_headers/ "-U SOME_SYM"
#undef BAR
#define SCARY(a,aa,aaah) /* we ignore a */ (aa /* but we take aa */) /* and we ignore aaa */
#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__)
#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__)
#include "pp.h"
#if 0
@@ -59,7 +59,7 @@ public:
#else
#define IN_TEMPLATE
#endif
static int val;
};
@@ -71,7 +71,128 @@ templateClassContext<int> tcci;
#define BAR
#if defined(BAR) && \
#if defined(BAR) &&\
defined(BAR)
#warning BAR defined
#endif
#if defined MACROTHREE/**hello*/ && /*world*/\
/*hw*/ (defined(MACROONE)) /* macroone */
#endif
#if defined SIMPLE_COMMENT //this comment \
(defined(SIMPLE_COMMENT)) spans over multiple lines
#endif
#if defined(FOO) &&\
defined(BAR)
#define CONDITIONAL_MACRO_1 1
#endif
#if defined(FOO) && \
defined(BAR) && \
!defined(BAZ)
#define CONDITIONAL_MACRO_2 2
#endif
#define FOO 8
#define BAR 2
#define BAZ 4
#if ((FOO / BAR) \
== 4) && ((BAZ \
* QUX) \
> 10)
#define CONDITIONAL_MACRO_3 3
#endif
// Testing \t spaced PreprocessorIf
#if defined(FOO) && \
defined(BAR) && \
defined(BAZ)
#define CONDITIONAL_MACRO_4 4
#endif
#if defined /* //test */ SIMPLE_COMMENT //this comment \
(defined(SIMPLE_COMMENT)) spans over multiple lines
#endif
#warning foo \
#warning foo \
\
/* a comment */
#warning foo \
\
#warning foo \
\
// a comment
#define FOO 8
#define BAR 2
#define BAZ 4
#if ((FOO / BAR) \
== 4) && ((BAZ \
/** comment */ \
* QUX) \
/** comment */ \
> 10)
#define CONDITIONAL_MACRO_3 3
#endif
#define X 1
#define Y 2
#if defined(X) && \
/*this is a comment*/ defined(Y) \
// another comment
#endif
#warning FOO\
\
\
\
BAR
#warning foo \
\
/* comment */ \
\
#if/** */A/* ... */&&B
#endif
#if/** */ /**/ A
#endif
#if \
\
A && B
#endif
#ifdef /*
*/ FOOBAR
#warning a
#else
#warning b
#endif
#if /*
//test
*/ FOOBAR
#endif
#if/*...*//*...*/A
#endif

55
cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected
View File

@@ -33,17 +33,64 @@
| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 |
| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 |
| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | PreprocessorIfdef | INSTANTIATION | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE | |
| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION | |
| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR | |
| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 74 | 21 | PreprocessorIf | defined(BAR) && \\ | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | PreprocessorIf | defined(BAR) && defined(BAR) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | PreprocessorIf | defined SIMPLE_COMMENT | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | PreprocessorIf | defined(FOO) && defined(BAR) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | Macro | FOO | 8 |
| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | Macro | BAR | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | Macro | BAZ | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | Macro | CONDITIONAL_MACRO_4 | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | PreprocessorIf | defined SIMPLE_COMMENT | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | Macro | FOO | 8 |
| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | Macro | BAR | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | Macro | BAZ | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | Macro | X | 1 |
| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | Macro | Y | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | PreprocessorIf | defined(X) && defined(Y) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | PreprocessorWarning | FOO BAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | PreprocessorIf | A &&B | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | PreprocessorIf | A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | PreprocessorIf | A && B | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | PreprocessorIfdef | FOOBAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | PreprocessorElse | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | PreprocessorWarning | b | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | PreprocessorIf | FOOBAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | PreprocessorIf | A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | PreprocessorEndif | N/A | N/A |
| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A |
| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | PreprocessorWarning | "This should happen" | N/A |
| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A |
| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A |
| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | PreprocessorPragma | byte_order(big_endian) | N/A |
| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A |
| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected
View File

@@ -1,2 +1,3 @@
| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with error "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 2 |
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 2 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 2 |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected
View File

@@ -1,2 +1,3 @@
| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with warning "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 1 |
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 1 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 1 |

2
cpp/ql/test/query-tests/Diagnostics/Info.expected
View File

@@ -1,4 +1,4 @@
| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | fromSource, normalTermination |
| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | ExtractionProblem (severity 1), fromSource, normalTermination |
| containswarning.cpp:0:0:0:0 | containswarning.cpp | containswarning.cpp | fromSource, normalTermination |
| doesnotcompile.cpp:0:0:0:0 | doesnotcompile.cpp | doesnotcompile.cpp | ExtractionProblem (severity 1), fromSource, normalTermination |
| file://:0:0:0:0 | | | |

5
cpp/ql/test/query-tests/Diagnostics/containserror.cpp
View File

@@ -3,3 +3,8 @@
void containserror() {
#error An error!
}
void error_with_placeholder() {
const char *x = "Foo1 $@ bar1 $@ baz1";
const char *x = "Foo2 $@ bar2 $@ baz2";
}

48
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
View File

@@ -1,14 +1,22 @@
using System;
using System.Diagnostics;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using Semmle.Util;
using Semmle.Util.Logging;
using Newtonsoft.Json;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
public class DependabotProxy : IDisposable
{
/// <summary>
/// Represents configurations for package registries.
/// </summary>
/// <param name="Type">The type of package registry.</param>
/// <param name="URL">The URL of the package registry.</param>
public record class RegistryConfig(string Type, string URL);
private readonly string host;
private readonly string port;
@@ -17,6 +25,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// </summary>
internal string Address { get; }
/// <summary>
/// The URLs of package registries that are configured for the proxy.
/// </summary>
internal HashSet<string> RegistryURLs { get; }
/// <summary>
/// The path to the temporary file where the certificate is stored.
/// </summary>
internal string? CertificatePath { get; private set; }
@@ -67,6 +79,39 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
result.Certificate = X509Certificate2.CreateFromPem(cert);
}
// Try to obtain the list of private registry URLs.
var registryURLs = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyURLs);
if (!string.IsNullOrWhiteSpace(registryURLs))
{
try
{
// The value of the environment variable should be a JSON array of objects, such as:
// [ { "type": "nuget_feed", "url": "https://nuget.pkg.github.com/org/index.json" } ]
var array = JsonConvert.DeserializeObject<List<RegistryConfig>>(registryURLs);
if (array is not null)
{
foreach (RegistryConfig config in array)
{
// The array contains all configured private registries, not just ones for C#.
// We ignore the non-C# ones here.
if (!config.Type.Equals("nuget_feed"))
{
logger.LogDebug($"Ignoring registry at '{config.URL}' since it is not of type 'nuget_feed'.");
continue;
}
logger.LogInfo($"Found private registry at '{config.URL}'");
result.RegistryURLs.Add(config.URL);
}
}
}
catch (JsonException ex)
{
logger.LogError($"Unable to parse '{EnvironmentVariableNames.ProxyURLs}': {ex.Message}");
}
}
return result;
}
@@ -75,6 +120,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
this.host = host;
this.port = port;
this.Address = $"http://{this.host}:{this.port}";
this.RegistryURLs = new HashSet<string>();
}
public void Dispose()

6
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -2,7 +2,6 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Newtonsoft.Json.Linq;
using Semmle.Util;
@@ -77,6 +76,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
args += " /p:EnableWindowsTargeting=true";
}
if (restoreSettings.ExtraArgs is not null)
{
args += $" {restoreSettings.ExtraArgs}";
}
return args;
}

5
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs
View File

@@ -89,5 +89,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// Contains the certificate used by the Dependabot proxy.
/// </summary>
public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE";
/// <summary>
/// Contains the URLs of private nuget registries as a JSON array.
/// </summary>
public const string ProxyURLs = "CODEQL_PROXY_URLS";
}
}

2
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs
View File

@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
IList<string> GetNugetFeedsFromFolder(string folderPath);
}
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false);
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? ExtraArgs = null, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false);
public partial record class RestoreResult(bool Success, IList<string> Output)
{

124
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
View File

@@ -103,10 +103,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0"));
HashSet<string>? explicitFeeds = null;
HashSet<string>? allFeeds = null;
try
{
if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds))
if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds, out allFeeds))
{
// todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds([], explicitFeeds);
@@ -156,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var restoredProjects = RestoreSolutions(out var container);
var projects = fileProvider.Projects.Except(restoredProjects);
RestoreProjects(projects, out var containers);
RestoreProjects(projects, allFeeds, out var containers);
var dependencies = containers.Flatten(container);
@@ -260,8 +261,33 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// Populates dependencies with the relative paths to the assets files generated by the restore.
/// </summary>
/// <param name="projects">A list of paths to project files.</param>
private void RestoreProjects(IEnumerable<string> projects, out ConcurrentBag<DependencyContainer> dependencies)
private void RestoreProjects(IEnumerable<string> projects, HashSet<string>? configuredSources, out ConcurrentBag<DependencyContainer> dependencies)
{
// Conservatively, we only set this to a non-null value if a Dependabot proxy is enabled.
// This ensures that we continue to get the old behaviour where feeds are taken from
// `nuget.config` files instead of the command-line arguments.
string? extraArgs = null;
if (this.dependabotProxy is not null)
{
// If the Dependabot proxy is configured, then our main goal is to make `dotnet` aware
// of the private registry feeds. However, since providing them as command-line arguments
// to `dotnet` ignores other feeds that may be configured, we also need to add the feeds
// we have discovered from analysing `nuget.config` files.
var sources = configuredSources ?? new();
this.dependabotProxy.RegistryURLs.ForEach(url => sources.Add(url));
// Add package sources. If any are present, they override all sources specified in
// the configuration file(s).
var feedArgs = new StringBuilder();
foreach (string source in sources)
{
feedArgs.Append($" -s {source}");
}
extraArgs = feedArgs.ToString();
}
var successCount = 0;
var nugetSourceFailures = 0;
ConcurrentBag<DependencyContainer> collectedDependencies = [];
@@ -276,7 +302,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
foreach (var project in projectGroup)
{
logger.LogInfo($"Restoring project {project}...");
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, TargetWindows: isWindows));
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, extraArgs, TargetWindows: isWindows));
assets.AddDependenciesRange(res.AssetsFilePaths);
lock (sync)
{
@@ -680,10 +706,42 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return (timeoutMilliSeconds, tryCount);
}
private bool CheckFeeds(out HashSet<string> explicitFeeds)
/// <summary>
/// Checks that we can connect to all Nuget feeds that are explicitly configured in configuration files
/// as well as any private package registry feeds that are configured.
/// </summary>
/// <param name="explicitFeeds">Outputs the set of explicit feeds.</param>
/// <param name="allFeeds">Outputs the set of all feeds (explicit and inherited).</param>
/// <returns>True if all feeds are reachable or false otherwise.</returns>
private bool CheckFeeds(out HashSet<string> explicitFeeds, out HashSet<string> allFeeds)
{
logger.LogInfo("Checking Nuget feeds...");
(explicitFeeds, var allFeeds) = GetAllFeeds();
(explicitFeeds, allFeeds) = GetAllFeeds();
HashSet<string> feedsToCheck = explicitFeeds;
// If private package registries are configured for C#, then check those
// in addition to the ones that are configured in `nuget.config` files.
this.dependabotProxy?.RegistryURLs.ForEach(url => feedsToCheck.Add(url));
var allFeedsReachable = this.CheckSpecifiedFeeds(feedsToCheck);
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
if (inheritedFeeds.Count > 0)
{
logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}");
compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString()));
}
return allFeedsReachable;
}
/// <summary>
/// Checks that we can connect to the specified Nuget feeds.
/// </summary>
/// <param name="feeds">The set of package feeds to check.</param>
/// <returns>True if all feeds are reachable or false otherwise.</returns>
private bool CheckSpecifiedFeeds(HashSet<string> feeds)
{
logger.LogInfo("Checking that Nuget feeds are reachable...");
var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
.ToHashSet();
@@ -695,7 +753,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback: false);
var allFeedsReachable = explicitFeeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount));
var allFeedsReachable = feeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount));
if (!allFeedsReachable)
{
logger.LogWarning("Found unreachable Nuget feed in C# analysis with build-mode 'none'. This may cause missing dependencies in the analysis.");
@@ -710,14 +768,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
compilationInfoContainer.CompilationInfos.Add(("All Nuget feeds reachable", allFeedsReachable ? "1" : "0"));
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
if (inheritedFeeds.Count > 0)
{
logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}");
compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString()));
}
return allFeedsReachable;
}
@@ -766,23 +816,33 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
// todo: this could be improved.
// We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others.
var allFeeds = nugetConfigs
.Select(config =>
{
try
HashSet<string>? allFeeds = null;
if (nugetConfigs.Count > 0)
{
// We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others.
allFeeds = nugetConfigs
.Select(config =>
{
return new FileInfo(config).Directory?.FullName;
}
catch (Exception exc)
{
logger.LogWarning($"Failed to get directory of '{config}': {exc}");
}
return null;
})
.Where(folder => folder != null)
.SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!)))
.ToHashSet();
try
{
return new FileInfo(config).Directory?.FullName;
}
catch (Exception exc)
{
logger.LogWarning($"Failed to get directory of '{config}': {exc}");
}
return null;
})
.Where(folder => folder != null)
.SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!)))
.ToHashSet();
}
else
{
// If we haven't found any `nuget.config` files, then obtain a list of feeds from the root source directory.
allFeeds = GetFeeds(() => dotnet.GetNugetFeedsFromFolder(this.fileProvider.SourceDir.FullName)).ToHashSet();
}
logger.LogInfo($"Found {allFeeds.Count} Nuget feeds (with inherited ones) in nuget.config files: {string.Join(", ", allFeeds.OrderBy(f => f))}");

