hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/rust-expand-attr-macros

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-04-30 15:25:32 +02:00
parent ecd80fbc34 c8e564b2ba
commit 8ffe4d6593
304 changed files with 3811 additions and 873 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
View File

@@ -1,10 +1,4 @@
ql/actions/ql/src/Debug/SyntaxError.ql
ql/actions/ql/src/Models/CompositeActionsSinks.ql
ql/actions/ql/src/Models/CompositeActionsSources.ql
ql/actions/ql/src/Models/CompositeActionsSummaries.ql
ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql

6
actions/ql/integration-tests/query-suite/not_included_in_qls.expected
View File

@@ -1,4 +1,10 @@
ql/actions/ql/src/Debug/partial.ql
ql/actions/ql/src/Models/CompositeActionsSinks.ql
ql/actions/ql/src/Models/CompositeActionsSources.ql
ql/actions/ql/src/Models/CompositeActionsSummaries.ql
ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.8
No user-facing changes.
## 0.4.7
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.8.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.8
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.7
lastReleaseVersion: 0.4.8

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.8-dev
version: 0.4.9-dev
library: true
warnOnImplicitThis: true
dependencies:

20
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,23 @@
## 0.6.0
### Breaking Changes
* The following queries have been removed from the `security-and-quality` suite.
They are not intended to produce user-facing
alerts describing vulnerabilities.
Any existing alerts for these queries will be closed automatically.
* `actions/composite-action-sinks`
* `actions/composite-action-sources`
* `actions/composite-action-summaries`
* `actions/reusable-workflow-sinks`
(renamed from `actions/reusable-wokflow-sinks`)
* `actions/reusable-workflow-sources`
* `actions/reusable-workflow-summaries`
### Bug Fixes
* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
## 0.5.4
### Bug Fixes

2
actions/ql/src/Models/ReusableWorkflowsSinks.ql
View File

@@ -5,7 +5,7 @@
* @problem.severity warning
* @security-severity 9.3
* @precision high
* @id actions/reusable-wokflow-sinks
* @id actions/reusable-workflow-sinks
* @tags actions
* model-generator
* external/cwe/cwe-020

4
actions/ql/src/change-notes/2025-04-14-excessive-secrets-exposure-security-severity.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

19
actions/ql/src/change-notes/released/0.6.0.md Normal file
View File

@@ -0,0 +1,19 @@
## 0.6.0
### Breaking Changes
* The following queries have been removed from the `security-and-quality` suite.
They are not intended to produce user-facing
alerts describing vulnerabilities.
Any existing alerts for these queries will be closed automatically.
* `actions/composite-action-sinks`
* `actions/composite-action-sources`
* `actions/composite-action-summaries`
* `actions/reusable-workflow-sinks`
(renamed from `actions/reusable-wokflow-sinks`)
* `actions/reusable-workflow-sources`
* `actions/reusable-workflow-summaries`
### Bug Fixes
* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.4
lastReleaseVersion: 0.6.0

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.5.5-dev
version: 0.6.1-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

1
cpp/ql/integration-tests/query-suite/cpp-code-quality.qls.expected Normal file
View File

@@ -0,0 +1 @@

60
cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected Normal file
View File

@@ -0,0 +1,60 @@
ql/cpp/ql/src/Critical/DoubleFree.ql
ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
ql/cpp/ql/src/Critical/NewFreeMismatch.ql
ql/cpp/ql/src/Critical/OverflowStatic.ql
ql/cpp/ql/src/Critical/UseAfterFree.ql
ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
ql/cpp/ql/src/Summary/LinesOfCode.ql
ql/cpp/ql/src/Summary/LinesOfUserCode.ql
ql/cpp/ql/src/Telemetry/CompilerErrors.ql
ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
ql/cpp/ql/src/Telemetry/MissingIncludes.ql
ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

181
cpp/ql/integration-tests/query-suite/cpp-security-and-quality.qls.expected Normal file
View File

@@ -0,0 +1,181 @@
ql/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql
ql/cpp/ql/src/Best Practices/ComplexCondition.ql
ql/cpp/ql/src/Best Practices/Exceptions/AccidentalRethrow.ql
ql/cpp/ql/src/Best Practices/Exceptions/CatchingByValue.ql
ql/cpp/ql/src/Best Practices/Exceptions/LeakyCatch.ql
ql/cpp/ql/src/Best Practices/Exceptions/ThrowingPointers.ql
ql/cpp/ql/src/Best Practices/GuardedFree.ql
ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesParameter.ql
ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesVariable.ql
ql/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
ql/cpp/ql/src/Best Practices/Likely Errors/EmptyBlock.ql
ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
ql/cpp/ql/src/Best Practices/Likely Errors/Slicing.ql
ql/cpp/ql/src/Best Practices/RuleOfTwo.ql
ql/cpp/ql/src/Best Practices/SloppyGlobal.ql
ql/cpp/ql/src/Best Practices/SwitchLongCase.ql
ql/cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql
ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql
ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.ql
ql/cpp/ql/src/Best Practices/UseOfGoto.ql
ql/cpp/ql/src/Critical/DeadCodeGoto.ql
ql/cpp/ql/src/Critical/DoubleFree.ql
ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
ql/cpp/ql/src/Critical/LargeParameter.ql
ql/cpp/ql/src/Critical/MissingCheckScanf.ql
ql/cpp/ql/src/Critical/NewArrayDeleteMismatch.ql
ql/cpp/ql/src/Critical/NewDeleteArrayMismatch.ql
ql/cpp/ql/src/Critical/NewFreeMismatch.ql
ql/cpp/ql/src/Critical/OverflowStatic.ql
ql/cpp/ql/src/Critical/SizeCheck.ql
ql/cpp/ql/src/Critical/SizeCheck2.ql
ql/cpp/ql/src/Critical/UseAfterFree.ql
ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
ql/cpp/ql/src/Documentation/CommentedOutCode.ql
ql/cpp/ql/src/Documentation/FixmeComments.ql
ql/cpp/ql/src/Documentation/UncommentedFunction.ql
ql/cpp/ql/src/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql
ql/cpp/ql/src/Likely Bugs/AmbiguouslySignedBitField.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/BitwiseSignCheck.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/FloatComparison.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessComparison.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessSelfComparison.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.ql
ql/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql
ql/cpp/ql/src/Likely Bugs/Conversion/ArrayArgSizeMismatch.ql
ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
ql/cpp/ql/src/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql
ql/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql
ql/cpp/ql/src/Likely Bugs/Conversion/LossyPointerCast.ql
ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
ql/cpp/ql/src/Likely Bugs/Format/TooManyFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/InconsistentCallOnResult.ql
ql/cpp/ql/src/Likely Bugs/InconsistentCheckReturnNull.ql
ql/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql
ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/DubiousNullCheck.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/ExprHasNoEffect.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/FutileConditional.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/inconsistentLoopDirection.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/StackAddressEscapes.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
ql/cpp/ql/src/Likely Bugs/NestedLoopSameVar.ql
ql/cpp/ql/src/Likely Bugs/OO/IncorrectConstructorDelegation.ql
ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructorInBaseClass.ql
ql/cpp/ql/src/Likely Bugs/OO/ThrowInDestructor.ql
ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
ql/cpp/ql/src/Likely Bugs/ReturnConstType.ql
ql/cpp/ql/src/Likely Bugs/ReturnConstTypeMember.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooManyArguments.ql
ql/cpp/ql/src/Likely Bugs/UseInOwnInitializer.ql
ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
ql/cpp/ql/src/Summary/LinesOfCode.ql
ql/cpp/ql/src/Summary/LinesOfUserCode.ql
ql/cpp/ql/src/Telemetry/CompilerErrors.ql
ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
ql/cpp/ql/src/Telemetry/MissingIncludes.ql
ql/cpp/ql/src/Telemetry/SucceededIncludes.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql
ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.1.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 82.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 89.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 95.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 107.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 114.ql
ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 145.ql
ql/cpp/ql/src/jsf/4.17 Types/AV Rule 148.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 166.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 196.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 197.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 201.ql

97
cpp/ql/integration-tests/query-suite/cpp-security-extended.qls.expected Normal file
View File

@@ -0,0 +1,97 @@
ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
ql/cpp/ql/src/Critical/DoubleFree.ql
ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
ql/cpp/ql/src/Critical/MissingCheckScanf.ql
ql/cpp/ql/src/Critical/NewFreeMismatch.ql
ql/cpp/ql/src/Critical/OverflowStatic.ql
ql/cpp/ql/src/Critical/SizeCheck.ql
ql/cpp/ql/src/Critical/SizeCheck2.ql
ql/cpp/ql/src/Critical/UseAfterFree.ql
ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
ql/cpp/ql/src/Summary/LinesOfCode.ql
ql/cpp/ql/src/Summary/LinesOfUserCode.ql
ql/cpp/ql/src/Telemetry/CompilerErrors.ql
ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
ql/cpp/ql/src/Telemetry/MissingIncludes.ql
ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

447
cpp/ql/integration-tests/query-suite/not_included_in_qls.expected Normal file
View File

