diff --git a/.bazelrc b/.bazelrc index 679eeec77a3..8687f4406cb 100644 --- a/.bazelrc +++ b/.bazelrc @@ -11,6 +11,8 @@ build --compilation_mode opt common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub build --repo_env=CC=clang --repo_env=CXX=clang++ +# Disable Android SDK auto-detection (we don't use it, and rules_android has Bazel 9 compatibility issues) +build --repo_env=ANDROID_HOME= # print test output, like sembuild does. # Set to `errors` if this is too verbose. @@ -34,7 +36,7 @@ common --@rules_dotnet//dotnet/settings:strict_deps=false common --@rules_rust//rust/toolchain/channel=nightly # Reduce this eventually to empty, once we've fixed all our usages of java, and https://github.com/bazel-contrib/rules_go/issues/4193 is fixed -common --incompatible_autoload_externally="+@rules_java,+@rules_shell" +common --incompatible_autoload_externally="+@rules_cc,+@rules_java,+@rules_shell" build --java_language_version=17 build --tool_java_language_version=17 diff --git a/.bazelversion b/.bazelversion index e7fdef7e2e6..f7ee06693c1 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -8.4.2 +9.0.0 diff --git a/MODULE.bazel b/MODULE.bazel index 9b326127ce7..2b37719584c 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -15,20 +15,22 @@ local_path_override( # see https://registry.bazel.build/ for a list of available packages bazel_dep(name = "platforms", version = "1.0.0") -bazel_dep(name = "rules_go", version = "0.56.1") +bazel_dep(name = "rules_cc", version = "0.2.16") +bazel_dep(name = "rules_go", version = "0.59.0") +bazel_dep(name = "rules_java", version = "9.0.3") bazel_dep(name = "rules_pkg", version = "1.0.1") -bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1") +bazel_dep(name = "rules_nodejs", version = "6.7.3") bazel_dep(name = "rules_python", version = "0.40.0") bazel_dep(name = "rules_shell", version = "0.5.0") bazel_dep(name = "bazel_skylib", version = "1.8.1") bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl") bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json") bazel_dep(name = "fmt", version = "12.1.0-codeql.1") -bazel_dep(name = "rules_kotlin", version = "2.2.0-codeql.1") -bazel_dep(name = "gazelle", version = "0.40.0") +bazel_dep(name = "rules_kotlin", version = "2.2.2-codeql.1") +bazel_dep(name = "gazelle", version = "0.47.0") bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1") bazel_dep(name = "googletest", version = "1.14.0.bcr.1") -bazel_dep(name = "rules_rust", version = "0.66.0") +bazel_dep(name = "rules_rust", version = "0.68.1.codeql.1") bazel_dep(name = "zstd", version = "1.5.5.bcr.1") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) @@ -41,7 +43,7 @@ RUST_EDITION = "2024" # a nightly toolchain is required to enable experimental_use_cc_common_link, which we require internally # we prefer to run the same version as internally, even if experimental_use_cc_common_link is not really # required in this repo -RUST_VERSION = "nightly/2025-08-01" +RUST_VERSION = "nightly/2026-01-22" rust = use_extension("@rules_rust//rust:extensions.bzl", "rust") rust.toolchain( @@ -53,26 +55,26 @@ rust.toolchain( ], # generated by buildutils-internal/scripts/fill-rust-sha256s.py (internal repo) sha256s = { - "2025-08-01/rustc-nightly-x86_64-unknown-linux-gnu.tar.xz": "9bbeaf5d3fc7247d31463a9083aa251c995cc50662c8219e7a2254d76a72a9a4", - "2025-08-01/rustc-nightly-x86_64-apple-darwin.tar.xz": "c9ea539a8eff0d5d162701f99f9e1aabe14dd0dfb420d62362817a5d09219de7", - "2025-08-01/rustc-nightly-aarch64-apple-darwin.tar.xz": "ae83feebbc39cfd982e4ecc8297731fe79c185173aee138467b334c5404b3773", - "2025-08-01/rustc-nightly-x86_64-pc-windows-msvc.tar.xz": "9f170c30d802a349be60cf52ec46260802093cb1013ad667fc0d528b7b10152f", - "2025-08-01/clippy-nightly-x86_64-unknown-linux-gnu.tar.xz": "9ae5f3cd8f557c4f6df522597c69d14398cf604cfaed2b83e767c4b77a7eaaf6", - "2025-08-01/clippy-nightly-x86_64-apple-darwin.tar.xz": "983cb9ee0b6b968188e04ab2d33743d54764b2681ce565e1b3f2b9135c696a3e", - "2025-08-01/clippy-nightly-aarch64-apple-darwin.tar.xz": "ed2219dbc49d088225e1b7c5c4390fa295066e071fddaa2714018f6bb39ddbf0", - "2025-08-01/clippy-nightly-x86_64-pc-windows-msvc.tar.xz": "911f40ab5cbdd686f40e00965271fe47c4805513a308ed01f30eafb25b448a50", - "2025-08-01/cargo-nightly-x86_64-unknown-linux-gnu.tar.xz": "106463c284e48e4904c717471eeec2be5cc83a9d2cae8d6e948b52438cad2e69", - "2025-08-01/cargo-nightly-x86_64-apple-darwin.tar.xz": "6ad35c40efc41a8c531ea43235058347b6902d98a9693bf0aed7fc16d5590cef", - "2025-08-01/cargo-nightly-aarch64-apple-darwin.tar.xz": "dd28c365e9d298abc3154c797720ad36a0058f131265c9978b4c8e4e37012c8a", - "2025-08-01/cargo-nightly-x86_64-pc-windows-msvc.tar.xz": "7b431286e12d6b3834b038f078389a00cac73f351e8c3152b2504a3c06420b3b", - "2025-08-01/llvm-tools-nightly-x86_64-unknown-linux-gnu.tar.xz": "e342e305d7927cc288d386983b2bc253cfad3776b113386e903d0b302648ef47", - "2025-08-01/llvm-tools-nightly-x86_64-apple-darwin.tar.xz": "e44dd3506524d85c37b3a54bcc91d01378fd2c590b2db5c5974d12f05c1b84d1", - "2025-08-01/llvm-tools-nightly-aarch64-apple-darwin.tar.xz": "0c1b5f46dd81be4a9227b10283a0fcaa39c14fea7e81aea6fd6d9887ff6cdc41", - "2025-08-01/llvm-tools-nightly-x86_64-pc-windows-msvc.tar.xz": "423e5fd11406adccbc31b8456ceb7375ce055cdf45e90d2c3babeb2d7f58383f", - "2025-08-01/rust-std-nightly-x86_64-unknown-linux-gnu.tar.xz": "3c0ceb46a252647a1d4c7116d9ccae684fa5e42aaf3296419febd2c962c3b41d", - "2025-08-01/rust-std-nightly-x86_64-apple-darwin.tar.xz": "3be416003cab10f767390a753d1d16ae4d26c7421c03c98992cf1943e5b0efe8", - "2025-08-01/rust-std-nightly-aarch64-apple-darwin.tar.xz": "4046ac0ef951cb056b5028a399124f60999fa37792eab69d008d8d7965f389b4", - "2025-08-01/rust-std-nightly-x86_64-pc-windows-msvc.tar.xz": "191ed9d8603c3a4fe5a7bbbc2feb72049078dae2df3d3b7d5dedf3abbf823e6e", + "2026-01-22/rustc-nightly-x86_64-unknown-linux-gnu.tar.xz": "88db619323cc1321630d124efa51ed02fabc5e020f08cfa0eda2c0ac1afbe69a", + "2026-01-22/rustc-nightly-x86_64-apple-darwin.tar.xz": "08484da3fa38db56f93629aeabdc0ae9ff8ed9704c0792d35259cbc849b3f54c", + "2026-01-22/rustc-nightly-aarch64-apple-darwin.tar.xz": "a39c0b21b7058e364ea1bd43144e42e4bf1efade036b2e82455f2afce194ee81", + "2026-01-22/rustc-nightly-x86_64-pc-windows-msvc.tar.xz": "d00248ee9850dbb6932b2578e32ff74fc7c429854c1aa071066ca31b65385a3b", + "2026-01-22/clippy-nightly-x86_64-unknown-linux-gnu.tar.xz": "70656a0ce994ffff16d5a35a7b170a0acd41e9bb54a589c96ed45bf97b094a4d", + "2026-01-22/clippy-nightly-x86_64-apple-darwin.tar.xz": "fe242519fa961522734733009705aec3c2d9a20cc57291f2aa614e5e6262c88f", + "2026-01-22/clippy-nightly-aarch64-apple-darwin.tar.xz": "38bb226363ec97c9722edf966cd58774a683e19fd2ff2a6030094445d51e06f9", + "2026-01-22/clippy-nightly-x86_64-pc-windows-msvc.tar.xz": "6da9b4470beea67abfebf046f141eee0d2a8db7c7a9e4e2294478734fd477228", + "2026-01-22/cargo-nightly-x86_64-unknown-linux-gnu.tar.xz": "99004e9d10c43a01499642f53bb3184d41137a95d65bfb217098840a9e79e892", + "2026-01-22/cargo-nightly-x86_64-apple-darwin.tar.xz": "6e021394cf8d8400ac6cfdfcef24e4d74f988e91eb8028b36de3a64ce3502990", + "2026-01-22/cargo-nightly-aarch64-apple-darwin.tar.xz": "4b2494cb69ab64132cddbc411a38ea9f1105e54d6f986e43168d54f79510c673", + "2026-01-22/cargo-nightly-x86_64-pc-windows-msvc.tar.xz": "c36613cf57407212d10d37b76e49a60ff42336e953cdff9e177283f530a83fc1", + "2026-01-22/llvm-tools-nightly-x86_64-unknown-linux-gnu.tar.xz": "0b123c5027dbd833aae6845ffe9bd07d309bf798746a7176aadaea68fbcbd05d", + "2026-01-22/llvm-tools-nightly-x86_64-apple-darwin.tar.xz": "a47864491ad5619158c950ab7570fb6e487d5117338585c27334d45824b406d8", + "2026-01-22/llvm-tools-nightly-aarch64-apple-darwin.tar.xz": "db9bc826d6e2e7e914505d50157682e516ceb90357e83d77abddc32c2d962f41", + "2026-01-22/llvm-tools-nightly-x86_64-pc-windows-msvc.tar.xz": "ffaa406932b2fe62e01dad61cf4ed34860a5d2a6f9306ca340d79e630d930039", + "2026-01-22/rust-std-nightly-x86_64-unknown-linux-gnu.tar.xz": "e9c0d5e06e18a4b509391b3088f29293e310cdc8ccc865be8fa3f09733326925", + "2026-01-22/rust-std-nightly-x86_64-apple-darwin.tar.xz": "25d75995cee679a4828ca9fe48c5a31a67c3b0846018440ef912e5a6208f53f6", + "2026-01-22/rust-std-nightly-aarch64-apple-darwin.tar.xz": "e4132bf3f2eed4684c86756a02315bcf481c23e675e3e25630fc604c9cb4594c", + "2026-01-22/rust-std-nightly-x86_64-pc-windows-msvc.tar.xz": "961bb535ef95ae8a5fa4e224cb94aff190f155c45a9bcf7a53e184b024aa41b1", }, versions = [RUST_VERSION], ) @@ -188,6 +190,15 @@ pip.parse( ) use_repo(pip, "codegen_deps") +python = use_extension("@rules_python//python/extensions:python.bzl", "python") +python.toolchain( + is_default = True, + python_version = "3.12", +) +use_repo(python, "python_3_12", "python_versions") + +register_toolchains("@python_versions//3.12:all") + swift_deps = use_extension("//swift/third_party:load.bzl", "swift_deps") # following list can be kept in sync with `bazel mod tidy` diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index d2e85ddb6a2..1b41f2f2f5e 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.28 + +No user-facing changes. + ## 0.4.27 ### Bug Fixes diff --git a/actions/ql/lib/change-notes/released/0.4.28.md b/actions/ql/lib/change-notes/released/0.4.28.md new file mode 100644 index 00000000000..af10bae2ab5 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.28.md @@ -0,0 +1,3 @@ +## 0.4.28 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 5e24b634389..ff6beb81526 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.27 +lastReleaseVersion: 0.4.28 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index d700f90710a..a9d5b7e61f6 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.28-dev +version: 0.4.29-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index ebf6b7214c9..c92b28841fa 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.20 + +No user-facing changes. + ## 0.6.19 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.20.md b/actions/ql/src/change-notes/released/0.6.20.md new file mode 100644 index 00000000000..35c1118ff45 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.20.md @@ -0,0 +1,3 @@ +## 0.6.20 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 2baec50a823..e30c5c64b1b 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.19 +lastReleaseVersion: 0.6.20 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 7c19f90be06..f4e731dc26d 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.20-dev +version: 0.6.21-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 6f256c9499b..91f4b009b2b 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.1.1 + +### Minor Analysis Improvements + +* Added remote flow source models for the `winhttp.h` windows header and the Azure SDK core library for C/C++. + ## 7.1.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2026-02-03-windows-remote-flow-sources.md b/cpp/ql/lib/change-notes/2026-02-03-windows-remote-flow-sources.md deleted file mode 100644 index 0a884df065a..00000000000 --- a/cpp/ql/lib/change-notes/2026-02-03-windows-remote-flow-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added remote flow source models for the `winhttp.h` windows header and the Azure SDK core library for C/C++. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor.md b/cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor.md new file mode 100644 index 00000000000..4a2cf3ef189 --- /dev/null +++ b/cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Refactored the "Year field changed using an arithmetic operation without checking for leap year" query (`cpp/leap-year/unchecked-after-arithmetic-year-modification`) to address large numbers of false positive results. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-02-14-must-flow-fix.md b/cpp/ql/lib/change-notes/2026-02-14-must-flow-fix.md new file mode 100644 index 00000000000..fc838f51c06 --- /dev/null +++ b/cpp/ql/lib/change-notes/2026-02-14-must-flow-fix.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The `allowInterproceduralFlow` predicate of must-flow data flow configurations now correctly handles direct recursion. diff --git a/cpp/ql/lib/change-notes/2026-02-14-must-flow.md b/cpp/ql/lib/change-notes/2026-02-14-must-flow.md new file mode 100644 index 00000000000..3d1afaa6344 --- /dev/null +++ b/cpp/ql/lib/change-notes/2026-02-14-must-flow.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* `MustFlow`, the inter-procedural must-flow data flow analysis library, has been re-worked to use parameterized modules. Like in the case of data flow and taint tracking, instead of extending the `MustFlowConfiguration` class, the user should now implement a module with the `MustFlow::ConfigSig` signature, and instantiate the `MustFlow::Global` parameterized module with the implemented module. diff --git a/cpp/ql/lib/change-notes/released/7.1.1.md b/cpp/ql/lib/change-notes/released/7.1.1.md new file mode 100644 index 00000000000..16bba7ca508 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/7.1.1.md @@ -0,0 +1,5 @@ +## 7.1.1 + +### Minor Analysis Improvements + +* Added remote flow source models for the `winhttp.h` windows header and the Azure SDK core library for C/C++. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index dcaaa76112a..8e970df6cae 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.0 +lastReleaseVersion: 7.1.1 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index eeb5d0adf08..31ce003aadc 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 7.1.1-dev +version: 7.1.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll b/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll index c67bf7cf96e..a4022161076 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll @@ -14,7 +14,9 @@ class PackedTimeType extends Type { } } -private predicate timeType(string typeName) { typeName = ["_SYSTEMTIME", "SYSTEMTIME", "tm"] } +private predicate timeType(string typeName) { + typeName = ["_SYSTEMTIME", "SYSTEMTIME", "tm", "TIME_FIELDS", "_TIME_FIELDS", "PTIME_FIELDS"] +} /** * A type that is used to represent times and dates in an 'unpacked' form, that is, @@ -95,3 +97,24 @@ class StructTmMonthFieldAccess extends MonthFieldAccess { class StructTmYearFieldAccess extends YearFieldAccess { StructTmYearFieldAccess() { this.getTarget().getName() = "tm_year" } } + +/** + * A `DayFieldAccess` for the `TIME_FIELDS` struct. + */ +class TimeFieldsDayFieldAccess extends DayFieldAccess { + TimeFieldsDayFieldAccess() { this.getTarget().getName() = "Day" } +} + +/** + * A `MonthFieldAccess` for the `TIME_FIELDS` struct. + */ +class TimeFieldsMonthFieldAccess extends MonthFieldAccess { + TimeFieldsMonthFieldAccess() { this.getTarget().getName() = "Month" } +} + +/** + * A `YearFieldAccess` for the `TIME_FIELDS` struct. + */ +class TimeFieldsYearFieldAccess extends YearFieldAccess { + TimeFieldsYearFieldAccess() { this.getTarget().getName() = "Year" } +} diff --git a/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll b/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll index 7e98177f323..3dea144bbf6 100644 --- a/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll +++ b/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll @@ -34,6 +34,38 @@ private string getSingleLocationFilePath(@element e) { macroinvocations(e, _, loc, _) or preprocdirects(e, _, loc) + or + diagnostics(e, _, _, _, _, loc) + or + usings(e, _, loc, _) + or + static_asserts(e, _, _, loc, _) + or + derivations(e, _, _, _, loc) + or + frienddecls(e, _, _, loc) + or + comments(e, _, loc) + or + exprs(e, _, loc) + or + stmts(e, _, loc) + or + initialisers(e, _, _, loc) + or + attributes(e, _, _, _, loc) + or + attribute_args(e, _, _, _, loc) + or + namequalifiers(e, _, _, loc) + or + enumconstants(e, _, _, _, _, loc) + or + type_mentions(e, _, loc, _) + or + lambda_capture(e, _, _, _, _, _, loc) + or + concept_templates(e, _, loc) | result = getLocationFilePath(loc) ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll index b085440f6bc..2b61190fb71 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll @@ -8,81 +8,143 @@ private import cpp private import semmle.code.cpp.ir.IR /** - * A configuration of a data flow analysis that performs must-flow analysis. This is different - * from `DataFlow.qll` which performs may-flow analysis (i.e., it finds paths where the source _may_ - * flow to the sink). - * - * Like in `DataFlow.qll`, each use of the `MustFlow.qll` library must define its own unique extension - * of this abstract class. To create a configuration, extend this class with a subclass whose - * characteristic predicate is a unique singleton string and override `isSource`, `isSink` (and - * `isAdditionalFlowStep` if additional steps are required). + * Provides an inter-procedural must-flow data flow analysis. */ -abstract class MustFlowConfiguration extends string { - bindingset[this] - MustFlowConfiguration() { any() } - +module MustFlow { /** - * Holds if `source` is a relevant data flow source. + * An input configuration of a data flow analysis that performs must-flow analysis. This is different + * from `DataFlow.qll` which performs may-flow analysis (i.e., it finds paths where the source _may_ + * flow to the sink). */ - abstract predicate isSource(Instruction source); + signature module ConfigSig { + /** + * Holds if `source` is a relevant data flow source. + */ + predicate isSource(Instruction source); - /** - * Holds if `sink` is a relevant data flow sink. - */ - abstract predicate isSink(Operand sink); + /** + * Holds if `sink` is a relevant data flow sink. + */ + predicate isSink(Operand sink); - /** - * Holds if data flow through `instr` is prohibited. - */ - predicate isBarrier(Instruction instr) { none() } + /** + * Holds if data flow through `instr` is prohibited. + */ + default predicate isBarrier(Instruction instr) { none() } - /** - * Holds if the additional flow step from `node1` to `node2` must be taken - * into account in the analysis. - */ - predicate isAdditionalFlowStep(Operand node1, Instruction node2) { none() } + /** + * Holds if the additional flow step from `node1` to `node2` must be taken + * into account in the analysis. + */ + default predicate isAdditionalFlowStep(Operand node1, Instruction node2) { none() } - /** Holds if this configuration allows flow from arguments to parameters. */ - predicate allowInterproceduralFlow() { any() } - - /** - * Holds if data must flow from `source` to `sink` for this configuration. - * - * The corresponding paths are generated from the end-points and the graph - * included in the module `PathGraph`. - */ - final predicate hasFlowPath(MustFlowPathNode source, MustFlowPathSink sink) { - this.isSource(source.getInstruction()) and - source.getASuccessor*() = sink + /** Holds if this configuration allows flow from arguments to parameters. */ + default predicate allowInterproceduralFlow() { any() } } -} -/** Holds if `node` flows from a source. */ -pragma[nomagic] -private predicate flowsFromSource(Instruction node, MustFlowConfiguration config) { - not config.isBarrier(node) and - ( - config.isSource(node) - or - exists(Instruction mid | - step(mid, node, config) and - flowsFromSource(mid, pragma[only_bind_into](config)) - ) - ) -} + /** + * Constructs a global must-flow computation. + */ + module Global { + import Config -/** Holds if `node` flows to a sink. */ -pragma[nomagic] -private predicate flowsToSink(Instruction node, MustFlowConfiguration config) { - flowsFromSource(node, pragma[only_bind_into](config)) and - ( - config.isSink(node.getAUse()) - or - exists(Instruction mid | - step(node, mid, config) and - flowsToSink(mid, pragma[only_bind_into](config)) - ) - ) + /** + * Holds if data must flow from `source` to `sink`. + * + * The corresponding paths are generated from the end-points and the graph + * included in the module `PathGraph`. + */ + predicate flowPath(PathNode source, PathSink sink) { + isSource(source.getInstruction()) and + source.getASuccessor*() = sink + } + + /** Holds if `node` flows from a source. */ + pragma[nomagic] + private predicate flowsFromSource(Instruction node) { + not isBarrier(node) and + ( + isSource(node) + or + exists(Instruction mid | + step(mid, node) and + flowsFromSource(mid) + ) + ) + } + + /** Holds if `node` flows to a sink. */ + pragma[nomagic] + private predicate flowsToSink(Instruction node) { + flowsFromSource(node) and + ( + isSink(node.getAUse()) + or + exists(Instruction mid | + step(node, mid) and + flowsToSink(mid) + ) + ) + } + + /** Holds if `nodeFrom` flows to `nodeTo`. */ + private predicate step(Instruction nodeFrom, Instruction nodeTo) { + Cached::localStep(nodeFrom, nodeTo) + or + allowInterproceduralFlow() and + Cached::flowThroughCallable(nodeFrom, nodeTo) + or + isAdditionalFlowStep(nodeFrom.getAUse(), nodeTo) + } + + private newtype TLocalPathNode = + MkLocalPathNode(Instruction n) { + flowsToSink(n) and + ( + isSource(n) + or + exists(PathNode mid | step(mid.getInstruction(), n)) + ) + } + + /** A `Node` that is in a path from a source to a sink. */ + class PathNode extends TLocalPathNode { + Instruction n; + + PathNode() { this = MkLocalPathNode(n) } + + /** Gets the underlying node. */ + Instruction getInstruction() { result = n } + + /** Gets a textual representation of this node. */ + string toString() { result = n.getAst().toString() } + + /** Gets the location of this element. */ + Location getLocation() { result = n.getLocation() } + + /** Gets a successor node, if any. */ + PathNode getASuccessor() { step(this.getInstruction(), result.getInstruction()) } + } + + private class PathSink extends PathNode { + PathSink() { isSink(this.getInstruction().getAUse()) } + } + + /** + * Provides the query predicates needed to include a graph in a path-problem query. + */ + module PathGraph { + private predicate reach(PathNode n) { n instanceof PathSink or reach(n.getASuccessor()) } + + /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */ + query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b and reach(b) } + + /** Holds if `n` is a node in the graph of data flow path explanations. */ + query predicate nodes(PathNode n, string key, string val) { + reach(n) and key = "semmle.label" and val = n.toString() + } + } + } } cached @@ -102,7 +164,7 @@ private module Cached { not f.isVirtual() and call.getPositionalArgument(n) = instr and f = call.getStaticCallTarget() and - getEnclosingNonVirtualFunctionInitializeParameter(init, f) and + isEnclosingNonVirtualFunctionInitializeParameter(init, f) and init.getParameter().getIndex() = pragma[only_bind_into](pragma[only_bind_out](n)) } @@ -111,7 +173,7 @@ private module Cached { * corresponding initialization instruction that receives the value of `instr` in `f`. */ pragma[noinline] - private predicate getPositionalArgumentInitParam( + private predicate isPositionalArgumentInitParam( CallInstruction call, Instruction instr, InitializeParameterInstruction init, Function f ) { exists(int n | @@ -126,18 +188,18 @@ private module Cached { * `instr` in `f`. */ pragma[noinline] - private predicate getThisArgumentInitParam( + private predicate isThisArgumentInitParam( CallInstruction call, Instruction instr, InitializeParameterInstruction init, Function f ) { not f.isVirtual() and call.getStaticCallTarget() = f and - getEnclosingNonVirtualFunctionInitializeParameter(init, f) and + isEnclosingNonVirtualFunctionInitializeParameter(init, f) and call.getThisArgument() = instr and init.getIRVariable() instanceof IRThisVariable } /** Holds if `f` is the enclosing non-virtual function of `init`. */ - private predicate getEnclosingNonVirtualFunctionInitializeParameter( + private predicate isEnclosingNonVirtualFunctionInitializeParameter( InitializeParameterInstruction init, Function f ) { not f.isVirtual() and @@ -145,7 +207,7 @@ private module Cached { } /** Holds if `f` is the enclosing non-virtual function of `init`. */ - private predicate getEnclosingNonVirtualFunctionInitializeIndirection( + private predicate isEnclosingNonVirtualFunctionInitializeIndirection( InitializeIndirectionInstruction init, Function f ) { not f.isVirtual() and @@ -153,15 +215,16 @@ private module Cached { } /** - * Holds if `instr` is an argument (or argument indirection) to a call, and - * `succ` is the corresponding initialization instruction in the call target. + * Holds if `argument` is an argument (or argument indirection) to a call, and + * `parameter` is the corresponding initialization instruction in the call target. */ - private predicate flowThroughCallable(Instruction argument, Instruction parameter) { + cached + predicate flowThroughCallable(Instruction argument, Instruction parameter) { // Flow from an argument to a parameter exists(CallInstruction call, InitializeParameterInstruction init | init = parameter | - getPositionalArgumentInitParam(call, argument, init, call.getStaticCallTarget()) + isPositionalArgumentInitParam(call, argument, init, call.getStaticCallTarget()) or - getThisArgumentInitParam(call, argument, init, call.getStaticCallTarget()) + isThisArgumentInitParam(call, argument, init, call.getStaticCallTarget()) ) or // Flow from argument indirection to parameter indirection @@ -170,7 +233,7 @@ private module Cached { | init = parameter and read.getPrimaryInstruction() = call and - getEnclosingNonVirtualFunctionInitializeIndirection(init, call.getStaticCallTarget()) + isEnclosingNonVirtualFunctionInitializeIndirection(init, call.getStaticCallTarget()) | exists(int n | read.getSideEffectOperand().getAnyDef() = argument and @@ -205,92 +268,10 @@ private module Cached { } cached - predicate step(Instruction nodeFrom, Instruction nodeTo) { + predicate localStep(Instruction nodeFrom, Instruction nodeTo) { exists(Operand mid | instructionToOperandStep(nodeFrom, mid) and operandToInstructionStep(mid, nodeTo) ) - or - flowThroughCallable(nodeFrom, nodeTo) - } -} - -/** - * Gets the enclosing callable of `n`. Unlike `n.getEnclosingCallable()`, this - * predicate ensures that joins go from `n` to the result instead of the other - * way around. - */ -pragma[inline] -private IRFunction getEnclosingCallable(Instruction n) { - pragma[only_bind_into](result) = pragma[only_bind_out](n).getEnclosingIRFunction() -} - -/** Holds if `nodeFrom` flows to `nodeTo`. */ -private predicate step(Instruction nodeFrom, Instruction nodeTo, MustFlowConfiguration config) { - exists(config) and - Cached::step(pragma[only_bind_into](nodeFrom), pragma[only_bind_into](nodeTo)) and - ( - config.allowInterproceduralFlow() - or - getEnclosingCallable(nodeFrom) = getEnclosingCallable(nodeTo) - ) - or - config.isAdditionalFlowStep(nodeFrom.getAUse(), nodeTo) -} - -private newtype TLocalPathNode = - MkLocalPathNode(Instruction n, MustFlowConfiguration config) { - flowsToSink(n, config) and - ( - config.isSource(n) - or - exists(MustFlowPathNode mid | step(mid.getInstruction(), n, config)) - ) - } - -/** A `Node` that is in a path from a source to a sink. */ -class MustFlowPathNode extends TLocalPathNode { - Instruction n; - - MustFlowPathNode() { this = MkLocalPathNode(n, _) } - - /** Gets the underlying node. */ - Instruction getInstruction() { result = n } - - /** Gets a textual representation of this node. */ - string toString() { result = n.getAst().toString() } - - /** Gets the location of this element. */ - Location getLocation() { result = n.getLocation() } - - /** Gets a successor node, if any. */ - MustFlowPathNode getASuccessor() { - step(this.getInstruction(), result.getInstruction(), this.getConfiguration()) - } - - /** Gets the associated configuration. */ - MustFlowConfiguration getConfiguration() { this = MkLocalPathNode(_, result) } -} - -private class MustFlowPathSink extends MustFlowPathNode { - MustFlowPathSink() { this.getConfiguration().isSink(this.getInstruction().getAUse()) } -} - -/** - * Provides the query predicates needed to include a graph in a path-problem query. - */ -module PathGraph { - private predicate reach(MustFlowPathNode n) { - n instanceof MustFlowPathSink or reach(n.getASuccessor()) - } - - /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */ - query predicate edges(MustFlowPathNode a, MustFlowPathNode b) { - a.getASuccessor() = b and reach(b) - } - - /** Holds if `n` is a node in the graph of data flow path explanations. */ - query predicate nodes(MustFlowPathNode n, string key, string val) { - reach(n) and key = "semmle.label" and val = n.toString() } } diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 61792c6a700..640b66a910d 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.11 + +No user-facing changes. + ## 1.5.10 No user-facing changes. diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll index 2b68730fa58..99981873d26 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll +++ b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll @@ -308,3 +308,37 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C module PossibleYearArithmeticOperationCheckFlow = TaintTracking::Global; + +/** + * A time conversion function where either + * 1) an incorrect leap year date would result in an error that can be checked from the return value or + * 2) an incorrect leap year date is auto corrected (no checks required) + */ +class TimeConversionFunction extends Function { + boolean autoLeapYearCorrecting; + + TimeConversionFunction() { + autoLeapYearCorrecting = false and + ( + this.getName() = + [ + "FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime", + "SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime", + "TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime", + "RtlTimeToSecondsSince1970", "_mkgmtime", "SetSystemTime", "VarUdateFromDate", "from_tm" + ] + or + // Matches all forms of GetDateFormat, e.g. GetDateFormatA/W/Ex + this.getName().matches("GetDateFormat%") + ) + or + autoLeapYearCorrecting = true and + this.getName() = + ["mktime", "_mktime32", "_mktime64", "SystemTimeToVariantTime", "VariantTimeToSystemTime"] + } + + /** + * Holds if the function is expected to auto convert a bad leap year date. + */ + predicate isAutoLeapYearCorrecting() { autoLeapYearCorrecting = true } +} diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index 03570b3611c..0a52a2b0ff4 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -1,7 +1,7 @@ /** * @name Year field changed using an arithmetic operation without checking for leap year * @description A field that represents a year is being modified by an arithmetic operation, but no proper check for leap years can be detected afterwards. - * @kind problem + * @kind path-problem * @problem.severity warning * @id cpp/leap-year/unchecked-after-arithmetic-year-modification * @precision medium @@ -11,49 +11,844 @@ import cpp import LeapYear +import semmle.code.cpp.controlflow.IRGuards -from Variable var, LeapYearFieldAccess yfa -where - exists(VariableAccess va | - yfa.getQualifier() = va and - var.getAnAccess() = va and - // The year is modified with an arithmetic operation. Avoid values that are likely false positives - yfa.isModifiedByArithmeticOperationNotForNormalization() and - // Avoid false positives - not ( - // If there is a local check for leap year after the modification - exists(LeapYearFieldAccess yfacheck | - yfacheck.getQualifier() = var.getAnAccess() and - yfacheck.isUsedInCorrectLeapYearCheck() and - yfacheck.getBasicBlock() = yfa.getBasicBlock().getASuccessor*() - ) +/** + * Functions whose operations should never be considered a + * source or sink of a dangerous leap year operation. + * The general concept is to add conversion functions + * that convert one time type to another. Often + * other ignorable operation heuristics will filter these, + * but some cases, the simplest approach is to simply filter + * the function entirely. + * Note that flow through these functions should still be allowed + * we just cannot start or end flow from an operation to a + * year assignment in one of these functions. + */ +class IgnorableFunction extends Function { + IgnorableFunction() { + // arithmetic in known time conversion functions may look like dangerous operations + // we assume all known time conversion functions are safe. + this instanceof TimeConversionFunction + or + // Helper utility in postgres with string time conversions + this.getName() = "DecodeISO8601Interval" + or + // helper utility for date conversions in qtbase + this.getName() = "adjacentDay" + or + // Windows API function that does timezone conversions + this.getName().matches("%SystemTimeToTzSpecificLocalTime%") + or + // Windows APIs that do time conversions + this.getName().matches("%localtime%\\_s%") + or + // Windows APIs that do time conversions + this.getName().matches("%SpecificLocalTimeToSystemTime%") + or + // postgres function for diffing timestamps, date for leap year + // is not applicable. + this.getName().toLowerCase().matches("%timestamp%age%") + or + // Reading byte streams often involves operations of some base, but that's + // not a real source of leap year issues. + this.getName().toLowerCase().matches("%read%bytes%") + or + // A postgres function for local time conversions + // conversion operations (from one time structure to another) are generally ignorable + this.getName() = "localsub" + or + // Indication of a calendar not applicable to + // gregorian leap year, e.g., Hijri, Persian, Hebrew + this.getName().toLowerCase().matches("%hijri%") + or + this.getFile().getBaseName().toLowerCase().matches("%hijri%") + or + this.getName().toLowerCase().matches("%persian%") + or + this.getFile().getBaseName().toLowerCase().matches("%persian%") + or + this.getName().toLowerCase().matches("%hebrew%") + or + this.getFile().getBaseName().toLowerCase().matches("%hebrew%") + or + // misc. from string/char converters heuristic + this.getName() + .toLowerCase() + .matches(["%char%to%", "%string%to%", "%from%char%", "%from%string%"]) + or + // boost's gregorian.cpp has year manipulations that are checked in complex ways. + // ignore the entire file as a source or sink. + this.getFile().getAbsolutePath().toLowerCase().matches("%boost%gregorian.cpp%") + } +} + +/** + * The set of expressions which are ignorable; either because they seem to not be part of a year mutation, + * or because they seem to be a conversion pattern of mapping date scalars. + */ +abstract class IgnorableOperation extends Expr { } + +class IgnorableExprRem extends IgnorableOperation instanceof RemExpr { } + +/** + * An operation with 10, 100, 1000, 10000 as an operand is often a sign of conversion + * or atoi. + */ +class IgnorableExpr10MultipleComponent extends IgnorableOperation { + IgnorableExpr10MultipleComponent() { + this.(Operation).getAnOperand().getValue().toInt() in [10, 100, 1000, 10000] + or + exists(AssignOperation a | a.getRValue() = this | + a.getRValue().getValue().toInt() in [10, 100, 1000, 10000] + ) + } +} + +/** + * An operation involving a sub expression with char literal `48`, ignore as a likely string conversion. For example: `X - '0'` + */ +class IgnorableExpr48Mapping extends IgnorableOperation { + IgnorableExpr48Mapping() { + this.(SubExpr).getRightOperand().getValue().toInt() = 48 + or + exists(AssignSubExpr e | e.getRValue() = this | e.getRValue().getValue().toInt() = 48) + } +} + +/** + * A binary or arithmetic operation whereby one of the components is textual or a string. + */ +class IgnorableCharLiteralArithmetic extends IgnorableOperation { + IgnorableCharLiteralArithmetic() { + this.(BinaryArithmeticOperation).getAnOperand() instanceof TextLiteral + or + this instanceof TextLiteral and + any(AssignArithmeticOperation arith).getRValue() = this + } +} + +/** + * Constants often used in date conversions (from one date data type to another) + * Numerous examples exist, like 1900 or 2000 that convert years from one + * representation to another. + * Also '0' is sometimes observed as an atoi style conversion. + */ +bindingset[c] +predicate isLikelyConversionConstant(int c) { + exists(int i | i = c.abs() | + i = + [ + 146097, // days in 400-year Gregorian cycle + 36524, // days in 100-year Gregorian subcycle + 1461, // days in 4-year cycle (incl. 1 leap) + 32044, // Fliegel-van Flandern JDN epoch shift + 1721425, // JDN of 0001-01-01 (Gregorian) + 1721119, // alt epoch offset + 2400000, // MJD -> JDN conversion + 2400001, // alt MJD -> JDN conversion + 2141, // fixed-point month/day extraction + 65536, // observed in some conversions + 7834, // observed in some conversions + 256, // observed in some conversions + 292275056, // qdatetime.h Qt Core year range first year constant + 292278994, // qdatetime.h Qt Core year range last year constant + 1601, // Windows FILETIME epoch start year + 1970, // Unix epoch start year + 70, // Unix epoch start year short form + 1899, // Observed in uses with 1900 to address off by one scenarios + 1900, // Used when converting a 2 digit year + 2000, // Used when converting a 2 digit year + 1400, // Hijri base year, used when converting a 2 digit year + 1980, // FAT filesystem epoch start year + 227013, // constant observed for Hirji year conversion, and Hirji years are not applicable for gregorian leap year + 10631, // constant observed for Hirji year conversion, and Hirji years are not applicable for gregorian leap year, + 80, // 1980/01/01 is the start of the epoch on DOS + 0 + ] + ) +} + +/** + * An `isLikelyConversionConstant` constant indicates conversion that is ignorable, e.g., + * julian to gregorian conversion or conversions from linux time structs + * that start at 1900, etc. + */ +class IgnorableConstantArithmetic extends IgnorableOperation { + IgnorableConstantArithmetic() { + exists(int i | isLikelyConversionConstant(i) | + this.