3
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs
View File

@@ -37,7 +37,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
{
try
{
var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile);
var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile)
.Replace('\\', '/'); // Ensure we're generating the same hash regardless of the OS
var name = FileUtils.ComputeHash($"{relativePathToCsProj}\n{this.GetType().Name}");
using var tempDir = new TemporaryDirectory(Path.Join(FileUtils.GetTemporaryWorkingDirectory(out _), "source-generator"), "source generator temporary", logger);
var analyzerConfigPath = Path.Combine(tempDir.DirInfo.FullName, $"{name}.txt");

4
csharp/extractor/Semmle.Extraction.Tests/DotNet.cs
View File

@@ -123,7 +123,7 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config"));
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config"));
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
@@ -141,7 +141,7 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config", true));
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config", true));
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();

24
csharp/ql/consistency-queries/DataFlowConsistency.ql
View File

@@ -34,30 +34,18 @@ private module Input implements InputSig<Location, CsharpDataFlow> {
n instanceof FlowSummaryNode
or
n.asExpr().(ObjectCreation).hasInitializer()
or
exists(
n.(PostUpdateNode).getPreUpdateNode().asExprAtNode(LocalFlow::getPostUpdateReverseStep(_))
)
}
predicate argHasPostUpdateExclude(ArgumentNode n) {
n instanceof FlowSummaryNode
or
not exists(LocalFlow::getAPostUpdateNodeForArg(n.getControlFlowNode()))
or
n instanceof ParamsArgumentNode
}
predicate postHasUniquePreExclude(PostUpdateNode n) {
exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg |
e = LocalFlow::getAPostUpdateNodeForArg(arg) and
e != arg and
n = TExprPostUpdateNode(e)
)
}
predicate uniquePostUpdateExclude(Node n) {
exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg |
e = LocalFlow::getAPostUpdateNodeForArg(arg) and
e != arg and
n.asExpr() = arg.getExpr()
)
or
n.asExpr() = any(Expr e | not exprMayHavePostUpdateNode(e))
}
predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() }

4
csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

18
csharp/ql/integration-tests/all-platforms/blazor/XSS.expected Normal file
View File

@@ -0,0 +1,18 @@
#select
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck<T>; (T); ; Argument[0]; ReturnValue; value; manual |
nodes
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

4
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

18
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected Normal file
View File

@@ -0,0 +1,18 @@
#select
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck<T>; (T); ; Argument[0]; ReturnValue; value; manual |
nodes
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

4
csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

8
csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected Normal file
View File

@@ -0,0 +1,8 @@
#select
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
nodes
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

1
csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected
View File

@@ -1,6 +1,7 @@
| All Nuget feeds reachable | 1.0 |
| Failed project restore with package source error | 0.0 |
| Failed solution restore with package source error | 0.0 |
| Inherited Nuget feed count | 1.0 |
| NuGet feed responsiveness checked | 1.0 |
| Project files on filesystem | 1.0 |
| Reachable fallback Nuget feed count | 1.0 |

1
csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected
View File

@@ -1,6 +1,7 @@
| All Nuget feeds reachable | 1.0 |
| Failed project restore with package source error | 0.0 |
| Failed solution restore with package source error | 0.0 |
| Inherited Nuget feed count | 1.0 |
| NuGet feed responsiveness checked | 1.0 |
| Project files on filesystem | 1.0 |
| Reachable fallback Nuget feed count | 1.0 |

4
csharp/ql/lib/change-notes/2025-03-26-blazor-parameter-passing.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Modeled parameter passing between Blazor parent and child components.

4
csharp/ql/lib/change-notes/2025-03-27-update-system.uri-model.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The models for `System.Uri` have been modified to better model the flow of tainted URIs.

14
csharp/ql/lib/ext/System.model.yml
View File

@@ -778,9 +778,23 @@ extensions:
- ["System", "TupleExtensions", False, "Deconstruct<T1,T2>", "(System.Tuple<T1,T2>,T1,T2)", "", "Argument[0].Property[System.Tuple`2.Item2]", "Argument[2]", "value", "manual"]
- ["System", "TupleExtensions", False, "Deconstruct<T1>", "(System.Tuple<T1>,T1)", "", "Argument[0].Property[System.Tuple`1.Item1]", "Argument[1]", "value", "manual"]
- ["System", "Uri", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.String,System.UriKind)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.String,System.UriCreationOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System", "Uri", False, "get_AbsoluteUri", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_DnsSafeHost", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_LocalPath", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