@@ -0,0 +1,447 @@
ql/cpp/ql/src/AlertSuppression.ql
ql/cpp/ql/src/Architecture/FeatureEnvy.ql
ql/cpp/ql/src/Architecture/General Class-Level Information/ClassHierarchies.ql
ql/cpp/ql/src/Architecture/General Class-Level Information/HubClasses.ql
ql/cpp/ql/src/Architecture/General Class-Level Information/InheritanceDepthDistribution.ql
ql/cpp/ql/src/Architecture/General Namespace-Level Information/CyclicNamespaces.ql
ql/cpp/ql/src/Architecture/General Namespace-Level Information/GlobalNamespaceClasses.ql
ql/cpp/ql/src/Architecture/General Namespace-Level Information/NamespaceDependencies.ql
ql/cpp/ql/src/Architecture/General Top-Level Information/GeneralStatistics.ql
ql/cpp/ql/src/Architecture/InappropriateIntimacy.ql
ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyDependencies.ql
ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql
ql/cpp/ql/src/Architecture/Refactoring Opportunities/ComplexFunctions.ql
ql/cpp/ql/src/Architecture/Refactoring Opportunities/CyclomaticComplexity.ql
ql/cpp/ql/src/Architecture/Refactoring Opportunities/FunctionsWithManyParameters.ql
ql/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql
ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsNumbers.ql
ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsString.ql
ql/cpp/ql/src/Best Practices/Magic Constants/MagicNumbersUseConstant.ql
ql/cpp/ql/src/Best Practices/Magic Constants/MagicStringsUseConstant.ql
ql/cpp/ql/src/Best Practices/NVI.ql
ql/cpp/ql/src/Best Practices/NVIHub.ql
ql/cpp/ql/src/Best Practices/RuleOfThree.ql
ql/cpp/ql/src/Best Practices/Unused Entities/UnusedIncludes.ql
ql/cpp/ql/src/Critical/DeadCodeCondition.ql
ql/cpp/ql/src/Critical/DeadCodeFunction.ql
ql/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
ql/cpp/ql/src/Critical/DescriptorNeverClosed.ql
ql/cpp/ql/src/Critical/FileMayNotBeClosed.ql
ql/cpp/ql/src/Critical/FileNeverClosed.ql
ql/cpp/ql/src/Critical/GlobalUseBeforeInit.ql
ql/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
ql/cpp/ql/src/Critical/InitialisationNotRun.ql
ql/cpp/ql/src/Critical/LateNegativeTest.ql
ql/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
ql/cpp/ql/src/Critical/MemoryNeverFreed.ql
ql/cpp/ql/src/Critical/MissingNegativityTest.ql
ql/cpp/ql/src/Critical/MissingNullTest.ql
ql/cpp/ql/src/Critical/NotInitialised.ql
ql/cpp/ql/src/Critical/OverflowCalculated.ql
ql/cpp/ql/src/Critical/OverflowDestination.ql
ql/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql
ql/cpp/ql/src/Critical/ReturnValueIgnored.ql
ql/cpp/ql/src/Critical/Unused.ql
ql/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql
ql/cpp/ql/src/Documentation/DocumentApi.ql
ql/cpp/ql/src/Documentation/TodoComments.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/ExitNonterminatingLoop.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/LoopBounds.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 04/Recursion.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 05/HeapMemory.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 07/ThreadSafety.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidNestedSemaphores.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidSemaphores.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/OutOfOrderLocks.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/ReleaseLocksWhenAcquired.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowGoto.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowJmp.ql
ql/cpp/ql/src/JPL_C/LOC-2/Rule 12/EnumInitialization.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/ExternDeclsInHeader.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFile.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFunction.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeLocalHidesGlobal.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 14/CheckingReturnValues.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 15/CheckingParameterValues.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsConstant.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsDensity.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsNonBoolean.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsSideEffect.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 18/CompoundExpressions.ql
ql/cpp/ql/src/JPL_C/LOC-3/Rule 19/NoBooleanSideEffects.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUse.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseIfdef.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUsePartial.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseUndisciplined.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 21/MacroInBlock.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 22/UseOfUndef.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleStmtsPerLine.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleVarDeclsPerLine.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 25/FunctionSizeLimits.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 26/DeclarationPointerNesting.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 27/PointerDereferenceInStmt.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerDereferenceMacro.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerIndirectionTypedef.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 29/NonConstFunctionPointer.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 30/FunctionPointerConversions.ql
ql/cpp/ql/src/JPL_C/LOC-4/Rule 31/IncludesFirst.ql
ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql
ql/cpp/ql/src/Likely Bugs/Conversion/ConversionChangesSign.ql
ql/cpp/ql/src/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql
ql/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
ql/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql
ql/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/BoolValueInBitOp.ql
ql/cpp/ql/src/Likely Bugs/Likely Typos/LogicalExprCouldBeSimplified.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/More64BitWaste.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/NonPortablePrintf.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/Suboptimal64BitType.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql
ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql
ql/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql
ql/cpp/ql/src/Likely Bugs/OO/VirtualCallInStructor.ql
ql/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql
ql/cpp/ql/src/Metrics/Classes/CAfferentCoupling.ql
ql/cpp/ql/src/Metrics/Classes/CEfferentCoupling.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadBugs.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadDifficulty.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadEffort.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadLength.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadVocabulary.ql
ql/cpp/ql/src/Metrics/Classes/CHalsteadVolume.ql
ql/cpp/ql/src/Metrics/Classes/CInheritanceDepth.ql
ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.ql
ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionHS.ql
ql/cpp/ql/src/Metrics/Classes/CLinesOfCode.ql
ql/cpp/ql/src/Metrics/Classes/CNumberOfFields.ql
ql/cpp/ql/src/Metrics/Classes/CNumberOfFunctions.ql
ql/cpp/ql/src/Metrics/Classes/CNumberOfStatements.ql
ql/cpp/ql/src/Metrics/Classes/CPercentageOfComplexCode.ql
ql/cpp/ql/src/Metrics/Classes/CResponse.ql
ql/cpp/ql/src/Metrics/Classes/CSizeOfAPI.ql
ql/cpp/ql/src/Metrics/Classes/CSpecialisation.ql
ql/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.ql
ql/cpp/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
ql/cpp/ql/src/Metrics/External/FileCompilationDisplayStrings.ql
ql/cpp/ql/src/Metrics/External/FileCompilationSourceLinks.ql
ql/cpp/ql/src/Metrics/Files/AutogeneratedLOC.ql
ql/cpp/ql/src/Metrics/Files/ConditionalSegmentConditions.ql
ql/cpp/ql/src/Metrics/Files/ConditionalSegmentLines.ql
ql/cpp/ql/src/Metrics/Files/FAfferentCoupling.ql
ql/cpp/ql/src/Metrics/Files/FCommentRatio.ql
ql/cpp/ql/src/Metrics/Files/FCyclomaticComplexity.ql
ql/cpp/ql/src/Metrics/Files/FDirectIncludes.ql
ql/cpp/ql/src/Metrics/Files/FEfferentCoupling.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadBugs.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadDifficulty.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadEffort.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadLength.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadVocabulary.ql
ql/cpp/ql/src/Metrics/Files/FHalsteadVolume.ql
ql/cpp/ql/src/Metrics/Files/FLines.ql
ql/cpp/ql/src/Metrics/Files/FLinesOfCode.ql
ql/cpp/ql/src/Metrics/Files/FLinesOfCommentedOutCode.ql
ql/cpp/ql/src/Metrics/Files/FLinesOfComments.ql
ql/cpp/ql/src/Metrics/Files/FMacroRatio.ql
ql/cpp/ql/src/Metrics/Files/FNumberOfClasses.ql
ql/cpp/ql/src/Metrics/Files/FNumberOfTests.ql
ql/cpp/ql/src/Metrics/Files/FTimeInFrontend.ql
ql/cpp/ql/src/Metrics/Files/FTodoComments.ql
ql/cpp/ql/src/Metrics/Files/FTransitiveIncludes.ql
ql/cpp/ql/src/Metrics/Files/FTransitiveSourceIncludes.ql
ql/cpp/ql/src/Metrics/Files/FunctionLength.ql
ql/cpp/ql/src/Metrics/Files/NumberOfFunctions.ql
ql/cpp/ql/src/Metrics/Files/NumberOfGlobals.ql
ql/cpp/ql/src/Metrics/Files/NumberOfParameters.ql
ql/cpp/ql/src/Metrics/Files/NumberOfPublicFunctions.ql
ql/cpp/ql/src/Metrics/Files/NumberOfPublicGlobals.ql
ql/cpp/ql/src/Metrics/Functions/FunCyclomaticComplexity.ql
ql/cpp/ql/src/Metrics/Functions/FunIterationNestingDepth.ql
ql/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql
ql/cpp/ql/src/Metrics/Functions/FunLinesOfComments.ql
ql/cpp/ql/src/Metrics/Functions/FunNumberOfCalls.ql
ql/cpp/ql/src/Metrics/Functions/FunNumberOfParameters.ql
ql/cpp/ql/src/Metrics/Functions/FunNumberOfStatements.ql
ql/cpp/ql/src/Metrics/Functions/FunPercentageOfComments.ql
ql/cpp/ql/src/Metrics/Functions/StatementNestingDepth.ql
ql/cpp/ql/src/Metrics/Internal/ASTConsistency.ql
ql/cpp/ql/src/Metrics/Internal/CallableDisplayStrings.ql
ql/cpp/ql/src/Metrics/Internal/CallableExtents.ql
ql/cpp/ql/src/Metrics/Internal/CallableSourceLinks.ql
ql/cpp/ql/src/Metrics/Internal/DiagnosticsSumElapsedTimes.ql
ql/cpp/ql/src/Metrics/Internal/IRConsistency.ql
ql/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql
ql/cpp/ql/src/Metrics/Internal/ReftypeDisplayStrings.ql
ql/cpp/ql/src/Metrics/Internal/ReftypeSourceLinks.ql
ql/cpp/ql/src/Metrics/Namespaces/AbstractNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/ConcreteNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/HighAfferentCouplingNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/HighDistanceFromMainLineNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/HighEfferentCouplingNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/StableNamespaces.ql
ql/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.ql
ql/cpp/ql/src/Microsoft/CallWithNullSAL.ql
ql/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
ql/cpp/ql/src/Microsoft/InconsistentSAL.ql
ql/cpp/ql/src/PointsTo/Debug.ql
ql/cpp/ql/src/PointsTo/PreparedStagedPointsTo.ql
ql/cpp/ql/src/PointsTo/Stats.ql
ql/cpp/ql/src/PointsTo/TaintedFormatStrings.ql
ql/cpp/ql/src/Power of 10/Rule 1/UseOfGoto.ql
ql/cpp/ql/src/Power of 10/Rule 1/UseOfJmp.ql
ql/cpp/ql/src/Power of 10/Rule 1/UseOfRecursion.ql
ql/cpp/ql/src/Power of 10/Rule 2/BoundedLoopIterations.ql
ql/cpp/ql/src/Power of 10/Rule 2/ExitPermanentLoop.ql
ql/cpp/ql/src/Power of 10/Rule 3/DynamicAllocAfterInit.ql
ql/cpp/ql/src/Power of 10/Rule 4/FunctionTooLong.ql
ql/cpp/ql/src/Power of 10/Rule 4/OneStmtPerLine.ql
ql/cpp/ql/src/Power of 10/Rule 5/AssertionDensity.ql
ql/cpp/ql/src/Power of 10/Rule 5/AssertionSideEffect.ql
ql/cpp/ql/src/Power of 10/Rule 5/ConstantAssertion.ql
ql/cpp/ql/src/Power of 10/Rule 5/NonBooleanAssertion.ql
ql/cpp/ql/src/Power of 10/Rule 6/GlobalCouldBeStatic.ql
ql/cpp/ql/src/Power of 10/Rule 6/VariableScopeTooLarge.ql
ql/cpp/ql/src/Power of 10/Rule 7/CheckArguments.ql
ql/cpp/ql/src/Power of 10/Rule 7/CheckReturnValues.ql
ql/cpp/ql/src/Power of 10/Rule 8/AvoidConditionalCompilation.ql
ql/cpp/ql/src/Power of 10/Rule 8/PartialMacro.ql
ql/cpp/ql/src/Power of 10/Rule 8/RestrictPreprocessor.ql
ql/cpp/ql/src/Power of 10/Rule 8/UndisciplinedMacro.ql
ql/cpp/ql/src/Power of 10/Rule 9/FunctionPointer.ql
ql/cpp/ql/src/Power of 10/Rule 9/HiddenPointerIndirection.ql
ql/cpp/ql/src/Power of 10/Rule 9/PointerNesting.ql
ql/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
ql/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
ql/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
ql/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
ql/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
ql/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
ql/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
ql/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql
ql/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql
ql/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql
ql/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql
ql/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
ql/cpp/ql/src/definitions.ql
ql/cpp/ql/src/experimental/Best Practices/UselessTest.ql
ql/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql
ql/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql
ql/cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql
ql/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-416/UseAfterExpiredLifetime.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
ql/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql
ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
ql/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql
ql/cpp/ql/src/external/examples/filters/BumpMetricBy10.ql
ql/cpp/ql/src/external/examples/filters/EditDefectMessage.ql
ql/cpp/ql/src/external/examples/filters/ExcludeGeneratedCode.ql
ql/cpp/ql/src/filters/ClassifyFiles.ql
ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 1.ql
ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 2.ql
ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 3.ql
ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 11.ql
ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 12.ql
ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 13.ql
ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 14.ql
ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 9.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 17.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 18.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 19.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 20.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 21.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 22.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 23.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 24.ql
ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 25.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 26.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 27.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 28.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 29.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 30.ql
ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 31.ql
ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 33.ql
ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 39.ql
ql/cpp/ql/src/jsf/4.08 Implementation Files/AV Rule 40.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 41.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 42.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 43.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 44.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 45.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 46.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 47.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 48.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 49.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 50.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 51.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 52.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.1.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 54.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 57.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 58.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 59.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 60.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 61.ql
ql/cpp/ql/src/jsf/4.09 Style/AV Rule 63.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 68.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 69.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 70.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 73.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 74.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 75.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 76.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 77.1.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 78.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 81.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 85.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.1.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 94.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 96.ql
ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.1.ql
ql/cpp/ql/src/jsf/4.11 Namespaces/AV Rule 99.ql
ql/cpp/ql/src/jsf/4.12 Templates/AV Rule 104.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 108.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 110.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 111.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 113.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 115.ql
ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql
ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 126.ql
ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 127.ql
ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 133.ql
ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 135.ql
ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 138.ql
ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 139.ql
ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 140.ql
ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 142.ql
ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 143.ql
ql/cpp/ql/src/jsf/4.17 Types/AV Rule 147.ql
ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 149.ql
ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 150.ql
ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.1.ql
ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.ql
ql/cpp/ql/src/jsf/4.19 Variables/AV Rule 152.ql
ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 154.ql
ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 155.ql
ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 156.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 157.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 158.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 159.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 162.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 163.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 164.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql
ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 170.ql
ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 171.ql
ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 175.ql
ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 176.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 178.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 179.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 180.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 181.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 182.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 184.ql
ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 185.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 186.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 187.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 188.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 189.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 190.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 191.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 192.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 193.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 194.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 195.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 198.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 199.ql
ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 200.ql
ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.1.ql
ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.ql
ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 205.ql
ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 206.ql
ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 207.ql
ql/cpp/ql/src/jsf/4.27 Fault Handling/AV Rule 208.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 209.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 210.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 212.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 213.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 214.ql
ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 215.ql
ql/cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
ql/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
ql/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
ql/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
ql/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql

14
cpp/ql/integration-tests/query-suite/test.py Normal file
View File

@@ -0,0 +1,14 @@
import runs_on
import pytest
from query_suites import *
well_known_query_suites = ['cpp-code-quality.qls', 'cpp-security-and-quality.qls', 'cpp-security-extended.qls', 'cpp-code-scanning.qls']
@runs_on.posix
@pytest.mark.parametrize("query_suite", well_known_query_suites)
def test(codeql, cpp, check_query_suite, query_suite):
check_query_suite(query_suite)
@runs_on.posix
def test_not_included_queries(codeql, cpp, check_queries_not_included):
check_queries_not_included('cpp', well_known_query_suites)

9
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,12 @@
## 4.3.0
### New Features
* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
## 4.2.0
### New Features

4
cpp/ql/lib/change-notes/2025-04-14-variable-length-arrays.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

4
cpp/ql/lib/change-notes/2025-04-15-field-array-designator.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.

9
cpp/ql/lib/change-notes/2025-04-23-typeof.md → cpp/ql/lib/change-notes/released/4.3.0.md
View File

@@ -1,5 +1,8 @@
---
category: feature
---
## 4.3.0
### New Features
* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.2.0
lastReleaseVersion: 4.3.0

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 4.2.1-dev
version: 4.3.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

2
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -31,4 +31,6 @@ module CppDataFlow implements InputSig<Location> {
predicate viableImplInCallContext = Private::viableImplInCallContext/2;
predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1;
int defaultFieldFlowBranchLimit() { result = 3 }
}

8
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1652,8 +1652,6 @@ predicate validParameterAliasStep(Node node1, Node node2) {
)
}
private predicate isTopLevel(Cpp::Stmt s) { any(Function f).getBlock().getAStmt() = s }
private Cpp::Stmt getAChainedBranch(Cpp::IfStmt s) {
result = s.getThen()
or
@@ -1684,11 +1682,9 @@ private Instruction getAnInstruction(Node n) {
}
private newtype TDataFlowSecondLevelScope =
TTopLevelIfBranch(Cpp::Stmt s) {
exists(Cpp::IfStmt ifstmt | s = getAChainedBranch(ifstmt) and isTopLevel(ifstmt))
} or
TTopLevelIfBranch(Cpp::Stmt s) { s = getAChainedBranch(_) } or
TTopLevelSwitchCase(Cpp::SwitchCase s) {
exists(Cpp::SwitchStmt switchstmt | s = switchstmt.getASwitchCase() and isTopLevel(switchstmt))
exists(Cpp::SwitchStmt switchstmt | s = switchstmt.getASwitchCase())
}
/**

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.3.9
No user-facing changes.
## 1.3.8
No user-facing changes.

3
cpp/ql/src/change-notes/released/1.3.9.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.3.9
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.8
lastReleaseVersion: 1.3.9

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.3.9-dev
version: 1.3.10-dev
groups:
- cpp
- queries

13
cpp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
View File

@@ -1,13 +0,0 @@
/**
* @name Capture mixed neutral models.
* @description Finds neutral models to be used by other queries.
* @kind diagnostic
* @id cpp/utils/modelgenerator/mixed-neutral-models
* @tags modelgenerator
*/
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string noflow
where noflow = captureMixedNeutral(api)
select noflow order by noflow

13
cpp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
View File

@@ -1,13 +0,0 @@
/**
* @name Capture mixed summary models.
* @description Finds applicable summary models to be used by other queries.
* @kind diagnostic
* @id cpp/utils/modelgenerator/mixed-summary-models
* @tags modelgenerator
*/
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string flow
where flow = captureMixedFlow(api, _)
select flow order by flow

2
cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string noflow
where noflow = captureNoFlow(api)
where noflow = captureNeutral(api)
select noflow order by noflow

1
cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
View File

@@ -7,6 +7,7 @@
*/
import internal.CaptureModels
import Heuristic
from DataFlowSinkTargetApi api, string sink
where sink = captureSink(api)

1
cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
View File

@@ -7,6 +7,7 @@
*/
import internal.CaptureModels
import Heuristic
from DataFlowSourceTargetApi api, string source
where source = captureSource(api)

2
cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string flow
where flow = captureFlow(api)
where flow = captureFlow(api, _)
select flow order by flow

8
cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -295,6 +295,14 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CppDataFl
result = qualifierString()
}
DataFlowPrivate::ParameterPosition getReturnKindParamPosition(DataFlowPrivate::ReturnKind k) {
exists(int argumentIndex, int indirectionIndex |
k.isIndirectReturn(argumentIndex) and
k.getIndirectionIndex() = indirectionIndex and
result = DataFlowPrivate::TIndirectionPosition(argumentIndex, indirectionIndex)
)
}
string getReturnValueString(DataFlowPrivate::ReturnKind k) {
k.isNormalReturn() and
exists(int indirectionIndex | indirectionIndex = k.getIndirectionIndex() |

0
cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.expected → cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected
View File

0
cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ext.yml → cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml
View File

4
cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ql → cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql
View File

@@ -3,9 +3,9 @@ import utils.modelgenerator.internal.CaptureModels
import InlineModelsAsDataTest
module InlineMadTestConfig implements InlineMadTestConfigSig {
string getCapturedModel(MadRelevantFunction c) { result = captureFlow(c) }
string getCapturedModel(MadRelevantFunction c) { result = Heuristic::captureFlow(c) }
string getKind() { result = "summary" }
string getKind() { result = "heuristic-summary" }
}
import InlineMadTest<InlineMadTestConfig>

87
cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
View File

@@ -10,32 +10,32 @@ namespace Models {
//No model as destructors are excluded from model generation.
~BasicFlow() = default;
//summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];value;dfc-generated
BasicFlow* returnThis(int* input) {
return this;
}
//summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];value;dfc-generated
int* returnParam0(int* input0, int* input1) {
return input0;
}
//summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated
int* returnParam1(int* input0, int* input1) {
return input1;
}
//summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
//summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;value;dfc-generated
@@ -44,11 +44,11 @@ namespace Models {
return b ? input0 : input1;
}
//summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;df-generated
//summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;df-generated
//summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];taint;df-generated
//summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];value;dfc-generated
@@ -58,16 +58,16 @@ namespace Models {
return strcpy(dest, source + 1);
}
//summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1];taint;df-generated
//summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1].Field[**tainted];value;dfc-generated
void setField(int* s) {
tainted = s;
}
//summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue;taint;df-generated
//summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue;taint;df-generated
//heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[*tainted];ReturnValue;value;dfc-generated
//contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[**tainted];ReturnValue[*];value;dfc-generated
int* returnField() {
@@ -79,34 +79,34 @@ namespace Models {
struct TemplatedFlow {
T tainted;
//summary=Models;TemplatedFlow<T>;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];value;dfc-generated
TemplatedFlow<T>* template_returnThis(T input) {
return this;
}
//summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;taint;df-generated
//summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;value;dfc-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated
T* template_returnParam0(T* input0, T* input1) {
return input0;
}
//summary=Models;TemplatedFlow<T>;true;template_setField;(T);;Argument[0];Argument[-1];taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;template_setField;(T);;Argument[0];Argument[-1];taint;df-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;template_setField;(T);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated
void template_setField(T s) {
tainted = s;
}
//summary=Models;TemplatedFlow<T>;true;template_returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;template_returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;template_returnField;();;Argument[-1].Field[*tainted];ReturnValue[*];value;dfc-generated
T& template_returnField() {
return tainted;
}
//summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[0];ReturnValue;taint;df-generated
//summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[0];ReturnValue;value;dfc-generated
//contentbased-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated
template<typename U>
@@ -129,8 +129,10 @@ namespace Models {
}
}
//summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
//summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;df-generated
//contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;dfc-generated
//contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;dfc-generated
//contentbased-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;value;dfc-generated
int toplevel_function(int* p) {
@@ -143,13 +145,13 @@ static int static_toplevel_function(int* p) {
}
struct NonFinalStruct {
//summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
//contentbased-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated
virtual int public_not_final_member_function(int x) {
return x;
}
//summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
//contentbased-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated
virtual int public_final_member_function(int x) final {
return x;
@@ -169,13 +171,13 @@ protected:
};
struct FinalStruct final {
//summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
//contentbased-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated
virtual int public_not_final_member_function_2(int x) {
return x;
}
//summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
//contentbased-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated
virtual int public_final_member_function_2(int x) final {
return x;
@@ -186,16 +188,31 @@ union U {
int x, y;
};
//summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;df-generated
//summary=;;true;get_x_from_union;(U *);;Argument[*0];ReturnValue;taint;df-generated
//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;df-generated
//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[*0];ReturnValue;taint;df-generated
//contentbased-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;dfc-generated
//contentbased-summary=;;true;get_x_from_union;(U *);;Argument[*0].Union[*U];ReturnValue;value;dfc-generated
int get_x_from_union(U* u) {
return u->x;
}
//summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0];taint;df-generated
//heuristic-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0];taint;df-generated
//contentbased-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0].Union[*U];value;dfc-generated
void set_x_in_union(U* u, int x) {
u->x = x;
}
}
struct HasInt {
int x;
};
//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;dfc-generated
//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;dfc-generated
//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];value;dfc-generated
//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;df-generated
//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;df-generated
//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];taint;df-generated
int copy_struct(HasInt *out, const HasInt *in) {
*out = *in;
return 1;
}

24
cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree/UseAfterFree.expected
View File