(Operation).getAnOperand().getValue().toInt() = i or - // If there is a data flow from the variable that was modified to a function that seems to check for leap year - exists(VariableAccess source, ChecksForLeapYearFunctionCall fc | - source = var.getAnAccess() and - LeapYearCheckFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument())) - ) - or - // If there is a data flow from the field that was modified to a function that seems to check for leap year - exists(VariableAccess vacheck, YearFieldAccess yfacheck, ChecksForLeapYearFunctionCall fc | - vacheck = var.getAnAccess() and - yfacheck.getQualifier() = vacheck and - LeapYearCheckFlow::flow(DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument())) - ) - or - // If there is a successor or predecessor that sets the month = 1 - exists(MonthFieldAccess mfa, AssignExpr ae | - mfa.getQualifier() = var.getAnAccess() and - mfa.isModified() and - ( - mfa.getBasicBlock() = yfa.getBasicBlock().getASuccessor*() or - yfa.getBasicBlock() = mfa.getBasicBlock().getASuccessor+() - ) and - ae = mfa.getEnclosingElement() and - ae.getAnOperand().getValue().toInt() = 1 + exists(AssignArithmeticOperation a | this = a.getRValue() | + a.getRValue().getValue().toInt() = i ) ) + } +} + +// If a unary minus assume it is some sort of conversion +class IgnorableUnaryMinus extends IgnorableOperation { + IgnorableUnaryMinus() { + this instanceof UnaryMinusExpr + or + this.(Operation).getAnOperand() instanceof UnaryMinusExpr + } +} + +/** + * An argument to a function is ignorable if the function that is called is an ignored function + */ +class OperationAsArgToIgnorableFunction extends IgnorableOperation { + OperationAsArgToIgnorableFunction() { + exists(Call c | + c.getAnArgument().getAChild*() = this and + c.getTarget() instanceof IgnorableFunction + ) + } +} + +/** + * A binary operation on two literals means the result is constant/known + * and the operation is basically ignorable (it's not a real operation but + * probably one visual simplicity what it means). + */ +class ConstantBinaryArithmeticOperation extends IgnorableOperation, BinaryArithmeticOperation { + ConstantBinaryArithmeticOperation() { + this.getLeftOperand() instanceof Literal and + this.getRightOperand() instanceof Literal + } +} + +class IgnorableBinaryBitwiseOperation extends IgnorableOperation instanceof BinaryBitwiseOperation { +} + +class IgnorableUnaryBitwiseOperation extends IgnorableOperation instanceof UnaryBitwiseOperation { } + +class IgnorableAssignmentBitwiseOperation extends IgnorableOperation instanceof AssignBitwiseOperation +{ } + +/** + * An arithmetic operation where one of the operands is a pointer or char type, ignore it + */ +class IgnorablePointerOrCharArithmetic extends IgnorableOperation { + IgnorablePointerOrCharArithmetic() { + this instanceof BinaryArithmeticOperation and + exists(Expr op | op = this.(BinaryArithmeticOperation).getAnOperand() | + op.getUnspecifiedType() instanceof PointerType + or + op.getUnspecifiedType() instanceof CharType + or + // Operations on calls to functions that accept char or char* + op.(Call).getAnArgument().getUnspecifiedType().stripType() instanceof CharType + or + // Operations on calls to functions named like "strlen", "wcslen", etc + // NOTE: workaround for cases where the wchar_t type is not a char, but an unsigned short + // unclear if there is a best way to filter cases like these out based on type info. + op.(Call).getTarget().getName().matches("%len%") + ) + or + exists(AssignArithmeticOperation a | a.getRValue() = this | + exists(Expr op | op = a.getAnOperand() | + op.getUnspecifiedType() instanceof PointerType + or + op.getUnspecifiedType() instanceof CharType + or + // Operations on calls to functions that accept char or char* + op.(Call).getAnArgument().getUnspecifiedType().stripType() instanceof CharType + ) + or + // Operations on calls to functions named like "strlen", "wcslen", etc + // for example `strlen(foo) + bar` + this.(BinaryArithmeticOperation).getAnOperand().(Call).getTarget().getName().matches("%len%") + ) + } +} + +/** + * Holds for an expression that is an add or similar operation that could flow to a Year field. + */ +predicate isOperationSourceCandidate(Expr e) { + not e instanceof IgnorableOperation and + exists(Function f | + f = e.getEnclosingFunction() and + not f instanceof IgnorableFunction + ) and + ( + e instanceof SubExpr + or + e instanceof AddExpr + or + e instanceof CrementOperation + or + e instanceof AssignSubExpr + or + e instanceof AssignAddExpr ) -select yfa, - "Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found.", - yfa.getTarget(), yfa.getTarget().toString(), var, var.toString() +} + +/** + * A data flow that tracks an ignorable operation (such as a bitwise operation) to an operation source, so we may disqualify it. + */ +module IgnorableOperationToOperationSourceCandidateConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr() instanceof IgnorableOperation } + + predicate isSink(DataFlow::Node n) { isOperationSourceCandidate(n.asExpr()) } + + // looking for sources and sinks in the same function + DataFlow::FlowFeature getAFeature() { + result instanceof DataFlow::FeatureEqualSourceSinkCallContext + } +} + +module IgnorableOperationToOperationSourceCandidateFlow = + TaintTracking::Global; + +/** + * The set of all expressions which is a candidate expression and also does not flow from to to some ignorable expression (eg. bitwise op) + * ``` + * a = something <<< 2; + * myDate.year = a + 1; // invalid + * ... + * a = someDate.year + 1; + * myDate.year = a; // valid + * ``` + */ +class OperationSource extends Expr { + OperationSource() { + isOperationSourceCandidate(this) and + // If the candidate came from an ignorable operation, ignore the candidate + // NOTE: we cannot easily flow the candidate to an ignorable operation as that can + // be tricky in practice, e.g., a mod operation on a year would be part of a leap year check + // but a mod operation ending in a year is more indicative of something to ignore (a conversion) + not exists(IgnorableOperationToOperationSourceCandidateFlow::PathNode sink | + sink.getNode().asExpr() = this and + sink.isSink() + ) + } +} + +class YearFieldAssignmentNode extends DataFlow::Node { + YearFieldAccess access; + + YearFieldAssignmentNode() { + exists(Function f | + f = this.getEnclosingCallable().getUnderlyingCallable() and not f instanceof IgnorableFunction + ) and + ( + this.asDefinition().(Assignment).getLValue() = access + or + this.asDefinition().(CrementOperation).getOperand() = access + or + exists(Call c | c.getAnArgument() = access and this.asDefiningArgument() = access) + or + exists(Call c, AddressOfExpr aoe | + c.getAnArgument() = aoe and + aoe.getOperand() = access and + this.asDefiningArgument() = aoe + ) + ) + } + + YearFieldAccess getYearFieldAccess() { result = access } +} + +/** + * A DataFlow configuration for identifying flows from an identified source + * to the Year field of a date object. + */ +module OperationToYearAssignmentConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr() instanceof OperationSource } + + predicate isSink(DataFlow::Node n) { + n instanceof YearFieldAssignmentNode and + not isYearModifiedWithCheck(n) and + not isControlledByMonthEqualityCheckNonFebruary(n.asExpr()) + } + + predicate isBarrier(DataFlow::Node n) { + exists(ArrayExpr arr | arr.getArrayOffset() = n.asExpr()) + or + n.getType().getUnspecifiedType() instanceof PointerType + or + n.getType().getUnspecifiedType() instanceof CharType + or + // If a type resembles "string" ignore flow (likely string conversion, currently ignored) + n.getType().getUnspecifiedType().stripType().getName().toLowerCase().matches("%string%") + or + n.asExpr() instanceof IgnorableOperation + or + // Flowing into variables that indicate likely non-gregorian years are barriers + // e.g., names similar to hijri, persian, lunar, chinese, hebrew, etc. + exists(Variable v | + v.getName() + .toLowerCase() + .matches(["%hijri%", "%persian%", "%lunar%", "%chinese%", "%hebrew%"]) and + v.getAnAccess() = [n.asIndirectExpr(), n.asExpr()] + ) + or + isLeapYearCheckSink(n) + or + // this is a bit of a hack to address cases where a year is normalized and checked, but the + // normalized year is never itself assigned to the final year struct + // isLeapYear(getCivilYear(year)) + // struct.year = year + // This is assuming a user would have done this all on one line though. + // setting a variable for the conversion and passing that separately would be more difficult to track + // considering this approach good enough for current observed false positives + exists(Expr arg | + isLeapYearCheckCall(_, arg) and arg.getAChild*() = [n.asExpr(), n.asIndirectExpr()] + ) + or + // If as the flow progresses, the value holding a dangerous operation result + // is apparently being passed by address to some function, it is more than likely + // intended to be modified, and therefore, the definition is killed. + exists(Call c | c.getAnArgument().(AddressOfExpr).getAnOperand() = n.asIndirectExpr()) + } + + /** Block flow out of an operation source to get the "closest" operation to the sink */ + predicate isBarrierIn(DataFlow::Node n) { isSource(n) } + + predicate isBarrierOut(DataFlow::Node n) { isSink(n) } +} + +module OperationToYearAssignmentFlow = TaintTracking::Global; + +predicate isLeapYearCheckSink(DataFlow::Node sink) { + exists(LeapYearGuardCondition lgc | + lgc.checkedYearAccess() = [sink.asExpr(), sink.asIndirectExpr()] + ) + or + isLeapYearCheckCall(_, [sink.asExpr(), sink.asIndirectExpr()]) +} + +predicate yearAssignmentToCheckCommonSteps(DataFlow::Node node1, DataFlow::Node node2) { + // flow from a YearFieldAccess to the qualifier + node2.asExpr() = node1.asExpr().(YearFieldAccess).getQualifier*() + or + // getting the 'access' can be tricky at definitions (assignments especially) + // as dataflow uses asDefinition not asExpr. + // the YearFieldAssignmentNode holds the access in these cases + node1.(YearFieldAssignmentNode).getYearFieldAccess().getQualifier() = node2.asExpr() + or + // flow from a year access qualifier to a year field + exists(YearFieldAccess yfa | node2.asExpr() = yfa and node1.asExpr() = yfa.getQualifier()) + or + node1.(YearFieldAssignmentNode).getYearFieldAccess().getQualifier() = node2.asExpr() + or + // Pass through any intermediate struct + exists(Assignment a | + a.getRValue() = node1.asExpr() and + node2.asExpr() = a.getLValue().(YearFieldAccess).getQualifier*() + ) + or + // in cases of t.year = x and the value of x is checked, but the year t.year isn't directly checked + // flow from a year assignment node to an RHS if it is an assignment + // e.g., + // t.year = x; + // isLeapYear(x); + // --> at this point there is no flow of t.year to a check, but only its raw value + // To detect the flow of 'x' to the isLeapYear check, + // flow from t.year to 'x' (at assignment, t.year = x, flow to the RHS to track use-use flow of x) + exists(YearFieldAssignmentNode yfan | + node1 = yfan and + node2.asExpr() = yfan.asDefinition().(Assignment).getRValue() + ) +} + +/** + * A flow configuration from a Year field access to some Leap year check or guard + */ +module YearAssignmentToLeapYearCheckConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof YearFieldAssignmentNode } + + predicate isSink(DataFlow::Node sink) { isLeapYearCheckSink(sink) } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + yearAssignmentToCheckCommonSteps(node1, node2) + } + + /** + * Enforcing the check must occur in the same call context as the source, + * i.e., do not return from the source function and check in a caller. + */ + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +module YearAssignmentToLeapYearCheckFlow = + TaintTracking::Global; + +/** Does there exist a flow from the given YearFieldAccess to a Leap Year check or guard? */ +predicate isYearModifiedWithCheck(YearFieldAssignmentNode n) { + exists(YearAssignmentToLeapYearCheckFlow::PathNode src | + src.isSource() and + src.getNode() = n + ) + or + // If the time flows to a time conversion whose value/result is checked, + // assume the leap year is being handled. + exists(YearAssignmentToCheckedTimeConversionFlow::PathNode timeQualSrc | + timeQualSrc.isSource() and + timeQualSrc.getNode() = n + ) +} + +/** + * An expression which checks the value of a Month field `a->month == 1`. + */ +class MonthEqualityCheck extends EqualityOperation { + MonthEqualityCheck() { this.getAnOperand() instanceof MonthFieldAccess } + + Expr getExprCompared() { + exists(Expr e | + e = this.getAnOperand() and + not e instanceof MonthFieldAccess and + result = e + ) + } +} + +final class FinalMonthEqualityCheck = MonthEqualityCheck; + +class MonthEqualityCheckGuard extends GuardCondition, FinalMonthEqualityCheck { } + +/** + * Verifies if the expression is guarded by a check on the Month property of a date struct, that is NOT February. + */ +bindingset[e] +pragma[inline_late] +predicate isControlledByMonthEqualityCheckNonFebruary(Expr e) { + exists(MonthEqualityCheckGuard monthGuard, Expr compared | + monthGuard.controls(e.getBasicBlock(), true) and + compared = monthGuard.getExprCompared() and + not compared.getValue().toInt() = 2 + ) +} + +/** + * Flow from a year field access to a time conversion function + * that auto converts feb29 in non-leap year, or through a conversion function that doesn't + * auto convert to a sanity check guard of the result for error conditions. + */ +module YearAssignmentToCheckedTimeConversionConfig implements DataFlow::StateConfigSig { + // Flow state tracks if flow goes through a known time conversion function + // see `TimeConversionFunction`. + // A valid check with a time conversion function is either the case: + // 1) the year flows into a time conversion function, and the time conversion function's result is checked or + // 2) the year flows into a time conversion function that auto corrects for leap year, so no check is necessary. + class FlowState = boolean; + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof YearFieldAssignmentNode and + state = false + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + // Case 1: Flow through a time conversion function that requires a check, + // and we have arrived at a guard, implying the result was checked for possible error, including leap year error. + // state = true indicates the flow went through a time conversion function + state = true and + ( + exists(IfStmt ifs | ifs.