111
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -506,7 +506,7 @@ module SsaFlow {
result.(Impl::ExprPostUpdateNode).getExpr() =
n.(PostUpdateNode).getPreUpdateNode().(ExprNode).getControlFlowNode()
or
result.(Impl::ParameterNode).getParameter() = n.(ExplicitParameterNode).getSsaDefinition()
result.(Impl::WriteDefSourceNode).getDefinition() = n.(ExplicitParameterNode).getSsaDefinition()
}
predicate localFlowStep(Ssa::SourceVariable v, Node nodeFrom, Node nodeTo, boolean isUseStep) {
@@ -691,19 +691,22 @@ module LocalFlow {
)
}
/** Gets a node for which to construct a post-update node for argument `arg`. */
ControlFlow::Nodes::ExprNode getAPostUpdateNodeForArg(ControlFlow::Nodes::ExprNode arg) {
arg.getExpr() instanceof Argument and
result = getALastEvalNode*(arg) and
exists(Expr e, Type t | result.getExpr() = e and t = e.stripCasts().getType() |
t instanceof RefType and
not t instanceof NullType
or
t = any(TypeParameter tp | not tp.isValueType())
or
t.isRefLikeType()
) and
not exists(getALastEvalNode(result))
/**
* Holds if a reverse local flow step should be added from the post-update node
* for `e` to the post-update node for the result.
*
* This is needed to allow for side-effects on compound expressions to propagate
* to sub components. For example, in
*
* ```csharp
* m(b ? x : y)
* ```
*
* we add a reverse flow step from `[post] b ? x : y` to `[post] x` and to
* `[post] y`, in order for the side-effect of `m` to reach both `x` and `y`.
*/
ControlFlow::Nodes::ExprNode getPostUpdateReverseStep(ControlFlow::Nodes::ExprNode e) {
result = getALastEvalNode(e)
}
/**
@@ -763,6 +766,13 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) {
VariableCapture::valueStep(nodeFrom, nodeTo)
or
nodeTo = nodeFrom.(LocalFunctionCreationNode).getAnAccess(true)
or
nodeTo.(PostUpdateNode).getPreUpdateNode().(ExprNode).getControlFlowNode() =
LocalFlow::getPostUpdateReverseStep(nodeFrom
.(PostUpdateNode)
.getPreUpdateNode()
.(ExprNode)
.getControlFlowNode())
) and
model = ""
or
@@ -1061,6 +1071,20 @@ private class FieldOrPropertyUsedInSource extends FieldOrProperty {
}
}
/**
* Hold if `e` has a type that allows for it to have a post-update node.
*/
predicate exprMayHavePostUpdateNode(Expr e) {
exists(Type t | t = e.stripCasts().getType() |
t instanceof RefType and
not t instanceof NullType
or
t = any(TypeParameter tp | not tp.isValueType())
or
t.isRefLikeType()
)
}
/** A collection of cached types and predicates to be evaluated in the same stage. */
cached
private module Cached {
@@ -1106,7 +1130,15 @@ private module Cached {
cfn.getAstNode().(ObjectCreation).hasInitializer()
} or
TExprPostUpdateNode(ControlFlow::Nodes::ExprNode cfn) {
cfn = LocalFlow::getAPostUpdateNodeForArg(_)
(
cfn.getExpr() instanceof Argument
or
cfn =
LocalFlow::getPostUpdateReverseStep(any(ControlFlow::Nodes::ExprNode e |
exists(any(SourcePostUpdateNode p).getPreUpdateNode().asExprAtNode(e))
))
) and
exprMayHavePostUpdateNode(cfn.getExpr())
or
exists(Expr e | e = cfn.getExpr() |
fieldOrPropertyStore(_, _, _, e, true)
@@ -2722,17 +2754,23 @@ abstract class PostUpdateNode extends Node {
}
module PostUpdateNodes {
class ObjectCreationNode extends PostUpdateNode, ExprNode, TExprNode {
abstract class SourcePostUpdateNode extends PostUpdateNode {
abstract Node getPreUpdateSourceNode();
final override Node getPreUpdateNode() { result = this.getPreUpdateSourceNode() }
}
class ObjectCreationNode extends SourcePostUpdateNode, ExprNode, TExprNode {
private ObjectCreation oc;
ObjectCreationNode() { this = TExprNode(oc.getAControlFlowNode()) }
override Node getPreUpdateNode() {
override Node getPreUpdateSourceNode() {
exists(ControlFlow::Nodes::ElementNode cfn | this = TExprNode(cfn) |
result.(ObjectInitializerNode).getControlFlowNode() = cfn
result = TObjectInitializerNode(cfn)
or
not oc.hasInitializer() and
result.(MallocNode).getControlFlowNode() = cfn
result = TMallocNode(cfn)
)
}
}
@@ -2744,7 +2782,7 @@ module PostUpdateNodes {
* Such a node acts as both a post-update node for the `MallocNode`, as well as
* a pre-update node for the `ObjectCreationNode`.
*/
class ObjectInitializerNode extends PostUpdateNode, NodeImpl, ArgumentNodeImpl,
class ObjectInitializerNode extends SourcePostUpdateNode, NodeImpl, ArgumentNodeImpl,
TObjectInitializerNode
{
private ObjectCreation oc;
@@ -2758,7 +2796,7 @@ module PostUpdateNodes {
/** Gets the initializer to which this initializer node belongs. */
ObjectOrCollectionInitializer getInitializer() { result = oc.getInitializer() }
override MallocNode getPreUpdateNode() { result.getControlFlowNode() = cfn }
override MallocNode getPreUpdateSourceNode() { result = TMallocNode(cfn) }
override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
pos.isQualifier() and
@@ -2781,23 +2819,12 @@ module PostUpdateNodes {
override string toStringImpl() { result = "[pre-initializer] " + cfn }
}
class ExprPostUpdateNode extends PostUpdateNode, NodeImpl, TExprPostUpdateNode {
class ExprPostUpdateNode extends SourcePostUpdateNode, NodeImpl, TExprPostUpdateNode {
private ControlFlow::Nodes::ElementNode cfn;
ExprPostUpdateNode() { this = TExprPostUpdateNode(cfn) }
override ExprNode getPreUpdateNode() {
// For compound arguments, such as `m(b ? x : y)`, we want the leaf nodes
// `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument,
// `if b then x else y`; and the (2) the underlying expressions; `x` and `y`,
// respectively.
//
// This ensures that we get flow out of the call into both leafs (1), while still
// maintaining the invariant that the underlying expression is a pre-update node (2).
cfn = LocalFlow::getAPostUpdateNodeForArg(result.getControlFlowNode())
or
cfn = result.getControlFlowNode()
}
override ExprNode getPreUpdateSourceNode() { result = TExprNode(cfn) }
override DataFlowCallable getEnclosingCallableImpl() {
result.getAControlFlowNode() = cfn
@@ -2825,41 +2852,41 @@ module PostUpdateNodes {
override Node getPreUpdateNode() { result.(FlowSummaryNode).getSummaryNode() = preUpdateNode }
}
private class InstanceParameterAccessPostUpdateNode extends PostUpdateNode,
private class InstanceParameterAccessPostUpdateNode extends SourcePostUpdateNode,
InstanceParameterAccessNode
{
InstanceParameterAccessPostUpdateNode() { isPostUpdate = true }
override InstanceParameterAccessPreNode getPreUpdateNode() {
override InstanceParameterAccessPreNode getPreUpdateSourceNode() {
result = TInstanceParameterAccessNode(cfn, false)
}
override string toStringImpl() { result = "[post] this" }
}
private class PrimaryConstructorThisAccessPostUpdateNode extends PostUpdateNode,
private class PrimaryConstructorThisAccessPostUpdateNode extends SourcePostUpdateNode,
PrimaryConstructorThisAccessNode
{
PrimaryConstructorThisAccessPostUpdateNode() { isPostUpdate = true }
override PrimaryConstructorThisAccessPreNode getPreUpdateNode() {
override PrimaryConstructorThisAccessPreNode getPreUpdateSourceNode() {
result = TPrimaryConstructorThisAccessNode(p, false, callable)
}
override string toStringImpl() { result = "[post] this" }
}
class LocalFunctionCreationPostUpdateNode extends LocalFunctionCreationNode, PostUpdateNode {
class LocalFunctionCreationPostUpdateNode extends LocalFunctionCreationNode, SourcePostUpdateNode {
LocalFunctionCreationPostUpdateNode() { isPostUpdate = true }
override LocalFunctionCreationPreNode getPreUpdateNode() {
override LocalFunctionCreationPreNode getPreUpdateSourceNode() {
result = TLocalFunctionCreationNode(cfn, false)
}
override string toStringImpl() { result = "[post] " + cfn }
}
private class CapturePostUpdateNode extends PostUpdateNode, CaptureNode {
private class CapturePostUpdateNode extends SourcePostUpdateNode, CaptureNode {
private CaptureNode pre;
CapturePostUpdateNode() {
@@ -2867,7 +2894,7 @@ module PostUpdateNodes {
pre.getSynthesizedCaptureNode())
}
override CaptureNode getPreUpdateNode() { result = pre }
override CaptureNode getPreUpdateSourceNode() { result = pre }
override string toStringImpl() { result = "[post] " + cn }
}

10
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
View File

@@ -147,6 +147,16 @@ predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) }
pragma[inline]
predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) }
/**
* A module importing the modules that provide non local jump node declarations,
* ensuring that they are visible to the taint tracking / data flow library.
*/
private module JumpNodes {
private import semmle.code.csharp.frameworks.microsoft.aspnetcore.Components
private import semmle.code.csharp.frameworks.Razor
private import semmle.code.csharp.frameworks.NHibernate
}
/**
* A data flow node that jumps between callables. This can be extended in
* framework code to add additional data flow steps.

12
csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
View File

@@ -1023,16 +1023,12 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
Expr getARead(Definition def) { exists(getAReadAtNode(def, result)) }
predicate ssaDefAssigns(WriteDefinition def, Expr value) {
predicate ssaDefHasSource(WriteDefinition def) {
// exclude flow directly from RHS to SSA definition, as we instead want to
// go from RHS to matching assingnable definition, and from there to SSA definition
none()
// go from RHS to matching assignable definition, and from there to SSA definition
def instanceof Ssa::ImplicitParameterDefinition
}
class Parameter = Ssa::ImplicitParameterDefinition;
predicate ssaDefInitializesParam(WriteDefinition def, Parameter p) { def = p }
/**
* Allows for flow into uncertain defintions that are not call definitions,
* as we, conservatively, consider such definitions to be certain.
@@ -1062,7 +1058,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
}
/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
predicate guardControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {
predicate guardDirectlyControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {
exists(ConditionBlock conditionBlock, ControlFlow::SuccessorTypes::ConditionalSuccessor s |
guard.getAControlFlowNode() = conditionBlock.getLastNode() and
s.getValue() = branch and

51
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll
View File

@@ -112,6 +112,16 @@ class MicrosoftAspNetCoreComponentsComponent extends Class {
}
}
/**
* The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` method.
*/
private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends Method {
MicrosoftAspNetCoreComponentsAddComponentParameterMethod() {
this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder",
"AddComponentParameter")
}
}
private module Sources {
private import semmle.code.csharp.security.dataflow.flowsources.Remote
@@ -133,3 +143,44 @@ private module Sources {
override string getSourceType() { result = "ASP.NET Core component route parameter" }
}
}
private module JumpNodes {
/**
* A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which
* sets the value of a parameter.
*/
private class ParameterPassingCall extends Call {
ParameterPassingCall() {
this.getTarget() instanceof MicrosoftAspNetCoreComponentsAddComponentParameterMethod
}
/**
* Gets the property whose value is being set.
*/
Property getParameterProperty() {
result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and
exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess())
}
/**
* Gets the value being set.
*/
Expr getParameterValue() { result = this.getArgument(2) }
}
private class ComponentParameterJump extends DataFlow::NonLocalJumpNode {
Property prop;
ComponentParameterJump() {
exists(ParameterPassingCall call |
prop = call.getParameterProperty() and
this.asExpr() = call.getParameterValue()
)
}
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {
preservesValue = true and
result.asExpr() = prop.getAnAccess()
}
}
}

0
csharp/ql/src/codeql-suites/csharp-ccr.qls → csharp/ql/src/codeql-suites/csharp-code-quality.qls
View File

4
csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -233,6 +233,10 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CsharpDat
result = ParamReturnNodeAsOutput<parameterContentAccess/1>::paramReturnNodeAsOutput(c, pos)
}
ParameterPosition getReturnKindParamPosition(ReturnKind kind) {
kind.(OutRefReturnKind).getPosition() = result.getPosition()
}
Callable returnNodeEnclosingCallable(DataFlow::Node ret) {
result = DataFlowImplCommon::getNodeEnclosingCallable(ret).asCallable(_)
}