@@ -11,6 +11,16 @@ edges
| test.cpp:203:7:203:10 | pointer to free output argument | test.cpp:209:6:209:9 | data | provenance | |
| test.cpp:207:8:207:11 | pointer to free output argument | test.cpp:209:6:209:9 | data | provenance | |
| test.cpp:216:9:216:9 | pointer to operator delete output argument | test.cpp:217:6:217:6 | x | provenance | |
| test.cpp:243:7:243:7 | *s [post update] [i1, data] | test.cpp:248:6:248:6 | *s [i1, data] | provenance | |
| test.cpp:243:7:243:16 | pointer to free output argument | test.cpp:243:10:243:11 | *i1 [post update] [data] | provenance | |
| test.cpp:243:10:243:11 | *i1 [post update] [data] | test.cpp:243:7:243:7 | *s [post update] [i1, data] | provenance | |
| test.cpp:248:6:248:6 | *s [i1, data] | test.cpp:248:9:248:10 | *i1 [data] | provenance | |
| test.cpp:248:9:248:10 | *i1 [data] | test.cpp:248:12:248:15 | data | provenance | |
| test.cpp:250:7:250:7 | *s [post update] [*i2, data] | test.cpp:255:6:255:6 | *s [*i2, data] | provenance | |
| test.cpp:250:7:250:17 | pointer to free output argument | test.cpp:250:10:250:11 | *i2 [post update] [data] | provenance | |
| test.cpp:250:10:250:11 | *i2 [post update] [data] | test.cpp:250:7:250:7 | *s [post update] [*i2, data] | provenance | |
| test.cpp:255:6:255:6 | *s [*i2, data] | test.cpp:255:9:255:10 | *i2 [data] | provenance | |
| test.cpp:255:9:255:10 | *i2 [data] | test.cpp:255:13:255:16 | data | provenance | |
nodes
| test.cpp:39:7:39:10 | pointer to free output argument | semmle.label | pointer to free output argument |
| test.cpp:41:6:41:9 | data | semmle.label | data |
@@ -35,6 +45,18 @@ nodes
| test.cpp:209:6:209:9 | data | semmle.label | data |
| test.cpp:216:9:216:9 | pointer to operator delete output argument | semmle.label | pointer to operator delete output argument |
| test.cpp:217:6:217:6 | x | semmle.label | x |
| test.cpp:243:7:243:7 | *s [post update] [i1, data] | semmle.label | *s [post update] [i1, data] |
| test.cpp:243:7:243:16 | pointer to free output argument | semmle.label | pointer to free output argument |
| test.cpp:243:10:243:11 | *i1 [post update] [data] | semmle.label | *i1 [post update] [data] |
| test.cpp:248:6:248:6 | *s [i1, data] | semmle.label | *s [i1, data] |
| test.cpp:248:9:248:10 | *i1 [data] | semmle.label | *i1 [data] |
| test.cpp:248:12:248:15 | data | semmle.label | data |
| test.cpp:250:7:250:7 | *s [post update] [*i2, data] | semmle.label | *s [post update] [*i2, data] |
| test.cpp:250:7:250:17 | pointer to free output argument | semmle.label | pointer to free output argument |
| test.cpp:250:10:250:11 | *i2 [post update] [data] | semmle.label | *i2 [post update] [data] |
| test.cpp:255:6:255:6 | *s [*i2, data] | semmle.label | *s [*i2, data] |
| test.cpp:255:9:255:10 | *i2 [data] | semmle.label | *i2 [data] |
| test.cpp:255:13:255:16 | data | semmle.label | data |
subpaths
#select
| test.cpp:41:6:41:9 | data | test.cpp:39:7:39:10 | pointer to free output argument | test.cpp:41:6:41:9 | data | Memory may have been previously freed by $@. | test.cpp:39:2:39:5 | call to free | call to free |
@@ -49,3 +71,5 @@ subpaths
| test.cpp:209:6:209:9 | data | test.cpp:203:7:203:10 | pointer to free output argument | test.cpp:209:6:209:9 | data | Memory may have been previously freed by $@. | test.cpp:203:2:203:5 | call to free | call to free |
| test.cpp:209:6:209:9 | data | test.cpp:207:8:207:11 | pointer to free output argument | test.cpp:209:6:209:9 | data | Memory may have been previously freed by $@. | test.cpp:207:3:207:6 | call to free | call to free |
| test.cpp:217:6:217:6 | x | test.cpp:216:9:216:9 | pointer to operator delete output argument | test.cpp:217:6:217:6 | x | Memory may have been previously freed by $@. | test.cpp:216:2:216:9 | delete | delete |
| test.cpp:248:12:248:15 | data | test.cpp:243:7:243:16 | pointer to free output argument | test.cpp:248:12:248:15 | data | Memory may have been previously freed by $@. | test.cpp:243:2:243:5 | call to free | call to free |
| test.cpp:255:13:255:16 | data | test.cpp:250:7:250:17 | pointer to free output argument | test.cpp:255:13:255:16 | data | Memory may have been previously freed by $@. | test.cpp:250:2:250:5 | call to free | call to free |

27
cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree/test.cpp
View File

@@ -134,7 +134,7 @@ void noReturnWrapper() { noReturn(); }
void test9()
{
char *data, *data2;
char *data;
free(data);
noReturnWrapper();
use_if_nonzero(data); // GOOD
@@ -229,3 +229,28 @@ void regression_test_for_static_var_handling()
data = (char *)malloc(100*sizeof(char));
use(data); // GOOD
}
struct myInnerStruct {
char *data;
};
struct myStruct {
myInnerStruct i1;
myInnerStruct *i2;
};
void malloc_after_free(myStruct *s) {
free(s->i1.data);
s->i1.data = (char *)malloc(100*sizeof(char));
if (s->i1.data == 0) {
return;
}
use(s->i1.data); // GOOD [FALSE POSITIVE]
free(s->i2->data);
s->i2->data = (char *)malloc(100*sizeof(char));
if (s->i2->data == 0) {
return;
}
use(s->i2->data); // GOOD [FALSE POSITIVE]
}

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.39
No user-facing changes.
## 1.7.38
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.39.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.39
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.38
lastReleaseVersion: 1.7.39

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.39-dev
version: 1.7.40-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.39
No user-facing changes.
## 1.7.38
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.39.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.39
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.38
lastReleaseVersion: 1.7.39

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.39-dev
version: 1.7.40-dev
groups:
- csharp
- solorigate

1
csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
View File

@@ -5,6 +5,7 @@ ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql

2
csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
View File

@@ -117,8 +117,6 @@ ql/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql
ql/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
ql/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
ql/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql

6
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 5.1.5
### Minor Analysis Improvements
* Improved autobuilder logic for detecting whether a project references a SDK (and should be built using `dotnet`).
## 5.1.4
### Minor Analysis Improvements

7
csharp/ql/lib/change-notes/2025-04-11-auto-builder-sdk.md → csharp/ql/lib/change-notes/released/5.1.5.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 5.1.5
### Minor Analysis Improvements
* Improved autobuilder logic for detecting whether a project references a SDK (and should be built using `dotnet`).

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.1.4
lastReleaseVersion: 5.1.5

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.1.5-dev
version: 5.1.6-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

9
csharp/ql/lib/semmle/code/csharp/Stmt.qll
View File

@@ -278,9 +278,14 @@ class CaseStmt extends Case, @case_stmt {
override PatternExpr getPattern() { result = this.getChild(0) }
override Stmt getBody() {
exists(int i |
exists(int i, Stmt next |
this = this.getParent().getChild(i) and
result = this.getParent().getChild(i + 1)
next = this.getParent().getChild(i + 1)
|
result = next and
not result instanceof CaseStmt
or
result = next.(CaseStmt).getBody()
)
}

8
csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
View File

@@ -1153,7 +1153,13 @@ module Statements {
)
or
// Flow from last element of `case` statement `i` to first element of statement `i+1`
exists(int i | last(super.getStmt(i).(CaseStmt).getBody(), pred, c) |
exists(int i, Stmt body |
body = super.getStmt(i).(CaseStmt).getBody() and
// in case of fall-through cases, make sure to not jump from their shared body back
// to one of the fall-through cases
not body = super.getStmt(i + 1).(CaseStmt).getBody() and
last(body, pred, c)
|
c instanceof NormalCompletion and
first(super.getStmt(i + 1), succ)
)

11
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 1.1.2
### Minor Analysis Improvements
* Changes to the MaD model generation infrastructure:
* Changed the query `cs/utils/modelgenerator/summary-models` to use the implementation from `cs/utils/modelgenerator/mixed-summary-models`.
* Removed the now-redundant `cs/utils/modelgenerator/mixed-summary-models` query.
* A similar replacement was made for `cs/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries`, combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
* Improved detection of authorization checks in the `cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces.
* The precision of the query `cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query.
## 1.1.1
### Minor Analysis Improvements

2
csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
View File

@@ -5,7 +5,7 @@
* computation does not follow the standard rules of algebra.
* @kind problem
* @problem.severity warning
* @precision medium
* @precision high
* @id cs/equality-on-floats
* @tags reliability
* correctness

4
csharp/ql/src/change-notes/2025-04-10-invalid-string-format.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The precision of the query `cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query.

4
csharp/ql/src/change-notes/2025-04-15-missing-function-level-access-control.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Improved detection of authorization checks in the `cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces.

4
csharp/ql/src/change-notes/2025-04-28-equality-on-floats-precision.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Changed the precision of the `cs/equality-on-floats` query from medium to high.

10
csharp/ql/src/change-notes/released/1.1.2.md Normal file
View File

@@ -0,0 +1,10 @@
## 1.1.2
### Minor Analysis Improvements
* Changes to the MaD model generation infrastructure:
* Changed the query `cs/utils/modelgenerator/summary-models` to use the implementation from `cs/utils/modelgenerator/mixed-summary-models`.
* Removed the now-redundant `cs/utils/modelgenerator/mixed-summary-models` query.
* A similar replacement was made for `cs/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries`, combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`).
* Improved detection of authorization checks in the `cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces.
* The precision of the query `cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.1.2

1
csharp/ql/src/codeql-suites/csharp-code-quality.qls
View File

@@ -14,3 +14,4 @@
- cs/non-short-circuit
- cs/useless-assignment-to-local
- cs/invalid-string-formatting
- cs/equality-on-floats

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.1.2-dev
version: 1.1.3-dev
groups:
- csharp
- queries

13
csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
View File

@@ -1,13 +0,0 @@
/**
* @name Capture mixed neutral models.
* @description Finds neutral models to be used by other queries.
* @kind diagnostic
* @id cs/utils/modelgenerator/mixed-neutral-models
* @tags modelgenerator
*/
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string noflow
where noflow = captureMixedNeutral(api)
select noflow order by noflow

13
csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
View File

@@ -1,13 +0,0 @@
/**
* @name Capture mixed summary models.
* @description Finds applicable summary models to be used by other queries.
* @kind diagnostic
* @id cs/utils/modelgenerator/mixed-summary-models
* @tags modelgenerator
*/
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string flow
where flow = captureMixedFlow(api, _)
select flow order by flow

2
csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string noflow
where noflow = captureNoFlow(api)
where noflow = captureNeutral(api)
select noflow order by noflow

2
csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSinkTargetApi api, string sink
where sink = captureSink(api)
where sink = Heuristic::captureSink(api)
select sink order by sink

2
csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSourceTargetApi api, string source
where source = captureSource(api)
where source = Heuristic::captureSource(api)
select source order by source

2
csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
View File

@@ -9,5 +9,5 @@
import internal.CaptureModels
from DataFlowSummaryTargetApi api, string flow
where flow = captureFlow(api)
where flow = captureFlow(api, _)
select flow order by flow

4
csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
View File

@@ -5,7 +5,7 @@
* @precision low
* @id csharp/utils/modelgenerator/summary-models-partial-path
* @severity info
* @tags modelgenerator
* @tags debugmodelgenerator
*/
import csharp
@@ -14,7 +14,7 @@ import PartialFlow::PartialPathGraph
int explorationLimit() { result = 3 }
module PartialFlow = PropagateFlow::FlowExplorationFwd<explorationLimit/0>;
module PartialFlow = Heuristic::PropagateFlow::FlowExplorationFwd<explorationLimit/0>;
from
PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink,

3
csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
View File

@@ -5,11 +5,12 @@
* @precision low
* @id csharp/utils/modelgenerator/summary-models-path
* @severity warning
* @tags modelgenerator
* @tags debugmodelgenerator
*/
import csharp
import utils.modelgenerator.internal.CaptureModels
import Heuristic
import PropagateFlow::PathGraph
from

7
csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected
View File

@@ -1078,6 +1078,13 @@
| Switch.cs:156:50:156:52 | "b" | Switch.cs:156:41:156:52 | ... => ... | 2 |
| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | 6 |
| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | 6 |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:167:18:167:18 | 1 | 6 |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | exit M16 | 2 |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:18:168:18 | 2 | 2 |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:170:17:170:22 | break; | 4 |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:18:171:18 | 3 | 2 |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:173:17:173:22 | break; | 4 |
| Switch.cs:174:13:174:20 | default: | Switch.cs:176:17:176:22 | break; | 5 |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | 5 |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:18:7:22 | Int32 j | 13 |
| TypeAccesses.cs:7:13:7:22 | [false] ... is ... | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | 1 |