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()]) + or + exists(ConditionalExpr ce | + ce.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()] + ) + or + exists(Loop l | l.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()]) + ) + or + // Case 2: Flow through a time conversion function that auto corrects for leap year, so no check is necessary. + // state true or false, as flowing through a time conversion function is not necessary in this instance. + state in [true, false] and + exists(Call c, TimeConversionFunction f | + f.isAutoLeapYearCorrecting() and + c.getTarget() = f and + c.getAnArgument().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()] + ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + state1 in [true, false] and + state2 = true and + exists(Call c | + c.getTarget() instanceof TimeConversionFunction and + c.getAnArgument().getAChild*() = [node1.asExpr(), node1.asIndirectExpr()] and + node2.asExpr() = c + ) + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + yearAssignmentToCheckCommonSteps(node1, node2) + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +module YearAssignmentToCheckedTimeConversionFlow = + DataFlow::GlobalWithState; + +/** + * Finds flow from a parameter of a function to a leap year check. + * This is necessary to handle for scenarios like this: + * + * year = DANGEROUS_OP // source + * isLeap = isLeapYear(year); + * // logic based on isLeap + * struct.year = year; // sink + * + * In this case, we may flow a dangerous op to a year assignment, failing + * to barrier the flow through a leap year check, as the leap year check + * is nested, and dataflow does not progress down into the check and out. + * Instead, the point of this flow is to detect isLeapYear's argument + * is checked for leap year, making the isLeapYear call a barrier for + * the dangerous flow if we flow through the parameter identified to + * be checked. + */ +module ParameterToLeapYearCheckConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(source.asParameter()) } + + predicate isSink(DataFlow::Node sink) { + exists(LeapYearGuardCondition lgc | + lgc.checkedYearAccess() = [sink.asExpr(), sink.asIndirectExpr()] + ) + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // flow from a YearFieldAccess to the qualifier + node2.asExpr() = node1.asExpr().(YearFieldAccess).getQualifier*() + or + // flow from a year access qualifier to a year field + exists(YearFieldAccess yfa | node2.asExpr() = yfa and node1.asExpr() = yfa.getQualifier()) + } + + /** + * Enforcing the check must occur in the same call context as the source, + * i.e., do not return from the source function and check in a caller. + */ + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +// NOTE: I do not believe taint flow is necessary here as we should +// be flowing directyly from some parameter to a leap year check. +module ParameterToLeapYearCheckFlow = DataFlow::Global; + +predicate isLeapYearCheckCall(Call c, Expr arg) { + exists(ParameterToLeapYearCheckFlow::PathNode src, Function f, int i | + src.isSource() and + f.getParameter(i) = src.getNode().asParameter() and + c.getTarget() = f and + c.getArgument(i) = arg + ) +} + +class LeapYearGuardCondition extends GuardCondition { + Expr yearSinkDiv4; + Expr yearSinkDiv100; + Expr yearSinkDiv400; + + LeapYearGuardCondition() { + exists( + LogicalAndExpr andExpr, LogicalOrExpr orExpr, GuardCondition div4Check, + GuardCondition div100Check, GuardCondition div400Check, GuardValue gv + | + // canonical case: + // form: `(year % 4 == 0) && (year % 100 != 0 || year % 400 == 0)` + // `!((year % 4 == 0) && (year % 100 != 0 || year % 400 == 0))` + // `!(year % 4) && (year % 100 || !(year % 400))` + // Also accepting `((year & 3) == 0) && (year % 100 != 0 || year % 400 == 0)` + // and `(year % 4 == 0) && (year % 100 > 0 || year % 400 == 0)` + this = andExpr and + andExpr.hasOperands(div4Check, orExpr) and + orExpr.hasOperands(div100Check, div400Check) and + ( + // year % 4 == 0 + exists(RemExpr e | + div4Check.comparesEq(e, 0, true, gv) and + e.getRightOperand().getValue().toInt() = 4 and + yearSinkDiv4 = e.getLeftOperand() + ) + or + // year & 3 == 0 + exists(BitwiseAndExpr e | + div4Check.comparesEq(e, 0, true, gv) and + e.getRightOperand().getValue().toInt() = 3 and + yearSinkDiv4 = e.getLeftOperand() + ) + ) and + exists(RemExpr e | + // year % 100 != 0 or year % 100 > 0 + ( + div100Check.comparesEq(e, 0, false, gv) or + div100Check.comparesLt(e, 1, false, gv) + ) and + e.getRightOperand().getValue().toInt() = 100 and + yearSinkDiv100 = e.getLeftOperand() + ) and + // year % 400 == 0 + exists(RemExpr e | + div400Check.comparesEq(e, 0, true, gv) and + e.getRightOperand().getValue().toInt() = 400 and + yearSinkDiv400 = e.getLeftOperand() + ) + or + // Inverted logic case: + // `year % 4 != 0 || (year % 100 == 0 && year % 400 != 0)` + // or `year & 3 != 0 || (year % 100 == 0 && year % 400 != 0)` + // also accepting `year % 4 > 0 || (year % 100 == 0 && year % 400 > 0)` + this = orExpr and + orExpr.hasOperands(div4Check, andExpr) and + andExpr.hasOperands(div100Check, div400Check) and + ( + // year % 4 != 0 or year % 4 > 0 + exists(RemExpr e | + ( + div4Check.comparesEq(e, 0, false, gv) + or + div4Check.comparesLt(e, 1, false, gv) + ) and + e.getRightOperand().getValue().toInt() = 4 and + yearSinkDiv4 = e.getLeftOperand() + ) + or + // year & 3 != 0 + exists(BitwiseAndExpr e | + div4Check.comparesEq(e, 0, false, gv) and + e.getRightOperand().getValue().toInt() = 3 and + yearSinkDiv4 = e.getLeftOperand() + ) + ) and + // year % 100 == 0 + exists(RemExpr e | + div100Check.comparesEq(e, 0, true, gv) and + e.getRightOperand().getValue().toInt() = 100 and + yearSinkDiv100 = e.getLeftOperand() + ) and + // year % 400 != 0 or year % 400 > 0 + exists(RemExpr e | + ( + div400Check.comparesEq(e, 0, false, gv) + or + div400Check.comparesLt(e, 1, false, gv) + ) and + e.getRightOperand().getValue().toInt() = 400 and + yearSinkDiv400 = e.getLeftOperand() + ) + ) + } + + Expr getYearSinkDiv4() { result = yearSinkDiv4 } + + Expr getYearSinkDiv100() { result = yearSinkDiv100 } + + Expr getYearSinkDiv400() { result = yearSinkDiv400 } + + /** + * Gets the variable access that is used in all 3 components of the leap year check + * e.g., see getYearSinkDiv4/100/400.. + * If a field access is used, the qualifier and the field access are both returned + * in checked condition. + * NOTE: if the year is not checked using the same access in all 3 components, no result is returned. + * The typical case observed is a consistent variable access is used. If not, this may indicate a bug. + * We could check more accurately with a dataflow analysis, but this is likely sufficient for now. + */ + VariableAccess checkedYearAccess() { + exists(Variable var | + ( + this.getYearSinkDiv4().getAChild*() = var.getAnAccess() and + this.getYearSinkDiv100().getAChild*() = var.getAnAccess() and + this.getYearSinkDiv400().getAChild*() = var.getAnAccess() and + result = var.getAnAccess() and + ( + result = this.getYearSinkDiv4().getAChild*() or + result = this.getYearSinkDiv100().getAChild*() or + result = this.getYearSinkDiv400().getAChild*() + ) + ) + ) + } +} + +/** + * A difficult case to detect is if a year modification is tied to a month or day modification + * and the month or day is safe for leap year. + * e.g., + * year++; + * month = 1; + * // alternative: day = 15; + * ... values eventually used in the same time struct + * If this is even more challenging if the struct the values end up in are not + * local (set inter-procedurally). + * This configuration looks for constants 1-31 flowing to a month or day assignment. + * It is assumed a user of this flow will check if the month/day source and month/day sink + * are in the same basic blocks as a year modification source and a year modification sink. + * It is also assumed a user will check if the constant source is a value that is ignorable + * e.g., if it is 2 and the sink is a month assignment, then it isn't ignorable or + * if the value is < 27 and is a day assignment, it is likely ignorable + * + * Obviously this does not handle all conditions (e.g., the month set in another block). + * It is meant to capture the most common cases of false positives. + */ +module CandidateConstantToDayOrMonthAssignmentConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source.asExpr().getValue().toInt() in [1 .. 31] and + ( + exists(Assignment a | a.getRValue() = source.asExpr()) + or + exists(Call c | c.getAnArgument() = source.asExpr()) + ) + } + + predicate isSink(DataFlow::Node sink) { + exists(Assignment a | + (a.getLValue() instanceof MonthFieldAccess or a.getLValue() instanceof DayFieldAccess) and + a.getRValue() = sink.asExpr() + ) + } +} + +// NOTE: only data flow here (no taint tracking) as we want the exact +// constant flowing to the month assignment +module CandidateConstantToDayOrMonthAssignmentFlow = + DataFlow::Global; + +/** + * Holds if value the assignment `a` resolves to (`dayOrMonthValSrcExpr`) doesn't represent February, + * and/or if it represents a day, is a 'safe' day (meaning the 27th or prior). + */ +bindingset[dayOrMonthValSrcExpr] +predicate isSafeValueForAssignmentOfMonthOrDayValue(Assignment a, Expr dayOrMonthValSrcExpr) { + a.getLValue() instanceof MonthFieldAccess and + dayOrMonthValSrcExpr.getValue().toInt() != 2 + or + a.getLValue() instanceof DayFieldAccess and + dayOrMonthValSrcExpr.getValue().toInt() <= 27 +} + +import OperationToYearAssignmentFlow::PathGraph + +from OperationToYearAssignmentFlow::PathNode src, OperationToYearAssignmentFlow::PathNode sink +where + OperationToYearAssignmentFlow::flowPath(src, sink) and + // Check if a month is set in the same block as the year operation source + // and the month value would indicate its set to any other month than february. + // Finds if the source year node is in the same block as a source month block + // and if the same for the sinks. + not exists(DataFlow::Node dayOrMonthValSrc, DataFlow::Node dayOrMonthValSink, Assignment a | + CandidateConstantToDayOrMonthAssignmentFlow::flow(dayOrMonthValSrc, dayOrMonthValSink) and + a.getRValue() = dayOrMonthValSink.asExpr() and + dayOrMonthValSink.getBasicBlock() = sink.getNode().getBasicBlock() and + exists(IRBlock dayOrMonthValBB | + dayOrMonthValBB = dayOrMonthValSrc.getBasicBlock() and + // The source of the day is set in the same block as the source for the year + // or the source for the day is set in the same block as the sink for the year + dayOrMonthValBB in [ + src.getNode().getBasicBlock(), + sink.getNode().getBasicBlock() + ] + ) and + isSafeValueForAssignmentOfMonthOrDayValue(a, dayOrMonthValSrc.asExpr()) + ) +select sink, src, sink, + "Year field has been modified, but no appropriate check for LeapYear was found." diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql index af02a2814a2..8e2d6e9d10f 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql @@ -44,23 +44,9 @@ class SafeTimeGatheringFunction extends Function { } } -/** - * This list of APIs should check for the return value to detect problems during the conversion. - */ -class TimeConversionFunction extends Function { - TimeConversionFunction() { - this.getQualifiedName() = - [ - "FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime", - "SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime", - "TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime", - "RtlTimeToSecondsSince1970", "_mkgmtime" - ] - } -} - from FunctionCall fcall, TimeConversionFunction trf, Variable var where + not trf.isAutoLeapYearCorrecting() and fcall = trf.getACallToThisFunction() and fcall instanceof ExprInVoidContext and var.getUnderlyingType() instanceof UnpackedTimeType and diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql index b8788910332..efd136bcd2d 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql @@ -16,17 +16,15 @@ import cpp import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.MustFlow -import PathGraph +import ReturnStackAllocatedMemory::PathGraph /** Holds if `f` has a name that we interpret as evidence of intentionally returning the value of the stack pointer. */ predicate intentionallyReturnsStackPointer(Function f) { f.getName().toLowerCase().matches(["%stack%", "%sp%"]) } -class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { - ReturnStackAllocatedMemoryConfig() { this = "ReturnStackAllocatedMemoryConfig" } - - override predicate isSource(Instruction source) { +module ReturnStackAllocatedMemoryConfig implements MustFlow::ConfigSig { + predicate isSource(Instruction source) { exists(Function func | // Rule out FPs caused by extraction errors. not func.hasErrors() and @@ -50,7 +48,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { ) } - override predicate isSink(Operand sink) { + predicate isSink(Operand sink) { // Holds if `sink` is a node that represents the `StoreInstruction` that is subsequently used in // a `ReturnValueInstruction`. // We use the `StoreInstruction` instead of the instruction that defines the @@ -72,7 +70,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { // int* px = id(&x); // } // ``` - override predicate allowInterproceduralFlow() { none() } + predicate allowInterproceduralFlow() { none() } /** * This configuration intentionally conflates addresses of fields and their object, and pointer offsets @@ -87,20 +85,22 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration { * } * ``` */ - override predicate isAdditionalFlowStep(Operand node1, Instruction node2) { + predicate isAdditionalFlowStep(Operand node1, Instruction node2) { node2.(FieldAddressInstruction).getObjectAddressOperand() = node1 or node2.(PointerOffsetInstruction).getLeftOperand() = node1 } - override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType } + predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType } } +module ReturnStackAllocatedMemory = MustFlow::Global; + from - MustFlowPathNode source, MustFlowPathNode sink, Instruction instr, - ReturnStackAllocatedMemoryConfig conf + ReturnStackAllocatedMemory::PathNode source, ReturnStackAllocatedMemory::PathNode sink, + Instruction instr where - conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and + ReturnStackAllocatedMemory::flowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and source.getInstruction() = instr select sink.getInstruction(), source, sink, "May return stack-allocated memory from $@.", instr.getAst(), instr.getAst().toString() diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql index 763a142f1b9..1697ad31810 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql @@ -15,7 +15,7 @@ import cpp import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.MustFlow -import PathGraph +import UninitializedLocal::PathGraph /** * Auxiliary predicate: Types that don't require initialization @@ -70,25 +70,26 @@ predicate isSinkImpl(Instruction sink, VariableAccess va) { ) } -class MustFlow extends MustFlowConfiguration { - MustFlow() { this = "MustFlow" } - - override predicate isSource(Instruction source) { +module UninitializedLocalConfig implements MustFlow::ConfigSig { + predicate isSource(Instruction source) { source instanceof UninitializedInstruction and exists(Type t | t = source.getResultType() | not allocatedType(t)) } - override predicate isSink(Operand sink) { isSinkImpl(sink.getDef(), _) } + predicate isSink(Operand sink) { isSinkImpl(sink.getDef(), _) } - override predicate allowInterproceduralFlow() { none() } + predicate allowInterproceduralFlow() { none() } - override predicate isBarrier(Instruction instr) { instr instanceof ChiInstruction } + predicate isBarrier(Instruction instr) { instr instanceof ChiInstruction } } +module UninitializedLocal = MustFlow::Global; + from - VariableAccess va, LocalVariable v, MustFlow conf, MustFlowPathNode source, MustFlowPathNode sink + VariableAccess va, LocalVariable v, UninitializedLocal::PathNode source, + UninitializedLocal::PathNode sink where - conf.hasFlowPath(source, sink) and + UninitializedLocal::flowPath(source, sink) and isSinkImpl(sink.getInstruction(), va) and v = va.getTarget() select va, source, sink, "The variable $@ may not be initialized at this access.", v, v.getName() diff --git a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql index bb62cfc1755..63b56d470e2 100644 --- a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql +++ b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql @@ -17,16 +17,16 @@ import cpp import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.MustFlow -import PathGraph +import UnsafeUseOfThis::PathGraph -class UnsafeUseOfThisConfig extends MustFlowConfiguration { - UnsafeUseOfThisConfig() { this = "UnsafeUseOfThisConfig" } +module UnsafeUseOfThisConfig implements MustFlow::ConfigSig { + predicate isSource(Instruction source) { isSource(source, _, _) } - override predicate isSource(Instruction source) { isSource(source, _, _) } - - override predicate isSink(Operand sink) { isSink(sink, _) } + predicate isSink(Operand sink) { isSink(sink, _) } } +module UnsafeUseOfThis = MustFlow::Global; + /** Holds if `sink` is a `this` pointer used by the call instruction `call`. */ predicate isSink(Operand sink, CallInstruction call) { exists(PureVirtualFunction func | @@ -66,19 +66,17 @@ predicate isSource(InitializeParameterInstruction source, string msg, Class c) { * - `msg` is a string describing whether `source` is from a constructor or destructor. */ predicate flows( - MustFlowPathNode source, string msg, Class sourceClass, MustFlowPathNode sink, + UnsafeUseOfThis::PathNode source, string msg, Class sourceClass, UnsafeUseOfThis::PathNode sink, CallInstruction call ) { - exists(UnsafeUseOfThisConfig conf | - conf.hasFlowPath(source, sink) and - isSource(source.getInstruction(), msg, sourceClass) and - isSink(sink.getInstruction().getAUse(), call) - ) + UnsafeUseOfThis::flowPath(source, sink) and + isSource(source.getInstruction(), msg, sourceClass) and + isSink(sink.getInstruction().getAUse(), call) } from - MustFlowPathNode source, MustFlowPathNode sink, CallInstruction call, string msg, - Class sourceClass + UnsafeUseOfThis::PathNode source, UnsafeUseOfThis::PathNode sink, CallInstruction call, + string msg, Class sourceClass where flows(source, msg, sourceClass, sink, call) and // Only raise an alert if there is no override of the pure virtual function in any base class. diff --git a/cpp/ql/src/change-notes/released/1.5.11.md b/cpp/ql/src/change-notes/released/1.5.11.md new file mode 100644 index 00000000000..5f42fc9133d --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.11.md @@ -0,0 +1,3 @@ +## 1.5.11 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index fda54b31bff..7e8e8103d99 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.10 +lastReleaseVersion: 1.5.11 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index b374fb51f75..d8620439fe6 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.11-dev +version: 1.5.12-dev groups: - cpp - queries diff --git a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected index a9c1bc66c50..773cb92b0b1 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected @@ -1,15 +1,143 @@ -| test.cpp:314:5:314:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:309:13:309:14 | st | st | -| test.cpp:327:5:327:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:322:13:322:14 | st | st | -| test.cpp:338:6:338:10 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:333:62:333:63 | st | st | -| test.cpp:484:5:484:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:480:13:480:14 | st | st | -| test.cpp:497:5:497:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:492:13:492:14 | st | st | -| test.cpp:509:5:509:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:505:13:505:14 | st | st | -| test.cpp:606:11:606:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:602:12:602:19 | timeinfo | timeinfo | -| test.cpp:634:11:634:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:628:12:628:19 | timeinfo | timeinfo | -| test.cpp:636:11:636:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:628:12:628:19 | timeinfo | timeinfo | -| test.cpp:640:5:640:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st | -| test.cpp:642:5:642:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st | -| test.cpp:718:5:718:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:712:13:712:14 | st | st | -| test.cpp:731:5:731:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st | -| test.cpp:732:5:732:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st | -| test.cpp:733:5:733:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st | +#select +| test.cpp:422:2:422:14 | ... += ... | test.cpp:422:2:422:14 | ... += ... | test.cpp:422:2:422:14 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:440:2:440:11 | ... ++ | test.cpp:440:2:440:11 | ... ++ | test.cpp:440:2:440:11 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:456:2:456:12 | ... ++ | test.cpp:456:2:456:12 | ... ++ | test.cpp:456:2:456:12 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:681:2:681:23 | ... += ... | test.cpp:681:2:681:23 | ... += ... | test.cpp:681:2:681:23 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:813:2:813:40 | ... = ... | test.cpp:813:21:813:40 | ... + ... | test.cpp:813:2:813:40 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:818:2:818:24 | ... = ... | test.cpp:818:13:818:24 | ... + ... | test.cpp:818:2:818:24 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:951:3:951:25 | ... = ... | test.cpp:951:14:951:25 | ... + ... | test.cpp:951:3:951:25 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:969:3:969:12 | ... ++ | test.cpp:969:3:969:12 | ... ++ | test.cpp:969:3:969:12 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1031:2:1031:11 | ... ++ | test.cpp:1031:2:1031:11 | ... ++ | test.cpp:1031:2:1031:11 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1051:16:1051:23 | increment_arg output argument | test.cpp:1039:2:1039:4 | ... ++ | test.cpp:1051:16:1051:23 | increment_arg output argument | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | test.cpp:1043:2:1043:7 | ... ++ | test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1109:2:1109:26 | ... = ... | test.cpp:1109:14:1109:26 | ... - ... | test.cpp:1109:2:1109:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1160:2:1160:19 | ... = ... | test.cpp:1158:2:1158:15 | ... += ... | test.cpp:1160:2:1160:19 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1199:2:1199:28 | ... = ... | test.cpp:1199:16:1199:28 | ... + ... | test.cpp:1199:2:1199:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1214:2:1214:28 | ... = ... | test.cpp:1214:16:1214:28 | ... + ... | test.cpp:1214:2:1214:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1228:2:1228:28 | ... = ... | test.cpp:1228:16:1228:28 | ... + ... | test.cpp:1228:2:1228:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1242:2:1242:26 | ... = ... | test.cpp:1242:14:1242:26 | ... + ... | test.cpp:1242:2:1242:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1256:2:1256:26 | ... = ... | test.cpp:1256:14:1256:26 | ... + ... | test.cpp:1256:2:1256:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1262:2:1262:28 | ... = ... | test.cpp:1262:16:1262:28 | ... + ... | test.cpp:1262:2:1262:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1274:2:1274:28 | ... = ... | test.cpp:1274:16:1274:28 | ... + ... | test.cpp:1274:2:1274:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1287:2:1287:26 | ... = ... | test.cpp:1287:14:1287:26 | ... + ... | test.cpp:1287:2:1287:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1299:2:1299:26 | ... = ... | test.cpp:1299:14:1299:26 | ... + ... | test.cpp:1299:2:1299:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1432:12:1432:17 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1446:9:1446:16 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1458:9:1458:16 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1515:2:1515:15 | ... = ... | test.cpp:1512:2:1512:10 | ... += ... | test.cpp:1515:2:1515:15 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1545:2:1545:22 | ... += ... | test.cpp:1545:2:1545:22 | ... += ... | test.cpp:1545:2:1545:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1553:2:1553:22 | ... += ... | test.cpp:1553:2:1553:22 | ... += ... | test.cpp:1553:2:1553:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1632:2:1632:22 | ... += ... | test.cpp:1632:2:1632:22 | ... += ... | test.cpp:1632:2:1632:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1644:2:1644:22 | ... += ... | test.cpp:1644:2:1644:22 | ... += ... | test.cpp:1644:2:1644:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1677:2:1677:22 | ... += ... | test.cpp:1677:2:1677:22 | ... += ... | test.cpp:1677:2:1677:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +| test.cpp:1753:2:1753:22 | ... += ... | test.cpp:1753:2:1753:22 | ... += ... | test.cpp:1753:2:1753:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. | +edges +| test.cpp:813:21:813:40 | ... + ... | test.cpp:813:2:813:40 | ... = ... | provenance | | +| test.cpp:818:13:818:24 | ... + ... | test.cpp:818:2:818:24 | ... = ... | provenance | | +| test.cpp:951:14:951:25 | ... + ... | test.cpp:951:3:951:25 | ... = ... | provenance | | +| test.cpp:1038:26:1038:26 | *x | test.cpp:1051:16:1051:23 | increment_arg output argument | provenance | | +| test.cpp:1039:2:1039:4 | ... ++ | test.cpp:1038:26:1038:26 | *x | provenance | | +| test.cpp:1042:37:1042:37 | *x | test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | provenance | | +| test.cpp:1043:2:1043:7 | ... ++ | test.cpp:1042:37:1042:37 | *x | provenance | | +| test.cpp:1109:14:1109:26 | ... - ... | test.cpp:1109:2:1109:26 | ... = ... | provenance | | +| test.cpp:1158:2:1158:15 | ... += ... | test.cpp:1160:2:1160:19 | ... = ... | provenance | | +| test.cpp:1199:16:1199:28 | ... + ... | test.cpp:1199:2:1199:28 | ... = ... | provenance | | +| test.cpp:1214:16:1214:28 | ... + ... | test.cpp:1214:2:1214:28 | ... = ... | provenance | | +| test.cpp:1228:16:1228:28 | ... + ... | test.cpp:1228:2:1228:28 | ... = ... | provenance | | +| test.cpp:1242:14:1242:26 | ... + ... | test.cpp:1242:2:1242:26 | ... = ... | provenance | | +| test.cpp:1256:14:1256:26 | ... + ... | test.cpp:1256:2:1256:26 | ... = ... | provenance | | +| test.cpp:1262:16:1262:28 | ... + ... | test.cpp:1262:2:1262:28 | ... = ... | provenance | | +| test.cpp:1274:16:1274:28 | ... + ... | test.cpp:1274:2:1274:28 | ... = ... | provenance | | +| test.cpp:1287:14:1287:26 | ... + ... | test.cpp:1287:2:1287:26 | ... = ... | provenance | | +| test.cpp:1299:14:1299:26 | ... + ... | test.cpp:1299:2:1299:26 | ... = ... | provenance | | +| test.cpp:1338:20:1338:23 | year | test.cpp:1341:2:1341:17 | ... = ... | provenance | | +| test.cpp:1351:15:1351:22 | ... + ... | test.cpp:1351:3:1351:22 | ... = ... | provenance | | +| test.cpp:1356:12:1356:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1365:15:1365:22 | ... + ... | test.cpp:1365:3:1365:22 | ... = ... | provenance | | +| test.cpp:1375:3:1375:20 | ... = ... | test.cpp:1377:12:1377:18 | yeartmp | provenance | | +| test.cpp:1375:13:1375:20 | ... + ... | test.cpp:1375:3:1375:20 | ... = ... | provenance | | +| test.cpp:1377:12:1377:18 | yeartmp | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1420:15:1420:22 | ... + ... | test.cpp:1420:3:1420:22 | ... = ... | provenance | | +| test.cpp:1425:12:1425:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1432:12:1432:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1446:2:1446:16 | ... = ... | test.cpp:1450:3:1450:18 | ... = ... | provenance | | +| test.cpp:1446:2:1446:16 | ... = ... | test.cpp:1455:12:1455:15 | year | provenance | | +| test.cpp:1446:9:1446:16 | ... + ... | test.cpp:1446:2:1446:16 | ... = ... | provenance | | +| test.cpp:1455:12:1455:15 | year | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1458:2:1458:16 | ... = ... | test.cpp:1464:12:1464:15 | year | provenance | | +| test.cpp:1458:9:1458:16 | ... + ... | test.cpp:1458:2:1458:16 | ... = ... | provenance | | +| test.cpp:1464:12:1464:15 | year | test.cpp:1338:20:1338:23 | year | provenance | | +| test.cpp:1512:2:1512:10 | ... += ... | test.cpp:1515:2:1515:15 | ... = ... | provenance | | +nodes +| test.cpp:422:2:422:14 | ... += ... | semmle.label | ... += ... | +| test.cpp:440:2:440:11 | ... ++ | semmle.label | ... ++ | +| test.cpp:456:2:456:12 | ... ++ | semmle.label | ... ++ | +| test.cpp:482:3:482:12 | ... ++ | semmle.label | ... ++ | +| test.cpp:681:2:681:23 | ... += ... | semmle.label | ... += ... | +| test.cpp:813:2:813:40 | ... = ... | semmle.label | ... = ... | +| test.cpp:813:21:813:40 | ... + ... | semmle.label | ... + ... | +| test.cpp:818:2:818:24 | ... = ... | semmle.label | ... = ... | +| test.cpp:818:13:818:24 | ... + ... | semmle.label | ... + ... | +| test.cpp:872:4:872:15 | ... ++ | semmle.label | ... ++ | +| test.cpp:951:3:951:25 | ... = ... | semmle.label | ... = ... | +| test.cpp:951:14:951:25 | ... + ... | semmle.label | ... + ... | +| test.cpp:969:3:969:12 | ... ++ | semmle.label | ... ++ | +| test.cpp:1031:2:1031:11 | ... ++ | semmle.label | ... ++ | +| test.cpp:1038:26:1038:26 | *x | semmle.label | *x | +| test.cpp:1039:2:1039:4 | ... ++ | semmle.label | ... ++ | +| test.cpp:1042:37:1042:37 | *x | semmle.label | *x | +| test.cpp:1043:2:1043:7 | ... ++ | semmle.label | ... ++ | +| test.cpp:1051:16:1051:23 | increment_arg output argument | semmle.label | increment_arg output argument | +| test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | semmle.label | increment_arg_by_pointer output argument | +| test.cpp:1109:2:1109:26 | ... = ... | semmle.label | ... = ... | +| test.cpp:1109:14:1109:26 | ... - ... | semmle.label | ... - ... | +| test.cpp:1158:2:1158:15 | ... += ... | semmle.label | ... += ... | +| test.cpp:1160:2:1160:19 | ... = ... | semmle.label | ... = ... | +| test.cpp:1199:2:1199:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:1199:16:1199:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:1214:2:1214:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:1214:16:1214:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:1228:2:1228:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:1228:16:1228:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:1242:2:1242:26 | ... = ... | semmle.label | ... = ... | +| test.cpp:1242:14:1242:26 | ... + ... | semmle.label | ... + ... | +| test.cpp:1256:2:1256:26 | ... = ... | semmle.label | ... = ... | +| test.cpp:1256:14:1256:26 | ... + ... | semmle.label | ... + ... | +| test.cpp:1262:2:1262:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:1262:16:1262:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:1274:2:1274:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:1274:16:1274:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:1287:2:1287:26 | ... = ... | semmle.label | ... = ... | +| test.cpp:1287:14:1287:26 | ... + ... | semmle.label | ... + ... | +| test.cpp:1299:2:1299:26 | ... = ... | semmle.label | ... = ... | +| test.cpp:1299:14:1299:26 | ... + ... | semmle.label | ... + ... | +| test.cpp:1338:20:1338:23 | year | semmle.label | year | +| test.cpp:1341:2:1341:17 | ... = ... | semmle.label | ... = ... | +| test.cpp:1351:3:1351:22 | ... = ... | semmle.label | ... = ... | +| test.cpp:1351:15:1351:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:1356:12:1356:17 | ... + ... | semmle.label | ... + ... | +| test.cpp:1365:3:1365:22 | ... = ... | semmle.label | ... = ... | +| test.cpp:1365:15:1365:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:1375:3:1375:20 | ... = ... | semmle.label | ... = ... | +| test.cpp:1375:13:1375:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:1377:12:1377:18 | yeartmp | semmle.label | yeartmp | +| test.cpp:1420:3:1420:22 | ... = ... | semmle.label | ... = ... | +| test.cpp:1420:15:1420:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:1425:12:1425:17 | ... + ... | semmle.label | ... + ... | +| test.cpp:1432:12:1432:17 | ... + ... | semmle.label | ... + ... | +| test.cpp:1446:2:1446:16 | ... = ... | semmle.label | ... = ... | +| test.cpp:1446:9:1446:16 | ... + ... | semmle.label | ... + ... | +| test.cpp:1450:3:1450:18 | ... = ... | semmle.label | ... = ... | +| test.cpp:1455:12:1455:15 | year | semmle.label | year | +| test.cpp:1458:2:1458:16 | ... = ... | semmle.label | ... = ... | +| test.cpp:1458:9:1458:16 | ... + ... | semmle.label | ... + ... | +| test.cpp:1464:12:1464:15 | year | semmle.label | year | +| test.cpp:1512:2:1512:10 | ... += ... | semmle.label | ... += ... | +| test.cpp:1515:2:1515:15 | ... = ... | semmle.label | ... = ... | +| test.cpp:1545:2:1545:22 | ... += ... | semmle.label | ... += ... | +| test.cpp:1553:2:1553:22 | ... += ... | semmle.label | ... += ... | +| test.cpp:1632:2:1632:22 | ... += ... | semmle.label | ... += ... | +| test.cpp:1644:2:1644:22 | ... += ... | semmle.label | ... += ... | +| test.cpp:1677:2:1677:22 | ... += ... | semmle.label | ... += ... | +| test.cpp:1753:2:1753:22 | ... += ... | semmle.label | ... += ... | +subpaths diff --git a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref index 22a30d72b68..12bb5eb1e69 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref +++ b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref @@ -1 +1,2 @@ -Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +query: Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected index fb79592b7f2..9c1d83861f0 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected @@ -1,5 +1,6 @@ -| test.cpp:317:2:317:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:309:13:309:14 | st | st | -| test.cpp:330:2:330:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:322:13:322:14 | st | st | -| test.cpp:341:2:341:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:333:62:333:63 | st | st | -| test.cpp:720:2:720:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:712:13:712:14 | st | st | -| test.cpp:735:2:735:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:725:13:725:14 | st | st | +| test.cpp:425:2:425:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:417:13:417:14 | st | st | +| test.cpp:443:2:443:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:435:13:435:14 | st | st | +| test.cpp:459:2:459:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:451:62:451:63 | st | st | +| test.cpp:953:3:953:22 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:944:14:944:15 | st | st | +| test.cpp:971:3:971:22 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:962:14:962:15 | st | st | +| test.cpp:1035:2:1035:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:1025:13:1025:14 | st | st | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp index 3db9b61edd2..a2dce39cc85 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp @@ -1,4 +1,4 @@ -typedef unsigned short WORD; +typedef unsigned short WORD; typedef unsigned long DWORD, HANDLE; typedef int BOOL, BOOLEAN, errno_t; typedef char CHAR; @@ -46,6 +46,8 @@ typedef struct _TIME_DYNAMIC_ZONE_INFORMATION { BOOLEAN DynamicDaylightTimeDisabled; } DYNAMIC_TIME_ZONE_INFORMATION, *PDYNAMIC_TIME_ZONE_INFORMATION; +typedef const wchar_t* LPCWSTR; + struct tm { int tm_sec; // seconds after the minute - [0, 60] including leap second @@ -59,6 +61,42 @@ struct tm int tm_isdst; // daylight savings time flag }; +struct timespec +{ + time_t tv_sec; + long tv_nsec; +}; + +/* Timestamps of log entries. */ +struct logtime { + struct tm tm; + long usec; +}; + +/* + * Data structure representing a broken-down timestamp. + * + * CAUTION: the IANA timezone library (src/timezone/) follows the POSIX + * convention that tm_mon counts from 0 and tm_year is relative to 1900. + * However, Postgres' datetime functions generally treat tm_mon as counting + * from 1 and tm_year as relative to 1 BC. Be sure to make the appropriate + * adjustments when moving from one code domain to the other. + */ +struct pg_tm +{ + int tm_sec; + int tm_min; + int tm_hour; + int tm_mday; + int tm_mon; /* see above */ + int tm_year; /* see above */ + int tm_wday; + int tm_yday; + int tm_isdst; + long int tm_gmtoff; + const char *tm_zone; +}; + BOOL SystemTimeToFileTime( const SYSTEMTIME* lpSystemTime, @@ -99,9 +137,16 @@ TzSpecificLocalTimeToSystemTimeEx( LPSYSTEMTIME lpUniversalTime ); +int _wtoi( + const wchar_t *str +); + void GetSystemTime( LPSYSTEMTIME lpSystemTime ); +void GetLocalTime( + LPSYSTEMTIME lpSystemTime +); void GetSystemTimeAsFileTime( LPFILETIME lpSystemTimeAsFileTime @@ -149,6 +194,12 @@ GetFileTime( LPFILETIME lpLastWriteTime ); +struct tm *localtime_r( const time_t *timer, struct tm *buf ); + +/** + * Negative Case + * FileTimeToSystemTime is called and the return value is checked +*/ void Correct_FileTimeToSystemTime(const FILETIME* lpFileTime) { SYSTEMTIME systemTime; @@ -162,6 +213,10 @@ void Correct_FileTimeToSystemTime(const FILETIME* lpFileTime) /// Normal usage } +/** + * Positive (Out of Scope) Bug Case + * FileTimeToSystemTime is called but no check is conducted to verify the result of the operation +*/ void AntiPattern_FileTimeToSystemTime(const