18
csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected
View File

@@ -252,7 +252,7 @@
| CSharp7.cs:233:28:233:29 | access to local variable i1 | CSharp7.cs:235:38:235:39 | access to local variable i1 |
| CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [false] ... && ... |
| CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [true] ... && ... |
| CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
| CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:235:33:235:36 | "int " | CSharp7.cs:235:31:235:41 | $"..." |
| CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:31:235:41 | $"..." |
| CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:237:23:237:31 | String s1 |
@@ -260,18 +260,17 @@
| CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:241:18:241:18 | access to local variable o |
| CSharp7.cs:237:23:237:31 | SSA def(s1) | CSharp7.cs:239:41:239:42 | access to local variable s1 |
| CSharp7.cs:237:23:237:31 | String s1 | CSharp7.cs:237:23:237:31 | SSA def(s1) |
| CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
| CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:239:33:239:39 | "string " | CSharp7.cs:239:31:239:44 | $"..." |
| CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:31:239:44 | $"..." |
| CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) |
| CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:244:18:244:18 | access to local variable o |
| CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
| CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) |
| CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:244:23:244:28 | Object v1 |
| CSharp7.cs:244:18:244:18 | access to local variable o | CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) |
| CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
| CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) |
| CSharp7.cs:248:9:274:9 | SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:244:18:244:28 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:245:9:246:9 | [input] SSA phi read(o) | CSharp7.cs:248:17:248:17 | access to local variable o |
| CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:254:27:254:27 | access to local variable o |
| CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:257:18:257:23 | Int32 i2 |
| CSharp7.cs:248:17:248:17 | access to local variable o | CSharp7.cs:260:18:260:23 | Int32 i3 |
@@ -312,10 +311,8 @@
| CSharp7.cs:285:39:285:42 | access to local variable list | CSharp7.cs:287:36:287:39 | access to local variable list |
| CSharp7.cs:287:36:287:39 | access to local variable list | CSharp7.cs:289:32:289:35 | access to local variable list |
| CSharp7.cs:297:18:297:18 | access to local variable x | CSharp7.cs:297:18:297:22 | SSA def(x) |
| CSharp7.cs:297:18:297:22 | SSA def(x) | CSharp7.cs:297:18:297:22 | [input] SSA phi(x) |
| CSharp7.cs:297:18:297:22 | [input] SSA phi(x) | CSharp7.cs:297:25:297:25 | SSA phi(x) |
| CSharp7.cs:297:18:297:22 | SSA def(x) | CSharp7.cs:297:25:297:25 | access to local variable x |
| CSharp7.cs:297:22:297:22 | 0 | CSharp7.cs:297:18:297:18 | access to local variable x |
| CSharp7.cs:297:25:297:25 | SSA phi(x) | CSharp7.cs:297:25:297:25 | access to local variable x |
| CSharp7.cs:297:25:297:25 | access to local variable x | CSharp7.cs:297:25:297:30 | ... < ... |
| CSharp7.cs:297:25:297:25 | access to local variable x | CSharp7.cs:297:35:297:35 | access to local variable x |
| CSharp7.cs:297:25:297:30 | ... < ... | CSharp7.cs:297:25:297:44 | [false] ... && ... |
@@ -326,6 +323,5 @@
| CSharp7.cs:297:35:297:44 | [true] ... is ... | CSharp7.cs:297:25:297:44 | [true] ... && ... |
| CSharp7.cs:297:40:297:44 | Int32 y | CSharp7.cs:297:40:297:44 | SSA def(y) |
| CSharp7.cs:297:40:297:44 | SSA def(y) | CSharp7.cs:299:31:299:31 | access to local variable y |
| CSharp7.cs:297:47:297:49 | SSA def(x) | CSharp7.cs:297:47:297:49 | [input] SSA phi(x) |
| CSharp7.cs:297:47:297:49 | [input] SSA phi(x) | CSharp7.cs:297:25:297:25 | SSA phi(x) |
| CSharp7.cs:297:47:297:49 | SSA def(x) | CSharp7.cs:297:25:297:25 | access to local variable x |
| CSharp7.cs:297:49:297:49 | access to local variable x | CSharp7.cs:297:47:297:49 | SSA def(x) |

70
csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
View File

@@ -421,46 +421,40 @@ edges
| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | |
| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | provenance | |
| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | provenance | |
| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | provenance | |
| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | provenance | |
| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | provenance | |
| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | provenance | |
| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | |
| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | provenance | |
| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | provenance | |
| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | provenance | |
| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | provenance | |
| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | provenance | |
| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | provenance | |
| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | provenance | |
| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | provenance | |
| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | provenance | |
@@ -880,43 +874,37 @@ nodes
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | semmle.label | sc [Return] : SimpleClass [field field] : String |
| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String |
| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String |
| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | semmle.label | [post] (...) ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | semmle.label | [post] ... ?? ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | semmle.label | [post] ... switch { ... } : SimpleClass [field field] : String |
| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String |
| GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | semmle.label | [post] ...! : SimpleClass [field field] : String |
| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | semmle.label | [post] ... = ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String |

70
csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
View File

@@ -461,46 +461,40 @@ edges
| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | |
| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | provenance | |
| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | provenance | |
| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | provenance | |
| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | provenance | |
| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | provenance | |
| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | provenance | |
| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | |
| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | provenance | |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | provenance | |
| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | provenance | |
| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | provenance | |
| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | provenance | |
| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | provenance | |
| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | provenance | |
| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | provenance | |
| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | provenance | |
| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | provenance | |
| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | provenance | |
@@ -983,43 +977,37 @@ nodes
| GlobalDataFlow.cs:481:41:481:42 | sc [Return] : SimpleClass [field field] : String | semmle.label | sc [Return] : SimpleClass [field field] : String |
| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String |
| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:490:20:490:31 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:497:20:497:43 | [post] ... ? ... : ... : SimpleClass [field field] : String | semmle.label | [post] ... ? ... : ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String |
| GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String |
| GlobalDataFlow.cs:508:20:508:33 | [post] (...) ... : SimpleClass [field field] : String | semmle.label | [post] (...) ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:515:20:515:25 | [post] ... ?? ... : SimpleClass [field field] : String | semmle.label | [post] ... ?? ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String |
| GlobalDataFlow.cs:525:20:530:9 | [post] ... switch { ... } : SimpleClass [field field] : String | semmle.label | [post] ... switch { ... } : SimpleClass [field field] : String |
| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String |
| GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String |
| GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:538:20:538:22 | [post] ...! : SimpleClass [field field] : String | semmle.label | [post] ...! : SimpleClass [field field] : String |
| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String |
| GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:546:20:546:24 | [post] ... = ... : SimpleClass [field field] : String | semmle.label | [post] ... = ... : SimpleClass [field field] : String |
| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String |
| GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field |
| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String |

24
csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
View File

@@ -23466,29 +23466,33 @@ summary
| System;Uri;ToString;();Argument[this];ReturnValue;taint;manual |
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated |
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated |
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual |
| System;Uri;TryEscapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
| System;Uri;TryUnescapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
| System;Uri;UnescapeDataString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;dfc-generated |
| System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated |
| System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated |
| System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated |
| System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated |
| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |

24
csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
View File

@@ -18122,29 +18122,33 @@
| System;Uri;MakeRelativeUri;(System.Uri);Argument[0];ReturnValue;taint;df-generated |
| System;Uri;ToString;();Argument[this];ReturnValue;taint;manual |
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated |
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual |
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual |
| System;Uri;TryEscapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
| System;Uri;TryUnescapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
| System;Uri;UnescapeDataString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;dfc-generated |
| System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated |
| System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual |
| System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated |
| System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated |
| System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated |
| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated |
| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual |
| System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |

736
csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

File diff suppressed because it is too large Load Diff

736
csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected
View File

File diff suppressed because it is too large Load Diff

22
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs Normal file
View File

@@ -0,0 +1,22 @@
namespace VulnerableBlazorApp.Components
{
using Microsoft.AspNetCore.Components;
public partial class Name : Microsoft.AspNetCore.Components.ComponentBase
{
protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder)
{
if (TheName is not null)
{
builder.OpenElement(0, "div");
builder.OpenElement(1, "p");
builder.AddContent(2, (MarkupString)TheName);
builder.CloseElement();
builder.CloseElement();
}
}
[Parameter]
public string TheName { get; set; }
}
}

50
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs Normal file
View File

@@ -0,0 +1,50 @@
namespace VulnerableBlazorApp.Components
{
using System.Collections.Generic;
using Microsoft.AspNetCore.Components;
[RouteAttribute("/names/{name?}")]
public partial class NameList : Microsoft.AspNetCore.Components.ComponentBase
{
protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder)
{
if (Names is not null)
{
builder.OpenElement(0, "div");
builder.OpenElement(1, "ul");
foreach (var name in Names)
{
builder.OpenElement(2, "li");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(3);
builder.AddComponentParameter(4, nameof(VulnerableBlazorApp.Components.Name.TheName), name);
builder.CloseComponent();
builder.CloseElement();
}
builder.CloseElement();
builder.CloseElement();
}
builder.OpenElement(5, "div");
builder.OpenElement(6, "p");
builder.AddContent(7, "Name: ");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(8);
builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name);
builder.CloseComponent();
builder.CloseElement();
}
[Parameter]
public string Name { get; set; }
protected override void OnParametersSet()
{
if (Name is not null)
{
Names.Add(Name);
}
}
public List<string> Names { get; set; } = new List<string>();
}
}

12
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected Normal file
View File

@@ -0,0 +1,12 @@
edges
| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
nodes
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam |
| Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName |
| NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String |
subpaths
#select
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value |
| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value |

1
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref Normal file
View File

@@ -0,0 +1 @@
Security Features/CWE-079/XSS.ql

3
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected
View File

@@ -2,3 +2,6 @@
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter |
| Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external |
| NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter |

37
csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs
View File

@@ -1034,3 +1034,40 @@ public class AvoidDuplicateLifted
}
}
}
public class ParameterModifiers
{
// contentbased-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated
// summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
public void Copy(object key, out object value)
{
value = key;
}
// contentbased-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated
// summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
public void CopyToRef(object key, ref object value)
{
value = key;
}
// No summaries as we disregard flow from a parameter to itself.
// neutral=Models;ParameterModifiers;RefParamFlowToSelf;(System.Object,System.Boolean);summary;df-generated
public void RefParamFlowToSelf(ref object value, bool b)
{
value = b ? value : null;
}
// neutral=Models;ParameterModifiers;RefParamUse;(System.Object);summary;df-generated
public void RefParamUse(ref object value)
{
var b = value is null;
}
// contentbased-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;value;dfc-generated
// summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated
public object InReturn(in object v)
{
return v;
}
}

48
docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
View File

@@ -349,6 +349,48 @@ Note that this flow is already recognized by the CodeQL JS analysis, but for thi
- The last column, **value**, indicates the kind of flow to add. The value **value** means the input value is unchanged as
it flows to the output.
Example: Modeling properties injected by a middleware function
--------------------------------------------------------------
In this example, we'll show how to model a hypothetical middleware function that adds a tainted value
on the incoming request objects:
.. code-block:: js
const express = require('express')
const app = express()
app.use(require('@example/middleware').injectData())
app.get('/foo', (req, res) => {
req.data; // <-- mark 'req.data' as a taint source
});
This can be achieved with the following data extension:
.. code-block:: yaml
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- [
"@example/middleware",
"Member[injectData].ReturnValue.GuardedRouteHandler.Parameter[0].Member[data]",
"remote",
]
- Since we're adding a new taint source, we add a tuple to the **sourceModel** extensible predicate.
- The first column, **"@example/middleware"**, begins the search at imports of the hypothetical NPM package **@example/middleware**.
- **Member[injectData]** selects accesses to the **injectData** member.
- **ReturnValue** selects the return value of the call to **injectData**.
- **GuardedRouteHandler** interprets the current value as a middleware function and selects all route handlers guarded by that middleware. Since the current value is passd to **app.use()**, the callback subsequently passed to **app.get()** is seen as a guarded route handler.
- **Parameter[0]** selects the first parameter of the callback (the parameter named **req**).
- **Member[data]** selects accesses to the **data** property of the **req** object.
- Finally, the kind **remote** indicates that this is considered a source of remote flow.
Reference material
------------------
@@ -494,6 +536,12 @@ Components related to decorators:
- **DecoratedParameter** selects a parameter that is decorated by the current value.
- **DecoratedMember** selects a method, field, or accessor that is decorated by the current value.
Additionally there is a component related to middleware functions:
- **GuardedRouteHandler** interprets the current value as a middleware function, and selects any route handler function that comes after it in the routing hierarchy.
This can be used to model properties injected onto request and response objects, such as **req.db** after a middleware that injects a database connection.
Note that this currently over-approximates the set of route handlers but may be made more accurate in the future.
Additional notes about the syntax of operands:
- Multiple operands may be given to a single component, as a shorthand for the union of the operands. For example, **Member[foo,bar]** matches the union of **Member[foo]** and **Member[bar]**.