9
csharp/ql/test/library-tests/controlflow/graph/Condition.expected
View File

@@ -2140,6 +2140,15 @@ conditionBlock
| Switch.cs:156:17:156:54 | ... switch { ... } | Switch.cs:158:13:158:49 | ...; | true |
| Switch.cs:156:17:156:54 | ... switch { ... } | Switch.cs:160:13:160:49 | ...; | false |
| Switch.cs:156:41:156:45 | false | Switch.cs:156:50:156:52 | "b" | true |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:168:13:168:19 | case ...: | false |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:171:13:171:19 | case ...: | false |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:172:17:172:46 | ...; | false |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:174:13:174:20 | default: | false |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:171:13:171:19 | case ...: | false |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:172:17:172:46 | ...; | false |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:174:13:174:20 | default: | false |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:172:17:172:46 | ...; | true |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:174:13:174:20 | default: | false |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | false |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:13:7:22 | [true] ... is ... | true |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:25:7:25 | ; | true |

75
csharp/ql/test/library-tests/controlflow/graph/Dominance.expected
View File

@@ -3678,6 +3678,29 @@ dominance
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:164:5:178:5 | {...} |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | exit M16 |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:165:9:177:9 | switch (...) {...} |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:165:17:165:17 | access to parameter i |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:167:13:167:19 | case ...: |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:167:18:167:18 | 1 |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:18:168:18 | 2 |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:170:17:170:22 | break; |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:42:169:49 | "1 or 2" |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:169:17:169:50 | call to method WriteLine |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:18:171:18 | 3 |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:174:13:174:20 | default: |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:173:17:173:22 | break; |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:42:172:44 | "3" |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:172:17:172:45 | call to method WriteLine |
| Switch.cs:174:13:174:20 | default: | Switch.cs:175:17:175:48 | ...; |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:176:17:176:22 | break; |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:175:42:175:46 | "def" |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:175:17:175:47 | call to method WriteLine |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object |
| TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses |
@@ -7854,6 +7877,27 @@ postDominance
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:13:160:49 | ...; |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:40:160:43 | "b = " |
| Switch.cs:163:10:163:12 | exit M16 | Switch.cs:163:10:163:12 | exit M16 (normal) |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:170:17:170:22 | break; |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:173:17:173:22 | break; |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:176:17:176:22 | break; |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:163:10:163:12 | enter M16 |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:164:5:178:5 | {...} |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:165:9:177:9 | switch (...) {...} |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:165:17:165:17 | access to parameter i |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:167:13:167:19 | case ...: |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:169:42:169:49 | "1 or 2" |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:170:17:170:22 | break; | Switch.cs:169:17:169:50 | call to method WriteLine |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:172:42:172:44 | "3" |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:173:17:173:22 | break; | Switch.cs:172:17:172:45 | call to method WriteLine |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:175:42:175:46 | "def" |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:174:13:174:20 | default: |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:175:17:175:48 | ...; |
| Switch.cs:176:17:176:22 | break; | Switch.cs:175:17:175:47 | call to method WriteLine |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses |
| TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) |
| TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | {...} |
@@ -12467,6 +12511,24 @@ blockDominance
| Switch.cs:156:50:156:52 | "b" | Switch.cs:156:50:156:52 | "b" |
| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:49 | ...; |
| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:49 | ...; |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:163:10:163:12 | enter M16 |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:163:10:163:12 | exit M16 (normal) |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:174:13:174:20 | default: |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | exit M16 (normal) |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:174:13:174:20 | default: |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:174:13:174:20 | default: |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:174:13:174:20 | default: | Switch.cs:174:13:174:20 | default: |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:3:10:3:10 | enter M |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:13:7:22 | [false] ... is ... |
@@ -15794,6 +15856,19 @@ postBlockDominance
| Switch.cs:156:50:156:52 | "b" | Switch.cs:156:50:156:52 | "b" |
| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:49 | ...; |
| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:49 | ...; |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:163:10:163:12 | enter M16 |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | enter M16 |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | exit M16 (normal) |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:174:13:174:20 | default: |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:174:13:174:20 | default: | Switch.cs:174:13:174:20 | default: |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:3:10:3:10 | enter M |
| TypeAccesses.cs:7:13:7:22 | [false] ... is ... | TypeAccesses.cs:7:13:7:22 | [false] ... is ... |

32
csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected
View File

@@ -4029,6 +4029,31 @@ nodeEnclosing
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:163:10:163:12 | exit M16 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:170:17:170:22 | break; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:173:17:173:22 | break; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:174:13:174:20 | default: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:176:17:176:22 | break; | Switch.cs:163:10:163:12 | M16 |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | TypeAccesses |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | TypeAccesses |
| TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | TypeAccesses.cs:1:7:1:18 | TypeAccesses |
@@ -5913,6 +5938,13 @@ blockEnclosing
| Switch.cs:156:50:156:52 | "b" | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:158:13:158:49 | ...; | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:160:13:160:49 | ...; | Switch.cs:154:10:154:12 | M15 |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:163:10:163:12 | M16 |
| Switch.cs:174:13:174:20 | default: | Switch.cs:163:10:163:12 | M16 |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | TypeAccesses |
| TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:3:10:3:10 | M |
| TypeAccesses.cs:7:13:7:22 | [false] ... is ... | TypeAccesses.cs:3:10:3:10 | M |

22
csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected
View File

@@ -2711,6 +2711,28 @@
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:164:5:178:5 | {...} |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:165:9:177:9 | switch (...) {...} |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:165:17:165:17 | access to parameter i |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:167:13:167:19 | case ...: |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:167:18:167:18 | 1 |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:13:168:19 | case ...: |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:168:18:168:18 | 2 |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:169:42:169:49 | "1 or 2" |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:17:169:51 | ...; |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:169:42:169:49 | "1 or 2" |
| Switch.cs:170:17:170:22 | break; | Switch.cs:170:17:170:22 | break; |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:13:171:19 | case ...: |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:171:18:171:18 | 3 |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:172:42:172:44 | "3" |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:17:172:46 | ...; |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:172:42:172:44 | "3" |
| Switch.cs:173:17:173:22 | break; | Switch.cs:173:17:173:22 | break; |
| Switch.cs:174:13:174:20 | default: | Switch.cs:174:13:174:20 | default: |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:175:42:175:46 | "def" |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:175:17:175:48 | ...; |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:175:42:175:46 | "def" |
| Switch.cs:176:17:176:22 | break; | Switch.cs:176:17:176:22 | break; |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object |
| TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} |
| TypeAccesses.cs:4:5:9:5 | {...} | TypeAccesses.cs:4:5:9:5 | {...} |

32
csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected
View File

@@ -3581,6 +3581,38 @@
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " | normal |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:44:160:46 | {...} | normal |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s | normal |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:170:17:170:22 | break; | normal [break] (0) |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:173:17:173:22 | break; | normal [break] (0) |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:176:17:176:22 | break; | normal [break] (0) |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:170:17:170:22 | break; | normal [break] (0) |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:173:17:173:22 | break; | normal [break] (0) |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:176:17:176:22 | break; | normal [break] (0) |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:165:17:165:17 | access to parameter i | normal |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:167:18:167:18 | 1 | no-match |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:169:17:169:50 | call to method WriteLine | normal |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:167:18:167:18 | 1 | match |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:167:18:167:18 | 1 | no-match |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:18:168:18 | 2 | no-match |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:169:17:169:50 | call to method WriteLine | normal |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:168:18:168:18 | 2 | match |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:168:18:168:18 | 2 | no-match |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:169:17:169:50 | call to method WriteLine | normal |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:17:169:50 | call to method WriteLine | normal |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:169:42:169:49 | "1 or 2" | normal |
| Switch.cs:170:17:170:22 | break; | Switch.cs:170:17:170:22 | break; | break |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:18:171:18 | 3 | no-match |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:172:17:172:45 | call to method WriteLine | normal |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:171:18:171:18 | 3 | match |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:171:18:171:18 | 3 | no-match |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:172:17:172:45 | call to method WriteLine | normal |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:17:172:45 | call to method WriteLine | normal |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:172:42:172:44 | "3" | normal |
| Switch.cs:173:17:173:22 | break; | Switch.cs:173:17:173:22 | break; | break |
| Switch.cs:174:13:174:20 | default: | Switch.cs:175:17:175:47 | call to method WriteLine | normal |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:175:17:175:47 | call to method WriteLine | normal |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:175:17:175:47 | call to method WriteLine | normal |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:175:42:175:46 | "def" | normal |
| Switch.cs:176:17:176:22 | break; | Switch.cs:176:17:176:22 | break; | break |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object | normal |
| TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} | normal |
| TypeAccesses.cs:4:5:9:5 | {...} | TypeAccesses.cs:8:13:8:27 | Type t = ... | normal |

27
csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected
View File

@@ -4145,6 +4145,33 @@
| Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s | |
| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." | |
| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} | |
| Switch.cs:163:10:163:12 | enter M16 | Switch.cs:164:5:178:5 | {...} | |
| Switch.cs:163:10:163:12 | exit M16 (normal) | Switch.cs:163:10:163:12 | exit M16 | |
| Switch.cs:164:5:178:5 | {...} | Switch.cs:165:9:177:9 | switch (...) {...} | |
| Switch.cs:165:9:177:9 | switch (...) {...} | Switch.cs:165:17:165:17 | access to parameter i | |
| Switch.cs:165:17:165:17 | access to parameter i | Switch.cs:167:13:167:19 | case ...: | |
| Switch.cs:167:13:167:19 | case ...: | Switch.cs:167:18:167:18 | 1 | |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:168:13:168:19 | case ...: | no-match |
| Switch.cs:167:18:167:18 | 1 | Switch.cs:169:17:169:51 | ...; | match |
| Switch.cs:168:13:168:19 | case ...: | Switch.cs:168:18:168:18 | 2 | |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:169:17:169:51 | ...; | match |
| Switch.cs:168:18:168:18 | 2 | Switch.cs:171:13:171:19 | case ...: | no-match |
| Switch.cs:169:17:169:50 | call to method WriteLine | Switch.cs:170:17:170:22 | break; | |
| Switch.cs:169:17:169:51 | ...; | Switch.cs:169:42:169:49 | "1 or 2" | |
| Switch.cs:169:42:169:49 | "1 or 2" | Switch.cs:169:17:169:50 | call to method WriteLine | |
| Switch.cs:170:17:170:22 | break; | Switch.cs:163:10:163:12 | exit M16 (normal) | break |
| Switch.cs:171:13:171:19 | case ...: | Switch.cs:171:18:171:18 | 3 | |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:172:17:172:46 | ...; | match |
| Switch.cs:171:18:171:18 | 3 | Switch.cs:174:13:174:20 | default: | no-match |
| Switch.cs:172:17:172:45 | call to method WriteLine | Switch.cs:173:17:173:22 | break; | |
| Switch.cs:172:17:172:46 | ...; | Switch.cs:172:42:172:44 | "3" | |
| Switch.cs:172:42:172:44 | "3" | Switch.cs:172:17:172:45 | call to method WriteLine | |
| Switch.cs:173:17:173:22 | break; | Switch.cs:163:10:163:12 | exit M16 (normal) | break |
| Switch.cs:174:13:174:20 | default: | Switch.cs:175:17:175:48 | ...; | |
| Switch.cs:175:17:175:47 | call to method WriteLine | Switch.cs:176:17:176:22 | break; | |
| Switch.cs:175:17:175:48 | ...; | Switch.cs:175:42:175:46 | "def" | |
| Switch.cs:175:42:175:46 | "def" | Switch.cs:175:17:175:47 | call to method WriteLine | |
| Switch.cs:176:17:176:22 | break; | Switch.cs:163:10:163:12 | exit M16 (normal) | break |
| TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} | |
| TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object | |
| TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | |

1
csharp/ql/test/library-tests/controlflow/graph/Nodes.expected
View File

@@ -1256,6 +1256,7 @@ entryPoint
| Switch.cs:134:9:134:11 | M13 | Switch.cs:135:5:142:5 | {...} |
| Switch.cs:144:9:144:11 | M14 | Switch.cs:145:5:152:5 | {...} |
| Switch.cs:154:10:154:12 | M15 | Switch.cs:155:5:161:5 | {...} |
| Switch.cs:163:10:163:12 | M16 | Switch.cs:164:5:178:5 | {...} |
| TypeAccesses.cs:1:7:1:18 | TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object |
| TypeAccesses.cs:3:10:3:10 | M | TypeAccesses.cs:4:5:9:5 | {...} |
| VarDecls.cs:3:7:3:14 | VarDecls | VarDecls.cs:3:7:3:14 | call to constructor Object |

17
csharp/ql/test/library-tests/controlflow/graph/Switch.cs
View File

@@ -159,4 +159,21 @@ class Switch
else
System.Console.WriteLine($"b = {s}");
}
void M16(int i)
{
switch (i)
{
case 1:
case 2:
System.Console.WriteLine("1 or 2");
break;
case 3:
System.Console.WriteLine("3");
break;
default:
System.Console.WriteLine("def");
break;
}
}
}

0
csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected → csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected
View File

0
csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ext.yml → csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml
View File

4
csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql → csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql
View File

@@ -3,9 +3,9 @@ import utils.modelgenerator.internal.CaptureModels
import utils.test.InlineMadTest
module InlineMadTestConfig implements InlineMadTestConfigSig {
string getCapturedModel(Callable c) { result = captureFlow(c) }
string getCapturedModel(Callable c) { result = Heuristic::captureFlow(c) }
string getKind() { result = "summary" }
string getKind() { result = "heuristic-summary" }
}
import InlineMadTest<InlineMadTestConfig>

2
csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
View File

@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels
import utils.test.InlineMadTest
module InlineMadTestConfig implements InlineMadTestConfigSig {
string getCapturedModel(Callable c) { result = captureNoFlow(c) }
string getCapturedModel(Callable c) { result = captureNeutral(c) }
string getKind() { result = "neutral" }
}

2
csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql
View File

@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels
import utils.test.InlineMadTest
module InlineMadTestConfig implements InlineMadTestConfigSig {
string getCapturedModel(Callable c) { result = captureSink(c) }
string getCapturedModel(Callable c) { result = Heuristic::captureSink(c) }
string getKind() { result = "sink" }
}

2
csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql
View File

@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels
import utils.test.InlineMadTest
module InlineMadTestConfig implements InlineMadTestConfigSig {
string getCapturedModel(Callable c) { result = captureSource(c) }
string getCapturedModel(Callable c) { result = Heuristic::captureSource(c) }
string getKind() { result = "source" }
}