6
go/documentation/library-coverage/coverage.csv
View File

@@ -21,7 +21,7 @@ errors,,,3,,,,,,,,,,,,,,,,,,,,,,,3,
expvar,,,6,,,,,,,,,,,,,,,,,,,,,,,6,
fmt,3,,16,,,,3,,,,,,,,,,,,,,,,,,,16,
github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,,,3,,,,,,,,
github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
github.com/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
github.com/Sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,
github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
@@ -77,7 +77,7 @@ github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,,
github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,,,,,,
github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,,,,,,6,,,,,
github.com/labstack/echo,3,12,2,,,,,,2,,,,,,,1,,,,,,,,12,,2,
github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
github.com/lann/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,,,3,,,,,,,,
github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
@@ -106,7 +106,7 @@ google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,,,,,,2,
google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,,,,,,8,
google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
gopkg.in/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
gopkg.in/couchbase/gocb,8,22,48,,,,,8,,,,,,,,,,,,,22,,,,,48,
gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
1 package sink source summary sink:command-injection sink:credentials-key sink:jwt sink:log-injection sink:nosql-injection sink:path-injection sink:regex-use[0] sink:regex-use[1] sink:regex-use[c] sink:request-forgery sink:request-forgery[TCP Addr + Port] sink:sql-injection sink:url-redirection sink:url-redirection[0] sink:url-redirection[receiver] sink:xpath-injection source:commandargs source:database source:environment source:file source:remote source:stdin summary:taint summary:value
21 expvar 6 6
22 fmt 3 16 3 16
23 github.com/ChrisTrenkamp/goxpath 3 3
24 github.com/Masterminds/squirrel 32 27 32 27
25 github.com/Sirupsen/logrus 145 145
26 github.com/antchfx/htmlquery 4 4
27 github.com/antchfx/jsonquery 4 4
77 github.com/kataras/jwt 5 5
78 github.com/kelseyhightower/envconfig 6 6
79 github.com/labstack/echo 3 12 2 2 1 12 2
80 github.com/lann/squirrel 32 27 32 27
81 github.com/lestrrat-go/jwx 2 2
82 github.com/lestrrat-go/libxml2/parser 3 3
83 github.com/lestrrat/go-jwx/jwk 1 1
106 google.golang.org/protobuf/internal/impl 2 2
107 google.golang.org/protobuf/proto 8 8
108 google.golang.org/protobuf/reflect/protoreflect 1 1
109 gopkg.in/Masterminds/squirrel 32 27 32 27
110 gopkg.in/couchbase/gocb 8 22 48 8 22 48
111 gopkg.in/glog 90 90
112 gopkg.in/go-jose/go-jose 3 4 2 1 4

4
go/documentation/library-coverage/coverage.rst
View File

@@ -31,7 +31,7 @@ Go framework & library support
`MongoDB Go Driver <https://www.mongodb.com/docs/drivers/go/current/>`_,``go.mongodb.org/mongo-driver*``,11,5,14
`Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
`SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
`Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",,,96
`Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",81,,96
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``, ``weak``",52,609,104
`XORM <https://xorm.io>`_,"``github.com/go-xorm/xorm*``, ``xorm.io/xorm*``",,,68
`XPath <https://github.com/antchfx/xpath>`_,``github.com/antchfx/xpath*``,,,4
@@ -74,5 +74,5 @@ Go framework & library support
`yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
Others,``github.com/kanikanema/gorqlite``,8,2,24
Totals,,560,1048,1556
Totals,,641,1048,1556

5
go/ql/lib/change-notes/2025-03-02-squirrel-source-models.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* Added `database` source models for the `github.com/Masterminds/squirrel` ORM package.

33
go/ql/lib/ext/github.com.mastermind.squirrel.model.yml → go/ql/lib/ext/github.com.masterminds.squirrel.model.yml
View File

@@ -6,6 +6,37 @@ extensions:
- ["squirrel", "github.com/Masterminds/squirrel"]
- ["squirrel", "gopkg.in/Masterminds/squirrel"]
- ["squirrel", "github.com/lann/squirrel"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:squirrel", "", True, "QueryContextWith", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "", True, "QueryRowContextWith", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "", True, "QueryRowWith", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "", True, "QueryWith", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "InsertBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "InsertBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "InsertBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "InsertBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "QueryRower", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "QueryRowerContext", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "Queryer", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "QueryerContext", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "SelectBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "SelectBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "SelectBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "SelectBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "StdSql", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "StdSql", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "StdSqlCtx", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "StdSqlCtx", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
@@ -49,3 +80,5 @@ extensions:
- ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
# UpdateBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used
# There are summary models for Row.Scan, RowScanner.Scan, {Insert,Delete,Select,Update}Builder.Scan and {Insert,Delete,Select,Update}Builder.ScanContext modeled in QL

1
go/ql/lib/go.qll
View File

@@ -57,6 +57,7 @@ import semmle.go.frameworks.Protobuf
import semmle.go.frameworks.Revel
import semmle.go.frameworks.Spew
import semmle.go.frameworks.SQL
import semmle.go.frameworks.Squirrel
import semmle.go.frameworks.Stdlib
import semmle.go.frameworks.SystemCommandExecutors
import semmle.go.frameworks.Testing

85
go/ql/lib/semmle/go/frameworks/Squirrel.qll Normal file
View File

@@ -0,0 +1,85 @@
/**
* Provides classes modeling security-relevant aspects of the `squirrel` ORM package.
*/
import go
/**
* Provides classes modeling security-relevant aspects of the `squirrel` ORM package.
*/
module Squirrel {
private string packagePath() {
result =
package([
"github.com/Masterminds/squirrel",
"github.com/lann/squirrel",
"gopkg.in/Masterminds/squirrel",
], "")
}
private class RowScan extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
RowScan() {
// signature: func (r *Row) Scan(dest ...interface{}) error
this.hasQualifiedName(packagePath(), "Row", "Scan") and
inp.isReceiver() and
outp.isParameter(_)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class RowScannerScan extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
RowScannerScan() {
// signature: func (rs *RowScanner) Scan(dest ...interface{}) error
this.hasQualifiedName(packagePath(), "RowScanner", "Scan") and
inp.isReceiver() and
outp.isParameter(_)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class BuilderScan extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
BuilderScan() {
// signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error
this.hasQualifiedName(packagePath(),
["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and
inp.isReceiver() and
outp.isParameter(_)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class BuilderScanContext extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
BuilderScanContext() {
// signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error
this.hasQualifiedName(packagePath(),
["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and
inp.isReceiver() and
exists(int i | i > 0 | outp.isParameter(i))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

0
go/ql/src/codeql-suites/go-ccr.qls → go/ql/src/codeql-suites/go-code-quality.qls
View File

2
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod
View File

@@ -8,9 +8,11 @@ require (
github.com/couchbase/gocb v1.6.7
github.com/couchbase/gocb/v2 v2.9.4
github.com/jmoiron/sqlx v1.4.0
github.com/Masterminds/squirrel v1.5.4
github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a
go.mongodb.org/mongo-driver v1.17.3
gorm.io/gorm v1.25.12
github.com/nonexistent/sources v0.0.0-20250300000000-000000000000
)
require (

7
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml
View File

@@ -3,4 +3,9 @@ extensions:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["database", true, 0]
- ["database", true, 0]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"]

6
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml
View File

@@ -5,3 +5,9 @@ extensions:
extensible: threatModelConfiguration
data:
- ["database", true, 0]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"]

291
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go Normal file
View File

@@ -0,0 +1,291 @@
package test
//go:generate depstubber -vendor github.com/Masterminds/squirrel DeleteBuilder,InsertBuilder,QueryRower,QueryRowerContext,Queryer,QueryerContext,SelectBuilder,StdSql,StdSqlCtx,UpdateBuilder QueryContextWith,QueryRowContextWith,QueryRowWith,QueryWith
import (
"context"
"github.com/Masterminds/squirrel"
src "github.com/nonexistent/sources"
)
func test_Masterminds_squirrel_QueryRower(ctx context.Context, db squirrel.QueryRower, sqlizer squirrel.Sqlizer) {
scanner := db.QueryRow("") // $ source
var r1, r2, r3 string
scanner.Scan(&r1, &r2, &r3)
sink(r1) // $ hasTaintFlow="r1"
sink(r2) // $ hasTaintFlow="r2"
sink(r3) // $ hasTaintFlow="r3"
scanner2 := squirrel.QueryRowWith(db, sqlizer) // $ source
var r4, r5, r6 string
scanner2.Scan(&r4, &r5, &r6)
sink(r4) // $ hasTaintFlow="r4"
sink(r5) // $ hasTaintFlow="r5"
sink(r6) // $ hasTaintFlow="r6"
}
func test_Masterminds_squirrel_QueryRowerContext(ctx context.Context, db squirrel.QueryRowerContext, sqlizer squirrel.Sqlizer) {
scanner := db.QueryRowContext(ctx, "") // $ source
var r1, r2, r3 string
scanner.Scan(&r1, &r2, &r3)
sink(r1) // $ hasTaintFlow="r1"
sink(r2) // $ hasTaintFlow="r2"
sink(r3) // $ hasTaintFlow="r3"
scanner2 := squirrel.QueryRowContextWith(ctx, db, sqlizer) // $ source
var r4, r5, r6 string
scanner2.Scan(&r4, &r5, &r6)
sink(r4) // $ hasTaintFlow="r4"
sink(r5) // $ hasTaintFlow="r5"
sink(r6) // $ hasTaintFlow="r6"
}
func test_Masterminds_squirrel_Queryer(ctx context.Context, db squirrel.Queryer, sqlizer squirrel.Sqlizer) {
v1, err := db.Query("") // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := squirrel.QueryWith(db, sqlizer) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
}
func test_Masterminds_squirrel_QueryerContext(ctx context.Context, db squirrel.QueryerContext, sqlizer squirrel.Sqlizer) {
v1, err := db.QueryContext(ctx, "") // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := squirrel.QueryContextWith(ctx, db, sqlizer) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
}
// StdSqlCtx extends StdSql so we can test both with a StdSqlCtx
func test_Masterminds_squirrel_StdSql_StdSqlCtx(ctx context.Context, std squirrel.StdSqlCtx) {
v1, err := std.Query("") // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := std.QueryContext(ctx, "") // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
s3 := std.QueryRow("") // $ source
if err != nil {
return
}
var r31, r32, r33 string
s3.Scan(&r31, &r32, &r33)
sink(r31) // $ hasTaintFlow="r31"
sink(r32) // $ hasTaintFlow="r32"
sink(r33) // $ hasTaintFlow="r33"
s4 := std.QueryRowContext(ctx, "") // $ source
var r41, r42, r43 string
s4.Scan(&r41, &r42, &r43)
sink(r41) // $ hasTaintFlow="r41"
sink(r42) // $ hasTaintFlow="r42"
sink(r43) // $ hasTaintFlow="r43"
}
func test_Masterminds_squirrel_DeleteBuilder(ctx context.Context, builder squirrel.DeleteBuilder) {
v1, err := builder.Query() // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := builder.QueryContext(ctx) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
s3 := builder.QueryRowContext(ctx) // $ source
var r31, r32, r33 string
s3.Scan(&r31, &r32, &r33)
sink(r31) // $ hasTaintFlow="r31"
sink(r32) // $ hasTaintFlow="r32"
sink(r33) // $ hasTaintFlow="r33"
builder2 := src.Source[squirrel.DeleteBuilder]() // $ source
var r41, r42, r43 string
builder2.ScanContext(ctx, &r41, &r42, &r43)
sink(r41) // $ hasTaintFlow="r41"
sink(r42) // $ hasTaintFlow="r42"
sink(r43) // $ hasTaintFlow="r43"
}
func test_Masterminds_squirrel_InsertBuilder(ctx context.Context, builder squirrel.InsertBuilder) {
v1, err := builder.Query() // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := builder.QueryContext(ctx) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
s3 := builder.QueryRow() // $ source
var r31, r32, r33 string
s3.Scan(&r31, &r32, &r33)
sink(r31) // $ hasTaintFlow="r31"
sink(r32) // $ hasTaintFlow="r32"
sink(r33) // $ hasTaintFlow="r33"
s4 := builder.QueryRowContext(ctx) // $ source
var r41, r42, r43 string
s4.Scan(&r41, &r42, &r43)
sink(r41) // $ hasTaintFlow="r41"
sink(r42) // $ hasTaintFlow="r42"
sink(r43) // $ hasTaintFlow="r43"
builder2 := src.Source[squirrel.InsertBuilder]() // $ source
var r51, r52, r53 string
builder2.Scan(&r51, &r52, &r53)
sink(r51) // $ hasTaintFlow="r51"
sink(r52) // $ hasTaintFlow="r52"
sink(r53) // $ hasTaintFlow="r53"
var r61, r62, r63 string
builder2.ScanContext(ctx, &r61, &r62, &r63)
sink(r61) // $ hasTaintFlow="r61"
sink(r62) // $ hasTaintFlow="r62"
sink(r63) // $ hasTaintFlow="r63"
}
func test_Masterminds_squirrel_SelectBuilder(ctx context.Context, builder squirrel.SelectBuilder) {
v1, err := builder.Query() // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := builder.QueryContext(ctx) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
s3 := builder.QueryRow() // $ source
var r31, r32, r33 string
s3.Scan(&r31, &r32, &r33)
sink(r31) // $ hasTaintFlow="r31"
sink(r32) // $ hasTaintFlow="r32"
sink(r33) // $ hasTaintFlow="r33"
s4 := builder.QueryRowContext(ctx) // $ source
var r41, r42, r43 string
s4.Scan(&r41, &r42, &r43)
sink(r41) // $ hasTaintFlow="r41"
sink(r42) // $ hasTaintFlow="r42"
sink(r43) // $ hasTaintFlow="r43"
builder2 := src.Source[squirrel.SelectBuilder]() // $ source
var r51, r52, r53 string
builder2.Scan(&r51, &r52, &r53)
sink(r51) // $ hasTaintFlow="r51"
sink(r52) // $ hasTaintFlow="r52"
sink(r53) // $ hasTaintFlow="r53"
var r61, r62, r63 string
builder2.ScanContext(ctx, &r61, &r62, &r63)
sink(r61) // $ hasTaintFlow="r61"
sink(r62) // $ hasTaintFlow="r62"
sink(r63) // $ hasTaintFlow="r63"
}
func test_Masterminds_squirrel_UpdateBuilder(ctx context.Context, builder squirrel.UpdateBuilder) {
v1, err := builder.Query() // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := builder.QueryContext(ctx) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
s3 := builder.QueryRow() // $ source
var r31, r32, r33 string
s3.Scan(&r31, &r32, &r33)
sink(r31) // $ hasTaintFlow="r31"
sink(r32) // $ hasTaintFlow="r32"
sink(r33) // $ hasTaintFlow="r33"
s4 := builder.QueryRowContext(ctx) // $ source
var r41, r42, r43 string
s4.Scan(&r41, &r42, &r43)
sink(r41) // $ hasTaintFlow="r41"
sink(r42) // $ hasTaintFlow="r42"
sink(r43) // $ hasTaintFlow="r43"
builder2 := src.Source[squirrel.UpdateBuilder]() // $ source
var r51, r52, r53 string
builder2.Scan(&r51, &r52, &r53)
sink(r51) // $ hasTaintFlow="r51"
sink(r52) // $ hasTaintFlow="r52"
sink(r53) // $ hasTaintFlow="r53"
var r61, r62, r63 string
builder2.ScanContext(ctx, &r61, &r62, &r63)
sink(r61) // $ hasTaintFlow="r61"
sink(r62) // $ hasTaintFlow="r62"
sink(r63) // $ hasTaintFlow="r63"
}

501
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/Masterminds/squirrel/stub.go generated vendored Normal file
View File

@@ -0,0 +1,501 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/Masterminds/squirrel, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/Masterminds/squirrel (exports: DeleteBuilder,InsertBuilder,QueryRower,QueryRowerContext,Queryer,QueryerContext,SelectBuilder,StdSql,StdSqlCtx,UpdateBuilder; functions: QueryContextWith,QueryRowContextWith,QueryRowWith,QueryWith)
// Package squirrel is a stub of github.com/Masterminds/squirrel, generated by depstubber.
package squirrel
import (
context "context"
sql "database/sql"
)
type BaseRunner interface {
Exec(_ string, _ ...interface{}) (sql.Result, error)
Query(_ string, _ ...interface{}) (*sql.Rows, error)
}
type DeleteBuilder struct{}
func (_ DeleteBuilder) Exec() (sql.Result, error) {
return nil, nil
}
func (_ DeleteBuilder) ExecContext(_ context.Context) (sql.Result, error) {
return nil, nil
}
func (_ DeleteBuilder) From(_ string) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) Limit(_ uint64) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) MustSql() (string, []interface{}) {
return "", nil
}
func (_ DeleteBuilder) Offset(_ uint64) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) OrderBy(_ ...string) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) PlaceholderFormat(_ PlaceholderFormat) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) Prefix(_ string, _ ...interface{}) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) PrefixExpr(_ Sqlizer) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) Query() (*sql.Rows, error) {
return nil, nil
}
func (_ DeleteBuilder) QueryContext(_ context.Context) (*sql.Rows, error) {
return nil, nil
}
func (_ DeleteBuilder) QueryRowContext(_ context.Context) RowScanner {
return nil
}
func (_ DeleteBuilder) RunWith(_ BaseRunner) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) ScanContext(_ context.Context, _ ...interface{}) error {
return nil
}
func (_ DeleteBuilder) Suffix(_ string, _ ...interface{}) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) SuffixExpr(_ Sqlizer) DeleteBuilder {
return DeleteBuilder{}
}
func (_ DeleteBuilder) ToSql() (string, []interface{}, error) {
return "", nil, nil
}
func (_ DeleteBuilder) Where(_ interface{}, _ ...interface{}) DeleteBuilder {
return DeleteBuilder{}
}
type InsertBuilder struct{}
func (_ InsertBuilder) Columns(_ ...string) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) Exec() (sql.Result, error) {
return nil, nil
}
func (_ InsertBuilder) ExecContext(_ context.Context) (sql.Result, error) {
return nil, nil
}
func (_ InsertBuilder) Into(_ string) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) MustSql() (string, []interface{}) {
return "", nil
}
func (_ InsertBuilder) Options(_ ...string) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) PlaceholderFormat(_ PlaceholderFormat) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) Prefix(_ string, _ ...interface{}) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) PrefixExpr(_ Sqlizer) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) Query() (*sql.Rows, error) {
return nil, nil
}
func (_ InsertBuilder) QueryContext(_ context.Context) (*sql.Rows, error) {
return nil, nil
}
func (_ InsertBuilder) QueryRow() RowScanner {
return nil
}
func (_ InsertBuilder) QueryRowContext(_ context.Context) RowScanner {
return nil
}
func (_ InsertBuilder) RunWith(_ BaseRunner) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) Scan(_ ...interface{}) error {
return nil
}
func (_ InsertBuilder) ScanContext(_ context.Context, _ ...interface{}) error {
return nil
}
func (_ InsertBuilder) Select(_ SelectBuilder) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) SetMap(_ map[string]interface{}) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) Suffix(_ string, _ ...interface{}) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) SuffixExpr(_ Sqlizer) InsertBuilder {
return InsertBuilder{}
}
func (_ InsertBuilder) ToSql() (string, []interface{}, error) {
return "", nil, nil
}
func (_ InsertBuilder) Values(_ ...interface{}) InsertBuilder {
return InsertBuilder{}
}
type PlaceholderFormat interface {
ReplacePlaceholders(_ string) (string, error)
}
func QueryContextWith(_ context.Context, _ QueryerContext, _ Sqlizer) (*sql.Rows, error) {
return nil, nil
}
func QueryRowContextWith(_ context.Context, _ QueryRowerContext, _ Sqlizer) RowScanner {
return nil
}
func QueryRowWith(_ QueryRower, _ Sqlizer) RowScanner {
return nil
}
type QueryRower interface {
QueryRow(_ string, _ ...interface{}) RowScanner
}
type QueryRowerContext interface {
QueryRowContext(_ context.Context, _ string, _ ...interface{}) RowScanner
}
func QueryWith(_ Queryer, _ Sqlizer) (*sql.Rows, error) {
return nil, nil
}
type Queryer interface {
Query(_ string, _ ...interface{}) (*sql.Rows, error)
}
type QueryerContext interface {
QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
}
type RowScanner interface {
Scan(_ ...interface{}) error
}
type SelectBuilder struct{}
func (_ SelectBuilder) Column(_ interface{}, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Columns(_ ...string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) CrossJoin(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Distinct() SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Exec() (sql.Result, error) {
return nil, nil
}
func (_ SelectBuilder) ExecContext(_ context.Context) (sql.Result, error) {
return nil, nil
}
func (_ SelectBuilder) From(_ string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) FromSelect(_ SelectBuilder, _ string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) GroupBy(_ ...string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Having(_ interface{}, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) InnerJoin(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Join(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) JoinClause(_ interface{}, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) LeftJoin(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Limit(_ uint64) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) MustSql() (string, []interface{}) {
return "", nil
}
func (_ SelectBuilder) Offset(_ uint64) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Options(_ ...string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) OrderBy(_ ...string) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) OrderByClause(_ interface{}, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) PlaceholderFormat(_ PlaceholderFormat) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Prefix(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) PrefixExpr(_ Sqlizer) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Query() (*sql.Rows, error) {
return nil, nil
}
func (_ SelectBuilder) QueryContext(_ context.Context) (*sql.Rows, error) {
return nil, nil
}
func (_ SelectBuilder) QueryRow() RowScanner {
return nil
}
func (_ SelectBuilder) QueryRowContext(_ context.Context) RowScanner {
return nil
}
func (_ SelectBuilder) RemoveColumns() SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) RemoveLimit() SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) RemoveOffset() SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) RightJoin(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) RunWith(_ BaseRunner) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) Scan(_ ...interface{}) error {
return nil
}
func (_ SelectBuilder) ScanContext(_ context.Context, _ ...interface{}) error {
return nil
}
func (_ SelectBuilder) Suffix(_ string, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) SuffixExpr(_ Sqlizer) SelectBuilder {
return SelectBuilder{}
}
func (_ SelectBuilder) ToSql() (string, []interface{}, error) {
return "", nil, nil
}
func (_ SelectBuilder) Where(_ interface{}, _ ...interface{}) SelectBuilder {
return SelectBuilder{}
}
type Sqlizer interface {
ToSql() (string, []interface{}, error)
}
type StdSql interface {
Exec(_ string, _ ...interface{}) (sql.Result, error)
Query(_ string, _ ...interface{}) (*sql.Rows, error)
QueryRow(_ string, _ ...interface{}) *sql.Row
}
type StdSqlCtx interface {
Exec(_ string, _ ...interface{}) (sql.Result, error)
ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error)
Query(_ string, _ ...interface{}) (*sql.Rows, error)
QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
QueryRow(_ string, _ ...interface{}) *sql.Row
QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row
}
type UpdateBuilder struct{}
func (_ UpdateBuilder) Exec() (sql.Result, error) {
return nil, nil
}
func (_ UpdateBuilder) ExecContext(_ context.Context) (sql.Result, error) {
return nil, nil
}
func (_ UpdateBuilder) From(_ string) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) FromSelect(_ SelectBuilder, _ string) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Limit(_ uint64) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) MustSql() (string, []interface{}) {
return "", nil
}
func (_ UpdateBuilder) Offset(_ uint64) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) OrderBy(_ ...string) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) PlaceholderFormat(_ PlaceholderFormat) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Prefix(_ string, _ ...interface{}) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) PrefixExpr(_ Sqlizer) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Query() (*sql.Rows, error) {
return nil, nil
}
func (_ UpdateBuilder) QueryContext(_ context.Context) (*sql.Rows, error) {
return nil, nil
}
func (_ UpdateBuilder) QueryRow() RowScanner {
return nil
}
func (_ UpdateBuilder) QueryRowContext(_ context.Context) RowScanner {
return nil
}
func (_ UpdateBuilder) RunWith(_ BaseRunner) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Scan(_ ...interface{}) error {
return nil
}
func (_ UpdateBuilder) ScanContext(_ context.Context, _ ...interface{}) error {
return nil
}
func (_ UpdateBuilder) Set(_ string, _ interface{}) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) SetMap(_ map[string]interface{}) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Suffix(_ string, _ ...interface{}) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) SuffixExpr(_ Sqlizer) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) Table(_ string) UpdateBuilder {
return UpdateBuilder{}
}
func (_ UpdateBuilder) ToSql() (string, []interface{}, error) {
return "", nil, nil
}
func (_ UpdateBuilder) Where(_ interface{}, _ ...interface{}) UpdateBuilder {
return UpdateBuilder{}
}