181
csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs
View File

@@ -12,29 +12,29 @@ public class BasicFlow
private string tainted;
// summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;dfc-generated
public BasicFlow ReturnThis(object input)
{
return this;
}
// summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;value;dfc-generated
public string ReturnParam0(string input0, object input1)
{
return input0;
}
// summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;taint;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;value;dfc-generated
public object ReturnParam1(string input0, object input1)
{
return input1;
}
// summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;taint;df-generated
// summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;taint;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;value;dfc-generated
// contentbased-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;value;dfc-generated
public object ReturnParamMultiple(object input0, object input1)
@@ -42,21 +42,21 @@ public class BasicFlow
return (System.DateTime.Now.DayOfWeek == System.DayOfWeek.Monday) ? input0 : input1;
}
// summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;dfc-generated
public string ReturnSubstring(string s)
{
return s.Substring(0, 1);
}
// summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this].SyntheticField[Models.BasicFlow.tainted];value;dfc-generated
public void SetField(string s)
{
tainted = s;
}
// summary=Models;BasicFlow;false;ReturnField;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ReturnField;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;BasicFlow;false;ReturnField;();;Argument[this].SyntheticField[Models.BasicFlow.tainted];ReturnValue;value;dfc-generated
public string ReturnField()
{
@@ -64,8 +64,8 @@ public class BasicFlow
}
public Func<object, object> MyFunction;
// summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated
// summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated
// No content based flow as MaD doesn't support callback logic in fields and properties.
public object ApplyMyFunction(object o)
{
@@ -77,91 +77,91 @@ public class CollectionFlow
{
private readonly string tainted;
// summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this].SyntheticField[Models.CollectionFlow.tainted];value;dfc-generated
public CollectionFlow(string s)
{
tainted = s;
}
// summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;value;dfc-generated
public object ReturnArrayElement(object[] input)
{
return input[0];
}
// summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;value;dfc-generated
public void AssignToArray(object data, object[] target)
{
target[0] = data;
}
// summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this];Argument[0].Element;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this];Argument[0].Element;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this].SyntheticField[Models.CollectionFlow.tainted];Argument[0].Element;value;dfc-generated
public void AssignFieldToArray(object[] target)
{
target[0] = tainted;
}
// summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List<System.Object>);;Argument[0].Element;ReturnValue;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List<System.Object>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List<System.Object>);;Argument[0].Element;ReturnValue;value;dfc-generated
public object ReturnListElement(List<object> input)
{
return input[0];
}
// summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List<System.Object>,System.Object);;Argument[1];Argument[0].Element;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List<System.Object>,System.Object);;Argument[1];Argument[0].Element;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List<System.Object>,System.Object);;Argument[1];Argument[0].Element;value;dfc-generated
public void AddToList(List<object> input, object data)
{
input.Add(data);
}
// summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List<System.String>);;Argument[this];Argument[0].Element;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List<System.String>);;Argument[this];Argument[0].Element;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List<System.String>);;Argument[this].SyntheticField[Models.CollectionFlow.tainted];Argument[0].Element;value;dfc-generated
public void AddFieldToList(List<string> input)
{
input.Add(tainted);
}
// summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this].SyntheticField[Models.CollectionFlow.tainted];ReturnValue.Element;value;dfc-generated
public List<string> ReturnFieldInAList()
{
return new List<string> { tainted };
}
// SPURIOUS-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0];ReturnValue;value;dfc-generated
public string[] ReturnComplexTypeArray(string[] a)
{
return a;
}
// SPURIOUS-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List<System.Byte>);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List<System.Byte>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List<System.Byte>);;Argument[0];ReturnValue;value;dfc-generated
public List<byte> ReturnBulkTypeList(List<byte> a)
{
return a;
}
// SPURIOUS-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary<System.Int32,System.String>);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary<System.Int32,System.String>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary<System.Int32,System.String>);;Argument[0];ReturnValue;value;dfc-generated
public Dictionary<int, string> ReturnComplexTypeDictionary(Dictionary<int, string> a)
{
return a;
}
// SPURIOUS-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0];ReturnValue;value;dfc-generated
public Array ReturnUntypedArray(Array a)
{
return a;
}
// SPURIOUS-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0];ReturnValue;value;dfc-generated
public IList ReturnUntypedList(IList a)
{
@@ -195,28 +195,28 @@ public class IEnumerableFlow
{
private readonly string tainted;
// summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this].SyntheticField[Models.IEnumerableFlow.tainted];value;dfc-generated
public IEnumerableFlow(string s)
{
tainted = s;
}
// SPURIOUS-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable<System.String>);;Argument[0].Element;ReturnValue;taint;df-generated
// SPURIOUS-heuristic-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable<System.String>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable<System.String>);;Argument[0];ReturnValue;value;dfc-generated
public IEnumerable<string> ReturnIEnumerable(IEnumerable<string> input)
{
return input;
}
// summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable<System.Object>);;Argument[0].Element;ReturnValue;taint;df-generated
// heuristic-summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable<System.Object>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable<System.Object>);;Argument[0].Element;ReturnValue;value;dfc-generated
public object ReturnIEnumerableElement(IEnumerable<object> input)
{
return input.First();
}
// summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this].SyntheticField[Models.IEnumerableFlow.tainted];ReturnValue.Element;value;dfc-generated
public IEnumerable<string> ReturnFieldInIEnumerable()
{
@@ -228,49 +228,49 @@ public class GenericFlow<T>
{
private T tainted;
// summary=Models;GenericFlow<T>;false;SetGenericField;(T);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;SetGenericField;(T);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;SetGenericField;(T);;Argument[0];Argument[this].SyntheticField[Models.GenericFlow`1.tainted];value;dfc-generated
public void SetGenericField(T t)
{
tainted = t;
}
// summary=Models;GenericFlow<T>;false;ReturnGenericField;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;ReturnGenericField;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;ReturnGenericField;();;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];ReturnValue;value;dfc-generated
public T ReturnGenericField()
{
return tainted;
}
// summary=Models;GenericFlow<T>;false;AddFieldToGenericList;(System.Collections.Generic.List<T>);;Argument[this];Argument[0].Element;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;AddFieldToGenericList;(System.Collections.Generic.List<T>);;Argument[this];Argument[0].Element;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;AddFieldToGenericList;(System.Collections.Generic.List<T>);;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];Argument[0].Element;value;dfc-generated
public void AddFieldToGenericList(List<T> input)
{
input.Add(tainted);
}
// summary=Models;GenericFlow<T>;false;ReturnFieldInGenericList;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;ReturnFieldInGenericList;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;ReturnFieldInGenericList;();;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];ReturnValue.Element;value;dfc-generated
public List<T> ReturnFieldInGenericList()
{
return new List<T> { tainted };
}
// summary=Models;GenericFlow<T>;false;ReturnGenericParam<S>;(S);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;ReturnGenericParam<S>;(S);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;ReturnGenericParam<S>;(S);;Argument[0];ReturnValue;value;dfc-generated
public S ReturnGenericParam<S>(S input)
{
return input;
}
// summary=Models;GenericFlow<T>;false;ReturnGenericElement<S>;(System.Collections.Generic.List<S>);;Argument[0].Element;ReturnValue;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;ReturnGenericElement<S>;(System.Collections.Generic.List<S>);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;ReturnGenericElement<S>;(System.Collections.Generic.List<S>);;Argument[0].Element;ReturnValue;value;dfc-generated
public S ReturnGenericElement<S>(List<S> input)
{
return input[0];
}
// summary=Models;GenericFlow<T>;false;AddToGenericList<S>;(System.Collections.Generic.List<S>,S);;Argument[1];Argument[0].Element;taint;df-generated
// heuristic-summary=Models;GenericFlow<T>;false;AddToGenericList<S>;(System.Collections.Generic.List<S>,S);;Argument[1];Argument[0].Element;taint;df-generated
// contentbased-summary=Models;GenericFlow<T>;false;AddToGenericList<S>;(System.Collections.Generic.List<S>,S);;Argument[1];Argument[0].Element;value;dfc-generated
public void AddToGenericList<S>(List<S> input, S data)
{
@@ -280,7 +280,7 @@ public class GenericFlow<T>
public abstract class BaseClassFlow
{
// summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;value;dfc-generated
public virtual object ReturnParam(object input)
{
@@ -290,7 +290,7 @@ public abstract class BaseClassFlow
public class DerivedClass1Flow : BaseClassFlow
{
// summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;taint;df-generated
// heuristic-summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;taint;df-generated
// contentbased-summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;value;dfc-generated
public string ReturnParam1(string input0, string input1)
{
@@ -300,14 +300,14 @@ public class DerivedClass1Flow : BaseClassFlow
public class DerivedClass2Flow : BaseClassFlow
{
// summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;value;dfc-generated
public override object ReturnParam(object input)
{
return input;
}
// summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;value;dfc-generated
public string ReturnParam0(string input0, int input1)
{
@@ -319,7 +319,7 @@ public class OperatorFlow
{
public readonly object Field;
// summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this].Field[Models.OperatorFlow.Field];value;dfc-generated
public OperatorFlow(object o)
{
@@ -327,7 +327,7 @@ public class OperatorFlow
}
// Flow Summary.
// summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;value;dfc-generated
public static OperatorFlow operator +(OperatorFlow a, OperatorFlow b)
{
@@ -368,7 +368,7 @@ public class EqualsGetHashCodeNoFlow
return boolTainted;
}
// summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;value;dfc-generated
public string Equals(string s)
{
@@ -386,14 +386,14 @@ public class Properties
{
private string tainted;
// summary=Models;Properties;false;get_Prop1;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Properties;false;get_Prop1;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Properties;false;get_Prop1;();;Argument[this].SyntheticField[Models.Properties.tainted];ReturnValue;value;dfc-generated
public string Prop1
{
get { return tainted; }
}
// summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this].SyntheticField[Models.Properties.tainted];value;dfc-generated
public string Prop2
{
@@ -510,14 +510,12 @@ public class SimpleTypes
// the content based model generation is able to produce flow summaries for them.
public class HigherOrderParameters
{
// neutral=Models;HigherOrderParameters;M1;(System.String,System.Func<System.String,System.String>);summary;df-generated
// contentbased-summary=Models;HigherOrderParameters;false;M1;(System.String,System.Func<System.String,System.String>);;Argument[0];ReturnValue;value;dfc-generated
public string M1(string s, Func<string, string> map)
{
return s;
}
// neutral=Models;HigherOrderParameters;Apply;(System.Func<System.Object,System.Object>,System.Object);summary;df-generated
// contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated
// contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated
public object Apply(Func<object, object> f, object o)
@@ -525,7 +523,6 @@ public class HigherOrderParameters
return f(o);
}
// neutral=Models;HigherOrderParameters;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);summary;df-generated
// contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[0];Argument[1].Parameter[1];value;dfc-generated
// contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated
public object Apply2(object o, Func<object, object, object> f)
@@ -534,7 +531,6 @@ public class HigherOrderParameters
return x;
}
// neutral=Models;HigherOrderParameters;Apply;(System.Action<System.Object>,System.Object);summary;df-generated
// contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Action<System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated
public void Apply(Action<object> a, object o)
{
@@ -544,7 +540,6 @@ public class HigherOrderParameters
public static class HigherOrderExtensionMethods
{
// neutral=Models;HigherOrderExtensionMethods;Select<TSource,TResult>;(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>);summary;df-generated
// contentbased-summary=Models;HigherOrderExtensionMethods;false;Select<TSource,TResult>;(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>);;Argument[0].Element;Argument[1].Parameter[0];value;dfc-generated
// contentbased-summary=Models;HigherOrderExtensionMethods;false;Select<TSource,TResult>;(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>);;Argument[1].ReturnValue;ReturnValue.Element;value;dfc-generated
public static IEnumerable<TResult> Select<TSource, TResult>(
@@ -611,7 +606,7 @@ public class Inheritance
public class AImplBasePublic : BasePublic
{
// summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated
public override string Id(string x)
{
@@ -641,7 +636,7 @@ public class Inheritance
public class BImpl : B
{
// summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated
public override string Id(string x)
{
@@ -651,7 +646,7 @@ public class Inheritance
private class CImpl : C
{
// summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated
public override string Id(string x)
{
@@ -661,11 +656,13 @@ public class Inheritance
public interface IPublic3
{
// neutral=Models;Inheritance+IPublic3;get_Prop;();summary;df-generated
string Prop { get; }
}
public abstract class D : IPublic3
{
// neutral=Models;Inheritance+D;get_Prop;();summary;df-generated
public abstract string Prop { get; }
}
@@ -673,14 +670,14 @@ public class Inheritance
{
private readonly string tainted;
// summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this].SyntheticField[Models.Inheritance+DImpl.tainted];value;dfc-generated
public DImpl(string s)
{
tainted = s;
}
// summary=Models;Inheritance+IPublic3;true;get_Prop;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Inheritance+IPublic3;true;get_Prop;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Inheritance+DImpl;true;get_Prop;();;Argument[this].SyntheticField[Models.Inheritance+DImpl.tainted];ReturnValue;value;dfc-generated
public override string Prop { get { return tainted; } }
}
@@ -696,13 +693,13 @@ public class Inheritance
{
private object field;
// summary=Models;Inheritance+BaseContent;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Inheritance+BaseContent;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
public override object GetValue()
{
return field;
}
// summary=Models;Inheritance+BaseContent;true;SetValue;(System.Object);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;Inheritance+BaseContent;true;SetValue;(System.Object);;Argument[0];Argument[this];taint;df-generated
public override void SetValue(object o)
{
field = o;
@@ -719,14 +716,14 @@ public class MemberFlow
public string Field;
}
// summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0].Property[Models.MemberFlow+C.Prop];ReturnValue;value;dfc-generated
public string M1(C c)
{
return c.Prop;
}
// summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0].Field[Models.MemberFlow+C.Field];ReturnValue;value;dfc-generated
public string M2(C c)
{
@@ -736,7 +733,7 @@ public class MemberFlow
public class IDictionaryFlow
{
// summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary<System.Object,System.Object>,System.Object);;Argument[0].Element;ReturnValue;taint;df-generated
// heuristic-summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary<System.Object,System.Object>,System.Object);;Argument[0].Element;ReturnValue;taint;df-generated
// contentbased-summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary<System.Object,System.Object>,System.Object);;Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;dfc-generated
public object ReturnIDictionaryValue(IDictionary<object, object> input, object key)
{
@@ -749,21 +746,21 @@ public class NestedFieldFlow
public NestedFieldFlow FieldA;
public NestedFieldFlow FieldB;
// summary=Models;NestedFieldFlow;false;Move;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;NestedFieldFlow;false;Move;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;NestedFieldFlow;false;Move;();;Argument[this].Field[Models.NestedFieldFlow.FieldA];ReturnValue.Field[Models.NestedFieldFlow.FieldB];value;dfc-generated
public NestedFieldFlow Move()
{
return new NestedFieldFlow() { FieldB = this.FieldA };
}
// summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this].Field[Models.NestedFieldFlow.FieldB].Field[Models.NestedFieldFlow.FieldA];ReturnValue.Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];value;dfc-generated
public NestedFieldFlow MoveNested()
{
return new NestedFieldFlow() { FieldA = FieldB.Move() };
}
// summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this].Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];ReturnValue.Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];value;dfc-generated
public NestedFieldFlow ReverseFields()
{
@@ -784,70 +781,69 @@ public class SyntheticFields
private string brokenChainBegin;
private string brokenChainEnd;
// summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.value1];value;dfc-generated
public SyntheticFields(string v1)
{
value1 = v1;
}
// summary=Models;SyntheticFields;false;GetValue1;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;GetValue1;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;GetValue1;();;Argument[this].SyntheticField[Models.SyntheticFields.value1];ReturnValue;value;dfc-generated
public string GetValue1()
{
return value1;
}
// summary=Models;SyntheticFields;false;GetValue2;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;GetValue2;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;GetValue2;();;Argument[this].SyntheticField[Models.SyntheticFields.value2];ReturnValue;value;dfc-generated
public string GetValue2()
{
return value2;
}
// summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.value2];value;dfc-generated
public void SetValue2(string v2)
{
value2 = v2;
}
// summary=Models;SyntheticFields;false;SetValue3;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;SetValue3;(System.String);;Argument[0];Argument[this];taint;df-generated
// No content based summary as value3 is a dead synthetic field.
public void SetValue3(string v3)
{
value3 = v3;
}
// summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.chainBegin];value;dfc-generated
public void SetChainBegin(string v)
{
chainBegin = v;
}
// neutral=Models;SyntheticFields;CopyChainValue;();summary;df-generated
// contentbased-summary=Models;SyntheticFields;false;CopyChainValue;();;Argument[this].SyntheticField[Models.SyntheticFields.chainBegin];Argument[this].SyntheticField[Models.SyntheticFields.chainEnd];value;dfc-generated
public void CopyChainValue()
{
chainEnd = chainBegin;
}
// summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this].SyntheticField[Models.SyntheticFields.chainEnd];ReturnValue;value;dfc-generated
public string GetChainEnd()
{
return chainEnd;
}
// summary=Models;SyntheticFields;false;SetBrokenChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;SetBrokenChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated
// No content based summary as brokenChainBegin is a dead synthetic field.
public void SetBrokenChainBegin(string v)
{
brokenChainBegin = v;
}
// summary=Models;SyntheticFields;false;GetBrokenChainEnd;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;GetBrokenChainEnd;();;Argument[this];ReturnValue;taint;df-generated
// No content based summary as brokenChainEnd is a dead synthetic field.
public string GetBrokenChainEnd()
{
@@ -858,14 +854,14 @@ public class SyntheticFields
{
private readonly string value;
// summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];value;dfc-generated
public InnerSyntheticFields(string v)
{
value = v;
}
// summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this].SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];ReturnValue;value;dfc-generated
public string GetValue()
{
@@ -873,7 +869,7 @@ public class SyntheticFields
}
}
// summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue.SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];value;dfc-generated
public InnerSyntheticFields MakeInner(string v)
{
@@ -887,21 +883,21 @@ public class SyntheticProperties
private string Prop2 { get; set; }
// summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticProperties.Prop1];value;dfc-generated
public SyntheticProperties(string v1)
{
Prop1 = v1;
}
// summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this].SyntheticField[Models.SyntheticProperties.Prop1];ReturnValue;value;dfc-generated
public string GetProp1()
{
return Prop1;
}
// summary=Models;SyntheticProperties;false;SetProp2;(System.String);;Argument[0];Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticProperties;false;SetProp2;(System.String);;Argument[0];Argument[this];taint;df-generated
// No content based summary as Prop2 is a dead synthetic field.
public void SetProp2(string v)
{
@@ -913,14 +909,14 @@ public class SyntheticCollections
{
private object[] array;
// summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0].Element;Argument[this];taint;df-generated
// heuristic-summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0].Element;Argument[this];taint;df-generated
// contentbased-summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0];Argument[this].SyntheticField[Models.SyntheticCollections.array];value;dfc-generated
public SyntheticCollections(object[] array)
{
this.array = array;
}
// summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this].SyntheticField[Models.SyntheticCollections.array].Element;ReturnValue;value;dfc-generated
public object GetElement(int index)
{
@@ -933,6 +929,7 @@ public class Fanout
public abstract class Base1
{
// neutral=Models;Fanout+Base1;GetValue;();summary;df-generated
public abstract string GetValue();
}
@@ -942,7 +939,7 @@ public class Fanout
{
public string Prop { get; set; }
// summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Fanout+Impl1;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl1.Prop];ReturnValue;value;dfc-generated
public override string GetValue()
{
@@ -954,7 +951,7 @@ public class Fanout
{
public string Prop { get; set; }
// summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Fanout+Impl2;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl2.Prop];ReturnValue;value;dfc-generated
public override string GetValue()
{
@@ -966,7 +963,7 @@ public class Fanout
{
public string Prop { get; set; }
// summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Fanout+Impl3;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl3.Prop];ReturnValue;value;dfc-generated
public override string GetValue()
{
@@ -978,7 +975,7 @@ public class Fanout
{
public string Prop { get; set; }
// summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// contentbased-summary=Models;Fanout+Impl4;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl4.Prop];ReturnValue;value;dfc-generated
public override string GetValue()
{
@@ -986,8 +983,8 @@ public class Fanout
}
}
// summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;df-generated
// summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[1];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[1];ReturnValue;taint;df-generated
// No content based summaries are expected for this method on parameter `b1`
// as the fanout (number of content flows) exceeds the limit of 3.
// contentbased-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;dfc-generated
@@ -996,8 +993,8 @@ public class Fanout
return other + b1.GetValue();
}
// summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;df-generated
// summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1];ReturnValue;taint;df-generated
// contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;dfc-generated
// contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1].Property[Models.Fanout+Impl2.Prop];ReturnValue;taint;dfc-generated
// contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1].Property[Models.Fanout+Impl3.Prop];ReturnValue;taint;dfc-generated
@@ -1015,7 +1012,7 @@ public class AvoidDuplicateLifted
public object Prop { get; set; }
// contentbased-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this].Property[Models.AvoidDuplicateLifted+A.Prop];ReturnValue;value;dfc-generated
// summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
public virtual object GetValue()
{
return Prop;
@@ -1027,7 +1024,7 @@ public class AvoidDuplicateLifted
private object field;
// No content based summary as field is a dead synthetic field.
// summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
// heuristic-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated
public override object GetValue()
{
return field;
@@ -1038,14 +1035,14 @@ public class AvoidDuplicateLifted
public class ParameterModifiers
{
// contentbased-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated
// summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
// heuristic-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
public void Copy(object key, out object value)
{
value = key;
}
// contentbased-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated
// summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
// heuristic-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated
public void CopyToRef(object key, ref object value)
{
value = key;
@@ -1065,7 +1062,7 @@ public class ParameterModifiers
}
// contentbased-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;value;dfc-generated
// summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated
// heuristic-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated
public object InReturn(in object v)
{
return v;