5
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go generated vendored Normal file
View File

@@ -0,0 +1,5 @@
package sources
func Source[T any]() T {
return *new(T)
}

6
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt vendored
View File

@@ -13,6 +13,9 @@ github.com/couchbase/gocb/v2
# github.com/jmoiron/sqlx v1.4.0
## explicit
github.com/jmoiron/sqlx
# github.com/Masterminds/squirrel v1.5.4
## explicit
github.com/Masterminds/squirrel
# github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a
## explicit
github.com/rqlite/gorqlite
@@ -22,6 +25,9 @@ go.mongodb.org/mongo-driver/mongo
# gorm.io/gorm v1.25.12
## explicit
gorm.io/gorm
# github.com/nonexistent/sources v0.0.0-20250300000000-000000000000
## explicit
github.com/nonexistent/sources
# github.com/couchbase/gocbcore/v10 v10.5.4
## explicit
github.com/couchbase/gocbcore/v10

18
java/ql/integration-tests/java/buildless-gradle-boms/build.gradle Normal file
View File

@@ -0,0 +1,18 @@
/*
* This file was generated by the Gradle 'init' task.
*
* This is a general purpose Gradle build.
* To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples
*/
apply plugin: 'java-library'
repositories {
mavenCentral()
}
dependencies {
api 'org.apache.commons:commons-math3:3.6.1'
api 'org.junit.jupiter:junit-jupiter-api:5.12.1'
}

5
java/ql/integration-tests/java/buildless-gradle-boms/buildless-fetches.expected Normal file
View File

@@ -0,0 +1,5 @@
https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
https://repo.maven.apache.org/maven2/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar
https://repo.maven.apache.org/maven2/org/junit/jupiter/junit-jupiter-api/5.12.1/junit-jupiter-api-5.12.1.jar
https://repo.maven.apache.org/maven2/org/junit/platform/junit-platform-commons/1.12.1/junit-platform-commons-1.12.1.jar
https://repo.maven.apache.org/maven2/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar

70
java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected Normal file
View File

@@ -0,0 +1,70 @@
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/using-build-tool-advice",
"name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used the system default JDK.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "Java analysis used the system default JDK"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis with build-mode 'none' completed.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/complete",
"name": "Java analysis with build-mode 'none' completed"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/mode-active",
"name": "Java was extracted with build-mode set to 'none'"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Reading the dependency graph from build files provided 5 classpath entries",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-provided-by-gradle",
"name": "Java analysis extracted precise dependency graph information from tool Gradle"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}

8
java/ql/integration-tests/java/buildless-gradle-boms/settings.gradle Normal file
View File

@@ -0,0 +1,8 @@
/*
* This file was generated by the Gradle 'init' task.
*
* The settings file is used to specify which projects to include in your build.
* For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation.
*/
rootProject.name = 'buildless-gradle'

6
java/ql/integration-tests/java/buildless-gradle-boms/source_archive.expected Normal file
View File

@@ -0,0 +1,6 @@
.gradle/8.3/dependencies-accessors/gc.properties
.gradle/8.3/gc.properties
.gradle/buildOutputCleanup/cache.properties
.gradle/vcs-1/gc.properties
gradle/wrapper/gradle-wrapper.properties
src/main/java/com/fractestexample/Test.java

9
java/ql/integration-tests/java/buildless-gradle-boms/src/main/java/com/fractestexample/Test.java Normal file
View File

@@ -0,0 +1,9 @@
package com.fractestexample;
import org.apache.commons.math3.fraction.Fraction;
public class Test {
public Fraction test(org.junit.jupiter.api.Test t) { return Fraction.ONE; }
}

7
java/ql/integration-tests/java/buildless-gradle-boms/test.py Normal file
View File

@@ -0,0 +1,7 @@
def test(codeql, java, gradle_8_3):
codeql.database.create(
_env={
"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
}
)

26
java/ql/integration-tests/java/buildless-maven-mirrorof/buildless-fetches.expected Normal file
View File

@@ -0,0 +1,26 @@
https://repo.maven.apache.org/maven2/com/feiniaojin/naaf/naaf-graceful-response-example/1.0/naaf-graceful-response-example-1.0.jar
https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/avro-registry-in-source-tests/1.8/avro-registry-in-source-tests-1.8.jar
https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/example-project/1.5/example-project-1.5.jar
https://repo.maven.apache.org/maven2/com/intuit/benten/benten-examples/0.1.5/benten-examples-0.1.5.jar
https://repo.maven.apache.org/maven2/com/jakewharton/twirl/sample-runtime/1.2.0/sample-runtime-1.2.0.jar
https://repo.maven.apache.org/maven2/com/mattunderscore/code/generation/specky/plugin-example/0.8.0/plugin-example-0.8.0.jar
https://repo.maven.apache.org/maven2/com/microsoft/tang/tang-test-jarAB/0.9/tang-test-jarAB-0.9.jar
https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-example_2.11/0.1.2/rx-redis-example_2.11-0.1.2.jar
https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-java-example_2.11/0.1.2/rx-redis-java-example_2.11-0.1.2.jar
https://repo.maven.apache.org/maven2/io/github/scrollsyou/example-spring-boot-starter/1.0.0/example-spring-boot-starter-1.0.0.jar
https://repo.maven.apache.org/maven2/io/streamnative/com/example/maven-central-template/server/3.0.0/server-3.0.0.jar
https://repo.maven.apache.org/maven2/no/nav/security/token-validation-ktor-demo/3.1.0/token-validation-ktor-demo-3.1.0.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-fileupload/0.5.10/minijax-example-fileupload-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-inject/0.5.10/minijax-example-inject-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-json/0.5.10/minijax-example-json-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-mustache/0.5.10/minijax-example-mustache-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-petclinic/0.5.10/minijax-example-petclinic-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-security/0.5.10/minijax-example-security-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-ssl/0.5.10/minijax-example-ssl-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-todo-backend/0.5.10/minijax-example-todo-backend-0.5.10.jar
https://repo.maven.apache.org/maven2/org/minijax/minijax-example-websocket/0.5.10/minijax-example-websocket-0.5.10.jar
https://repo.maven.apache.org/maven2/org/scalamock/scalamock-examples_2.10/3.6.0/scalamock-examples_2.10-3.6.0.jar
https://repo.maven.apache.org/maven2/org/somda/sdc/glue-examples/4.0.0/glue-examples-4.0.0.jar
https://repo.maven.apache.org/maven2/us/fatehi/schemacrawler-examplecode/16.20.2/schemacrawler-examplecode-16.20.2.jar
https://repo1.maven.org/maven2/junit/junit/4.11/junit-4.11.jar
https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar

70
java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected Normal file
View File

@@ -0,0 +1,70 @@
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/using-build-tool-advice",
"name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used the system default JDK.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "Java analysis used the system default JDK"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis with build-mode 'none' completed.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/complete",
"name": "Java analysis with build-mode 'none' completed"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/mode-active",
"name": "Java was extracted with build-mode set to 'none'"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-provided-by-maven",
"name": "Java analysis extracted precise dependency graph information from tool Maven"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}

77
java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected Normal file
View File

@@ -0,0 +1,77 @@
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.36.0/error_prone_parent-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/33.4.0-jre/guava-parent-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/35/maven-parent-35.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/37/maven-parent-37.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven/3.8.6/maven-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/9/oss-parent-9.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/spice/spice-parent/17/spice-parent-17.pom
Downloaded from mirror-force-central: https://repo1.maven.org/maven2/junit/junit/4.11/junit-4.11.pom
Downloaded from mirror-force-central: https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom
Downloaded from mirror-force-central: https://repo1.maven.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom

114
java/ql/integration-tests/java/buildless-maven-mirrorof/pom.xml Normal file
View File

@@ -0,0 +1,114 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>maven-sample</artifactId>
<version>1.0-SNAPSHOT</version>
<name>maven-sample</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>exec-maven-plugin</artifactId>
<groupId>org.codehaus.mojo</groupId>
<version>1.1.1</version>
<executions>
<execution>
<id>check-maven-version</id>
<phase>package</phase>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>com.example.App</mainClass>
</configuration>
</plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>2.19.1</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
<phase>compile</phase>
</execution>
</executions>
<configuration>
<java>
<licenseHeader>
<content>/* FAIL ME */</content>
</licenseHeader>
</java>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
<!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
<plugin>
<artifactId>maven-site-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.0.0</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>

35
java/ql/integration-tests/java/buildless-maven-mirrorof/settings-xml.expected Normal file
View File

@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<settings>
<mirrors>
<mirror>
<id>mirror-force-central</id>
<name>Mirror Repository</name>
<url>https://repo1.maven.org/maven2</url>
<mirrorOf>*,!codeql-depgraph-plugin-repo</mirrorOf>
</mirror>
</mirrors>
<profiles>
<profile>
<id>codeql-depgraph-plugin-repo</id>
<pluginRepositories>
<pluginRepository>
<id>codeql-depgraph-plugin-repo</id>
<name>CodeQL Dependency Graph Plugin Repository</name>
<url>file://[dist-root]/java/tools/ferstl-depgraph-dependencies/</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>codeql-depgraph-plugin-repo</activeProfile>
</activeProfiles>
</settings>

10
java/ql/integration-tests/java/buildless-maven-mirrorof/settings.xml Normal file
View File

@@ -0,0 +1,10 @@
<settings>
<mirrors>
<mirror>
<id>mirror-force-central</id>
<name>Mirror Repository</name>
<url>https://repo1.maven.org/maven2</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
</settings>

8
java/ql/integration-tests/java/buildless-maven-mirrorof/source_archive.expected Normal file
View File

@@ -0,0 +1,8 @@
pom.xml
settings.xml
src/main/java/com/example/App.java
src/main/resources/my-app.properties
src/main/resources/page.xml
src/main/resources/struts.xml
src/test/java/com/example/AppTest.java
test-db/working/settings.xml

30
java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/java/com/example/App.java Normal file
View File

@@ -0,0 +1,30 @@
package com.example;
import java.util.regex.Pattern;
import java.nio.file.Path;
import java.nio.file.Paths;
/**
* Hello world!
*
*/
public class App
{
public static void main( String[] args )
{
System.out.println( "Hello World!" );
String expectedVersion = System.getenv("EXPECT_MAVEN");
Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
String observedVersion = mavenHome.getFileName().toString();
if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
System.exit(1);
}
String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
String command = System.getProperty("sun.java.command");
if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
System.exit(1);
}
}
}

1
java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/my-app.properties Normal file
View File

@@ -0,0 +1 @@
version=1.0

8
java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/page.xml Normal file
View File

@@ -0,0 +1,8 @@
<html>
<head>
<title>A sample</title>
</head>
<body>
<p>Hello world!</p>
</body>
</html>

4
java/ql/integration-tests/java/buildless-maven-mirrorof/src/main/resources/struts.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<struts>
This is a sample file
</struts>

20
java/ql/integration-tests/java/buildless-maven-mirrorof/src/test/java/com/example/AppTest.java Normal file
View File

@@ -0,0 +1,20 @@
package com.example;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
/**
* Unit test for simple App.
*/
public class AppTest
{
/**
* Rigorous Test :-)
*/
@Test
public void shouldAnswerWithTrue()
{
assertTrue( true );
}
}

10
java/ql/integration-tests/java/buildless-maven-mirrorof/test.py Normal file
View File

@@ -0,0 +1,10 @@
import os
import os.path
def test(codeql, java):
codeql.database.create(build_mode = "none",
_env={
"_JAVA_OPTIONS": "-Duser.home=" + os.path.join(os.getcwd(), "empty-home"),
"LGTM_INDEX_MAVEN_SETTINGS_FILE": os.path.join(os.path.dirname(os.path.realpath(__file__)), "settings.xml")
}
)

4
java/ql/lib/change-notes/2025-03-27-gradle-fetch-reduction.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* In `build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings.

4
java/ql/lib/semmle/code/java/Expr.qll
View File

@@ -180,7 +180,7 @@ class CompileTimeConstantExpr extends Expr {
/**
* Gets the string value of this expression, where possible.
*/
pragma[nomagic]
cached
string getStringValue() {
result = this.(StringLiteral).getValue()
or
@@ -205,7 +205,7 @@ class CompileTimeConstantExpr extends Expr {
/**
* Gets the boolean value of this expression, where possible.
*/
pragma[nomagic]
cached
boolean getBooleanValue() {
// Literal value.
result = this.(BooleanLiteral).getBooleanValue()

32
java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll
View File

@@ -5,6 +5,19 @@
import java
import Dominance
cached
private module BasicBlockStage {
cached
predicate ref() { any() }
cached
predicate backref() {
(exists(any(BasicBlock bb).getABBSuccessor()) implies any()) and
(exists(any(BasicBlock bb).getNode(_)) implies any()) and
(exists(any(BasicBlock bb).length()) implies any())
}
}
/**
* A control-flow node that represents the start of a basic block.
*
@@ -12,8 +25,11 @@ import Dominance
* often be treated as a unit in analyses.
*/
class BasicBlock extends ControlFlowNode {
cached
BasicBlock() {
not exists(this.getAPredecessor()) and exists(this.getASuccessor())
BasicBlockStage::ref() and
not exists(this.getAPredecessor()) and
exists(this.getASuccessor())
or
strictcount(this.getAPredecessor()) > 1
or
@@ -24,7 +40,10 @@ class BasicBlock extends ControlFlowNode {
/** Gets an immediate successor of this basic block. */
cached
BasicBlock getABBSuccessor() { result = this.getLastNode().getASuccessor() }
BasicBlock getABBSuccessor() {
BasicBlockStage::ref() and
result = this.getLastNode().getASuccessor()
}
/** Gets an immediate predecessor of this basic block. */
BasicBlock getABBPredecessor() { result.getABBSuccessor() = this }
@@ -35,7 +54,9 @@ class BasicBlock extends ControlFlowNode {
/** Gets the control-flow node at a specific (zero-indexed) position in this basic block. */
cached
ControlFlowNode getNode(int pos) {
result = this and pos = 0
BasicBlockStage::ref() and
result = this and
pos = 0
or
exists(ControlFlowNode mid, int mid_pos | pos = mid_pos + 1 |
this.getNode(mid_pos) = mid and
@@ -52,7 +73,10 @@ class BasicBlock extends ControlFlowNode {
/** Gets the number of control-flow nodes contained in this basic block. */
cached
int length() { result = strictcount(this.getANode()) }
int length() {
BasicBlockStage::ref() and
result = strictcount(this.getANode())
}
/** Holds if this basic block strictly dominates `node`. */
predicate bbStrictlyDominates(BasicBlock node) { bbStrictlyDominates(this, node) }

21
java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -14,9 +14,26 @@
import java
private import codeql.ssa.Ssa as SsaImplCommon
cached
private module BaseSsaStage {
cached
predicate ref() { any() }
cached
predicate backref() {
(exists(TLocalVar(_, _)) implies any()) and
(exists(any(BaseSsaSourceVariable v).getAnAccess()) implies any()) and
(exists(getAUse(_)) implies any())
}
}
cached
private newtype TBaseSsaSourceVariable =
TLocalVar(Callable c, LocalScopeVariable v) {
c = v.getCallable() or c = v.getAnAccess().getEnclosingCallable()
BaseSsaStage::ref() and
c = v.getCallable()
or
c = v.getAnAccess().getEnclosingCallable()
}
/**
@@ -31,6 +48,7 @@ class BaseSsaSourceVariable extends TBaseSsaSourceVariable {
*/
cached
VarAccess getAnAccess() {
BaseSsaStage::ref() and
exists(LocalScopeVariable v, Callable c |
this = TLocalVar(c, v) and result = v.getAnAccess() and result.getEnclosingCallable() = c
)
@@ -188,6 +206,7 @@ cached
private module Cached {
cached
VarRead getAUse(Impl::Definition def) {
BaseSsaStage::ref() and
exists(BaseSsaSourceVariable v, BasicBlock bb, int i |
Impl::ssaDefReachesRead(v, def, bb, i) and
result.getControlFlowNode() = bb.getNode(i) and

15
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
View File

@@ -26,6 +26,14 @@ private predicate deadcode(Expr e) {
module SsaFlow {
module Impl = SsaImpl::DataFlowIntegration;
private predicate ssaDefAssigns(SsaExplicitUpdate def, Expr value) {
exists(VariableUpdate upd | upd = def.getDefiningExpr() |
value = upd.(VariableAssign).getSource() or
value = upd.(AssignOp) or
value = upd.(RecordBindingVariableExpr)
)
}
Impl::Node asNode(Node n) {
n = TSsaNode(result)
or
@@ -33,7 +41,12 @@ module SsaFlow {
or
result.(Impl::ExprPostUpdateNode).getExpr() = n.(PostUpdateNode).getPreUpdateNode().asExpr()
or
TExplicitParameterNode(result.(Impl::ParameterNode).getParameter()) = n
exists(Parameter p |
n = TExplicitParameterNode(p) and
result.(Impl::WriteDefSourceNode).getDefinition().(SsaImplicitInit).isParameterDefinition(p)
)
or
ssaDefAssigns(result.(Impl::WriteDefSourceNode).getDefinition(), n.asExpr())
}
predicate localFlowStep(SsaSourceVariable v, Node nodeFrom, Node nodeTo, boolean isUseStep) {

25
java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
View File

@@ -647,22 +647,8 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
Expr getARead(Definition def) { result = getAUse(def) }
class Parameter = J::Parameter;
predicate ssaDefAssigns(Impl::WriteDefinition def, Expr value) {
exists(VariableUpdate upd | upd = def.(SsaExplicitUpdate).getDefiningExpr() |
value = upd.(VariableAssign).getSource() or
value = upd.(AssignOp) or
value = upd.(RecordBindingVariableExpr)
)
}
predicate ssaDefInitializesParam(Impl::WriteDefinition def, Parameter p) {
def.(SsaImplicitInit).getSourceVariable() =
any(SsaSourceVariable v |
v.getVariable() = p and
v.getEnclosingCallable() = p.getCallable()
)
predicate ssaDefHasSource(WriteDefinition def) {
def instanceof SsaExplicitUpdate or def.(SsaImplicitInit).isParameterDefinition(_)
}
predicate allowFlowIntoUncertainDef(UncertainWriteDefinition def) {
@@ -680,10 +666,17 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
}
}
/** Holds if the guard `guard` directly controls block `bb` upon evaluating to `branch`. */
predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) {
guard.directlyControls(bb, branch)
}
/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) {
guard.controls(bb, branch)
}
predicate includeWriteDefsInFlowStep() { none() }
}
private module DataFlowIntegrationImpl = Impl::DataFlowIntegration<DataFlowIntegrationInput>;

Some files were not shown because too many files have changed in this diff Show More