6
go/extractor/cli/go-autobuilder/go-autobuilder.go
View File

@@ -67,13 +67,13 @@ func restoreRepoLayout(fromDir string, dirEntries []string, scratchDirName strin
// addVersionToMod add a go version directive, e.g. `go 1.14` to a `go.mod` file.
func addVersionToMod(version string) bool {
cmd := exec.Command("go", "mod", "edit", "-go="+version)
cmd := toolchain.GoCommand("mod", "edit", "-go="+version)
return util.RunCmd(cmd)
}
// checkVendor tests to see whether a vendor directory is inconsistent according to the go frontend
func checkVendor() bool {
vendorCheckCmd := exec.Command("go", "list", "-mod=vendor", "./...")
vendorCheckCmd := toolchain.GoCommand("list", "-mod=vendor", "./...")
outp, err := vendorCheckCmd.CombinedOutput()
if err != nil {
badVendorRe := regexp.MustCompile(`(?m)^go: inconsistent vendoring in .*:$`)
@@ -438,7 +438,7 @@ func installDependencies(workspace project.GoWorkspace) {
util.RunCmd(vendor)
}
install = exec.Command("go", "get", "-v", "./...")
install = toolchain.GoCommand("get", "-v", "./...")
install.Dir = path
log.Printf("Installing dependencies using `go get -v ./...` in `%s`.\n", path)
util.RunCmd(install)

17
go/extractor/toolchain/toolchain.go
View File

@@ -137,9 +137,16 @@ func SupportsWorkspaces() bool {
return GetEnvGoSemVer().IsAtLeast(V1_18)
}
// Constructs a `*exec.Cmd` for `go` with the specified arguments.
func GoCommand(arg ...string) *exec.Cmd {
cmd := exec.Command("go", arg...)
util.ApplyProxyEnvVars(cmd)
return cmd
}
// Run `go mod tidy -e` in the directory given by `path`.
func TidyModule(path string) *exec.Cmd {
cmd := exec.Command("go", "mod", "tidy", "-e")
cmd := GoCommand("mod", "tidy", "-e")
cmd.Dir = path
return cmd
}
@@ -159,21 +166,21 @@ func InitModule(path string) *exec.Cmd {
}
}
modInit := exec.Command("go", "mod", "init", moduleName)
modInit := GoCommand("mod", "init", moduleName)
modInit.Dir = path
return modInit
}
// Constructs a command to run `go mod vendor -e` in the directory given by `path`.
func VendorModule(path string) *exec.Cmd {
modVendor := exec.Command("go", "mod", "vendor", "-e")
modVendor := GoCommand("mod", "vendor", "-e")
modVendor.Dir = path
return modVendor
}
// Constructs a command to run `go version`.
func Version() *exec.Cmd {
version := exec.Command("go", "version")
version := GoCommand("version")
return version
}
@@ -209,7 +216,7 @@ func RunListWithEnv(format string, patterns []string, additionalEnv []string, fl
func ListWithEnv(format string, patterns []string, additionalEnv []string, flags ...string) *exec.Cmd {
args := append([]string{"list", "-e", "-f", format}, flags...)
args = append(args, patterns...)
cmd := exec.Command("go", args...)
cmd := GoCommand(args...)
cmd.Env = append(os.Environ(), additionalEnv...)
return cmd
}

2
go/extractor/util/BUILD.bazel generated
View File

@@ -6,6 +6,7 @@ go_library(
name = "util",
srcs = [
"extractvendordirs.go",
"registryproxy.go",
"semver.go",
"util.go",
],
@@ -17,6 +18,7 @@ go_library(
go_test(
name = "util_test",
srcs = [
"registryproxy_test.go",
"semver_test.go",
"util_test.go",
],

134
go/extractor/util/registryproxy.go Normal file
View File

@@ -0,0 +1,134 @@
package util
import (
"encoding/json"
"fmt"
"log/slog"
"os"
"os/exec"
"strings"
)
const PROXY_HOST = "CODEQL_PROXY_HOST"
const PROXY_PORT = "CODEQL_PROXY_PORT"
const PROXY_CA_CERTIFICATE = "CODEQL_PROXY_CA_CERTIFICATE"
const PROXY_URLS = "CODEQL_PROXY_URLS"
const GOPROXY_SERVER = "goproxy_server"
type RegistryConfig struct {
Type string `json:"type"`
URL string `json:"url"`
}
// The address of the proxy including protocol and port (e.g. http://localhost:1234)
var proxy_address string
// The path to the temporary file that stores the proxy certificate, if any.
var proxy_cert_file string
// An array of registry configurations that are relevant to Go.
// This excludes other registry configurations that may be available, but are not relevant to Go.
var proxy_configs []RegistryConfig
// Stores the environment variables that we wish to pass on to `go` commands.
var proxy_vars []string = nil
// Keeps track of whether we have inspected the proxy environment variables.
// Needed since `proxy_vars` may be nil either way.
var proxy_vars_checked bool = false
// Tries to parse the given string value into an array of RegistryConfig values.
func parseRegistryConfigs(str string) ([]RegistryConfig, error) {
var configs []RegistryConfig
if err := json.Unmarshal([]byte(str), &configs); err != nil {
return nil, err
}
return configs, nil
}
func getEnvVars() []string {
var result []string
if proxy_host, proxy_host_set := os.LookupEnv(PROXY_HOST); proxy_host_set {
if proxy_port, proxy_port_set := os.LookupEnv(PROXY_PORT); proxy_port_set {
proxy_address = fmt.Sprintf("http://%s:%s", proxy_host, proxy_port)
result = append(result, fmt.Sprintf("HTTP_PROXY=%s", proxy_address), fmt.Sprintf("HTTPS_PROXY=%s", proxy_address))
slog.Info("Found private registry proxy", slog.String("proxy_address", proxy_address))
}
}
if proxy_cert, proxy_cert_set := os.LookupEnv(PROXY_CA_CERTIFICATE); proxy_cert_set {
// Write the certificate to a temporary file
slog.Info("Found certificate")
f, err := os.CreateTemp("", "codeql-proxy.crt")
if err != nil {
slog.Error("Failed to create temporary file for the proxy certificate", slog.String("error", err.Error()))
}
_, err = f.WriteString(proxy_cert)
if err != nil {
slog.Error("Failed to write to the temporary certificate file", slog.String("error", err.Error()))
}
err = f.Close()
if err != nil {
slog.Error("Failed to close the temporary certificate file", slog.String("error", err.Error()))
} else {
proxy_cert_file = f.Name()
result = append(result, fmt.Sprintf("SSL_CERT_FILE=%s", proxy_cert_file))
}
}
if proxy_urls, proxy_urls_set := os.LookupEnv(PROXY_URLS); proxy_urls_set {
val, err := parseRegistryConfigs(proxy_urls)
if err != nil {
slog.Error("Unable to parse proxy configurations", slog.String("error", err.Error()))
} else {
// We only care about private registry configurations that are relevant to Go and
// filter others out at this point.
for _, cfg := range val {
if cfg.Type == GOPROXY_SERVER {
proxy_configs = append(proxy_configs, cfg)
slog.Info("Found GOPROXY server", slog.String("url", cfg.URL))
}
}
if len(proxy_configs) > 0 {
goproxy_val := "https://proxy.golang.org,direct"
for _, cfg := range proxy_configs {
goproxy_val = cfg.URL + "," + goproxy_val
}
result = append(result, fmt.Sprintf("GOPROXY=%s", goproxy_val), "GOPRIVATE=", "GONOPROXY=")
}
}
}
return result
}
// Applies private package proxy related environment variables to `cmd`.
func ApplyProxyEnvVars(cmd *exec.Cmd) {
slog.Debug(
"Applying private registry proxy environment variables",
slog.String("cmd_args", strings.Join(cmd.Args, " ")),
)
// If we haven't done so yet, check whether the proxy environment variables are set
// and extract information from them.
if !proxy_vars_checked {
proxy_vars = getEnvVars()
proxy_vars_checked = true
}
// If the proxy is configured, `proxy_vars` will be not `nil`. We append those
// variables to the existing environment to preserve those environment variables.
// If `cmd.Env` is not changed, then the existing environment is also preserved.
if proxy_vars != nil {
cmd.Env = append(os.Environ(), proxy_vars...)
}
}

49
go/extractor/util/registryproxy_test.go Normal file
View File

@@ -0,0 +1,49 @@
package util
import (
"testing"
)
func parseRegistryConfigsFail(t *testing.T, str string) {
_, err := parseRegistryConfigs(str)
if err == nil {
t.Fatal("Expected `parseRegistryConfigs` to fail, but it succeeded.")
}
}
func parseRegistryConfigsSuccess(t *testing.T, str string) []RegistryConfig {
val, err := parseRegistryConfigs(str)
if err != nil {
t.Fatalf("Expected `parseRegistryConfigs` to succeed, but it failed: %s", err.Error())
}
return val
}
func TestParseRegistryConfigs(t *testing.T) {
parseRegistryConfigsFail(t, "")
empty := parseRegistryConfigsSuccess(t, "[]")
if len(empty) != 0 {
t.Fatal("Expected `parseRegistryConfigs(\"[]\")` to return no configurations, but got some.")
}
single := parseRegistryConfigsSuccess(t, "[{ \"type\": \"goproxy_server\", \"url\": \"https://proxy.example.com/mod\" }]")
if len(single) != 1 {
t.Fatalf("Expected `parseRegistryConfigs` to return one configuration, but got %d.", len(single))
}
first := single[0]
if first.Type != "goproxy_server" {
t.Fatalf("Expected `Type` to be `goproxy_server`, but got `%s`", first.Type)
}
if first.URL != "https://proxy.example.com/mod" {
t.Fatalf("Expected `URL` to be `https://proxy.example.com/mod`, but got `%s`", first.URL)
}
}

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.22
No user-facing changes.
## 1.0.21
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.22.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.22
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.21
lastReleaseVersion: 1.0.22

Some files were not shown because too many files have changed in this diff Show More