FILETIME* lpFileTime) { SYSTEMTIME systemTime; @@ -170,6 +225,10 @@ void AntiPattern_FileTimeToSystemTime(const FILETIME* lpFileTime) FileTimeToSystemTime(lpFileTime, &systemTime); } +/** + * Negative Case + * SystemTimeToTzSpecificLocalTime is called and the return value is verified +*/ void Correct_SystemTimeToTzSpecificLocalTime(const TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpUniversalTime) { SYSTEMTIME localTime; @@ -183,6 +242,10 @@ void Correct_SystemTimeToTzSpecificLocalTime(const TIME_ZONE_INFORMATION *lpTime /// Normal usage } +/** + * Positive (Out of Scope) Case + * AntiPattern_SystemTimeToTzSpecificLocalTime is called but the return value is not validated +*/ void AntiPattern_SystemTimeToTzSpecificLocalTime(const TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpUniversalTime) { SYSTEMTIME localTime; @@ -191,6 +254,10 @@ void AntiPattern_SystemTimeToTzSpecificLocalTime(const TIME_ZONE_INFORMATION *lp SystemTimeToTzSpecificLocalTime(lpTimeZoneInformation, lpUniversalTime, &localTime); } +/** + * Negative Case + * SystemTimeToTzSpecificLocalTimeEx is called and the return value is validated +*/ void Correct_SystemTimeToTzSpecificLocalTimeEx(const DYNAMIC_TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpUniversalTime) { SYSTEMTIME localTime; @@ -204,6 +271,10 @@ void Correct_SystemTimeToTzSpecificLocalTimeEx(const DYNAMIC_TIME_ZONE_INFORMATI /// Normal usage } +/** + * Positive Case + * SystemTimeToTzSpecificLocalTimeEx is called but the return value is not validated +*/ void AntiPattern_SystemTimeToTzSpecificLocalTimeEx(const DYNAMIC_TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpUniversalTime) { SYSTEMTIME localTime; @@ -212,6 +283,10 @@ void AntiPattern_SystemTimeToTzSpecificLocalTimeEx(const DYNAMIC_TIME_ZONE_INFOR SystemTimeToTzSpecificLocalTimeEx(lpTimeZoneInformation, lpUniversalTime, &localTime); } +/** + * Negative Case + * Correct use of TzSpecificLocalTimeToSystemTime, function is called and the return value is validated. +*/ void Correct_TzSpecificLocalTimeToSystemTime(const TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpLocalTime) { SYSTEMTIME universalTime; @@ -225,6 +300,10 @@ void Correct_TzSpecificLocalTimeToSystemTime(const TIME_ZONE_INFORMATION *lpTime /// Normal usage } +/** + * Positive (Out of Scope) Case + * TzSpecificLocalTimeToSystemTime is called however the return value is not validated +*/ void AntiPattern_TzSpecificLocalTimeToSystemTime(const TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpLocalTime) { SYSTEMTIME universalTime; @@ -233,6 +312,10 @@ void AntiPattern_TzSpecificLocalTimeToSystemTime(const TIME_ZONE_INFORMATION *lp TzSpecificLocalTimeToSystemTime(lpTimeZoneInformation, lpLocalTime, &universalTime); } +/** + * Negative Case + * TzSpecificLocalTimeToSystemTimeEx is called and the return value is correctly validated +*/ void Correct_TzSpecificLocalTimeToSystemTimeEx(const DYNAMIC_TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpLocalTime) { SYSTEMTIME universalTime; @@ -246,6 +329,10 @@ void Correct_TzSpecificLocalTimeToSystemTimeEx(const DYNAMIC_TIME_ZONE_INFORMATI /// Normal usage } +/** + * Positive (Out of Scope) Case + * TzSpecificLocalTimeToSystemTimeEx is called however the return value is not validated +*/ void AntiPattern_TzSpecificLocalTimeToSystemTimeEx(const DYNAMIC_TIME_ZONE_INFORMATION *lpTimeZoneInformation, const SYSTEMTIME *lpLocalTime) { SYSTEMTIME universalTime; @@ -258,6 +345,10 @@ void AntiPattern_TzSpecificLocalTimeToSystemTimeEx(const DYNAMIC_TIME_ZONE_INFOR SYSTEMTIME Cases *************************************************/ +/** + * Negative Case + * SystemTimeToFileTime is called and the return value is validated in a guard +*/ void Correct_filetime_conversion_check(SYSTEMTIME& st) { FILETIME ft; @@ -273,6 +364,10 @@ void Correct_filetime_conversion_check(SYSTEMTIME& st) ////////////////////////////////////////////// +/** + * Positive (Out of Scope) Case + * SystemTimeToFileTime is called but the return value is not validated in a guard +*/ void AntiPattern_unchecked_filetime_conversion(SYSTEMTIME& st) { FILETIME ft; @@ -281,6 +376,10 @@ void AntiPattern_unchecked_filetime_conversion(SYSTEMTIME& st) SystemTimeToFileTime(&st, &ft); } +/** + * Positive (Out of Scope) Case + * SystemTimeToFileTime is called but the return value is not validated in a guard +*/ void AntiPattern_unchecked_filetime_conversion2(SYSTEMTIME* st) { FILETIME ft; @@ -292,6 +391,10 @@ void AntiPattern_unchecked_filetime_conversion2(SYSTEMTIME* st) } } +/** + * Positive (Out of Scope) + * SYSTEMTIME.wDay is incremented by one (and no guard exists) +*/ void AntiPattern_unchecked_filetime_conversion2() { SYSTEMTIME st; @@ -304,6 +407,11 @@ void AntiPattern_unchecked_filetime_conversion2() SystemTimeToFileTime(&st, &ft); } +/** + * Positive Cases + * - Anti-pattern 1: [year +-n, month, day] + * - Generic (Out of Scope) - UncheckedReturnValueForTimeFunctions +*/ void AntiPattern_unchecked_filetime_conversion2a() { SYSTEMTIME st; @@ -311,12 +419,17 @@ void AntiPattern_unchecked_filetime_conversion2a() GetSystemTime(&st); // BUG - UncheckedLeapYearAfterYearModification - st.wYear += 2; + st.wYear += 2; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] // BUG - UncheckedReturnValueForTimeFunctions SystemTimeToFileTime(&st, &ft); } +/** + * Positive Cases + * - Anti-pattern 1: [year +-n, month, day] + * - Generic (Out of Scope) - UncheckedReturnValueForTimeFunctions +*/ void AntiPattern_unchecked_filetime_conversion2b() { SYSTEMTIME st; @@ -324,23 +437,33 @@ void AntiPattern_unchecked_filetime_conversion2b() GetSystemTime(&st); // BUG - UncheckedLeapYearAfterYearModification - st.wYear++; + st.wYear++; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] // BUG - UncheckedReturnValueForTimeFunctions SystemTimeToFileTime(&st, &ft); } +/** + * Positive Cases + * - Anti-pattern 1: [year +-n, month, day] + * - Generic (Out of Scope) - UncheckedReturnValueForTimeFunctions +*/ void AntiPattern_unchecked_filetime_conversion2b(SYSTEMTIME* st) { FILETIME ft; // BUG - UncheckedLeapYearAfterYearModification - st->wYear++; + st->wYear++; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] // BUG - UncheckedReturnValueForTimeFunctions SystemTimeToFileTime(st, &ft); } +/** + * Positive Cases + * - Anti-pattern 3: datetime.AddDays(+-28) + * - Generic (Out of Scope) - UncheckedReturnValueForTimeFunctions +*/ void AntiPattern_unchecked_filetime_conversion3() { SYSTEMTIME st; @@ -349,11 +472,12 @@ void AntiPattern_unchecked_filetime_conversion3() if (st.wMonth < 12) { + // Anti-pattern 3: datetime.AddDays(+-28) st.wMonth++; } else { - // Check for leap year, but... + // No check for leap year is required here, as the month is statically set to January. st.wMonth = 1; st.wYear++; } @@ -363,6 +487,11 @@ void AntiPattern_unchecked_filetime_conversion3() } ////////////////////////////////////////////// + +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Year is incremented and if we are on Feb the 29th, set to the 28th if the new year is a common year. +*/ void CorrectPattern_check1() { SYSTEMTIME st; @@ -370,7 +499,7 @@ void CorrectPattern_check1() st.wYear++; - // Guard + // Guard against February the 29th if (st.wMonth == 2 && st.wDay == 29) { // move back a day when landing on Feb 29 in an non-leap year @@ -385,6 +514,10 @@ void CorrectPattern_check1() AntiPattern_unchecked_filetime_conversion(st); } +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and then the leap year case is correctly guarded and handled. +*/ void CorrectPattern_check2(int yearsToAdd) { SYSTEMTIME st; @@ -400,11 +533,18 @@ void CorrectPattern_check2(int yearsToAdd) AntiPattern_unchecked_filetime_conversion(st); } +/** + * Could give rise to AntiPattern 7: IsLeapYear (Conditional Logic) +*/ bool isLeapYear(SYSTEMTIME& st) { return st.wYear % 4 == 0 && (st.wYear % 100 != 0 || st.wYear % 400 == 0); } +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and then the leap year case is correctly guarded and handled. +*/ void CorrectPattern_check3() { SYSTEMTIME st; @@ -413,6 +553,9 @@ void CorrectPattern_check3() st.wYear++; // Guard + /** Negative Case - Anti-pattern 7: IsLeapYear + * Body of conditional statement is safe recommended code + */ if (st.wMonth == 2 && st.wDay == 29 && isLeapYear(st)) { // move back a day when landing on Feb 29 in an non-leap year @@ -423,6 +566,9 @@ void CorrectPattern_check3() AntiPattern_unchecked_filetime_conversion(st); } +/** + * Could give rise to AntiPattern 7: IsLeapYear (Conditional Logic) +*/ bool isLeapYear2(int year) { return year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); @@ -433,6 +579,10 @@ bool fixDate(int day, int month, int year) return (month == 2 && day == 29 && isLeapYear2(year)); } +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and then the leap year case is correctly guarded and handled. +*/ void CorrectPattern_check4() { SYSTEMTIME st; @@ -442,18 +592,23 @@ void CorrectPattern_check4() st.wYear++; // Guard + /** Negative Case - Anti-pattern 7: IsLeapYear + * Body of conditional statement is safe recommended code + */ if (fixDate(st.wDay, st.wMonth, st.wYear)) { // move back a day when landing on Feb 29 in an non-leap year - st.wDay = 28; // GOOD [FALSE POSITIVE] + st.wDay = 28; // GOOD [FALSE POSITIVE] Anti-pattern 7 } // Safe to use AntiPattern_unchecked_filetime_conversion(st); } - - +/** + * Negative Case - Generic + * No manipulation is conducted on struct populated from GetSystemTime. +*/ void CorrectPattern_NotManipulated_DateFromAPI_0() { SYSTEMTIME st; @@ -464,6 +619,10 @@ void CorrectPattern_NotManipulated_DateFromAPI_0() SystemTimeToFileTime(&st, &ft); } +/** + * Negative Case - Generic + * No manipulation is conducted on struct populated from GetFileTime. +*/ void CorrectPattern_NotManipulated_DateFromAPI_1(HANDLE hWatchdog) { SYSTEMTIME st; @@ -475,43 +634,56 @@ void CorrectPattern_NotManipulated_DateFromAPI_1(HANDLE hWatchdog) ///////////////////////////////////////////////////////////////// +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Year is incremented by some integer and checked through a conversion through an inter procedural function check +*/ void AntiPattern_1_year_addition() { SYSTEMTIME st; GetSystemTime(&st); - // BUG - UncheckedLeapYearAfterYearModification + // Safe, checked interprocedurally through Correct_filetime_conversion_check st.wYear++; // Usage of potentially invalid date Correct_filetime_conversion_check(st); } + + +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and checked through a conversion through an inter procedural function check +*/ void AntiPattern_simple_addition(int yearAddition) { SYSTEMTIME st; GetSystemTime(&st); - // BUG - UncheckedLeapYearAfterYearModification st.wYear += yearAddition; // Usage of potentially invalid date Correct_filetime_conversion_check(st); } +/** + * Positive Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer but a leap year is not handled *correctly*. +*/ void AntiPattern_IncorrectGuard(int yearsToAdd) { SYSTEMTIME st; GetSystemTime(&st); // BUG - UncheckedLeapYearAfterYearModification - st.wYear += yearsToAdd; + st.wYear += yearsToAdd; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] // Incorrect Guard if (st.wMonth == 2 && st.wDay == 29) { - // Part of a different anti-pattern. + // Part of a different anti-pattern (AntiPattern 5). // Make sure the guard includes the proper check bool isLeapYear = st.wYear % 4 == 0; if (!isLeapYear) @@ -519,9 +691,6 @@ void AntiPattern_IncorrectGuard(int yearsToAdd) st.wDay = 28; } } - - // Potentially Unsafe to use - Correct_filetime_conversion_check(st); } /************************************************* @@ -539,6 +708,10 @@ void CorrectUsageOf_mkgmtime(struct tm& timeinfo) /// _mkgmtime succeeded } +/** + * Positive Case - General (Out of Scope) + * Must Check for return value of _mkgmtime +*/ void AntiPattern_uncheckedUsageOf_mkgmtime(struct tm& timeinfo) { // (out-of-scope) GeneralBug: Must check return value for _mkgmtime @@ -550,6 +723,10 @@ void AntiPattern_uncheckedUsageOf_mkgmtime(struct tm& timeinfo) ////////////////////////////////////////////////////////// +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and leap year is not handled correctly. +*/ void Correct_year_addition_struct_tm() { time_t rawtime; @@ -567,7 +744,7 @@ void Correct_year_addition_struct_tm() timeinfo.tm_year++; // Guard - // move back a day when landing on Feb 29 in an non-leap year + // move back a day when landing on Feb 29 in an non-leap year bool isLeapYear = timeinfo.tm_year % 4 == 0 && (timeinfo.tm_year % 100 != 0 || (timeinfo.tm_year + 1900) % 400 == 0); timeinfo.tm_mday = timeinfo.tm_mon == 1 && timeinfo.tm_mday == 29 && !isLeapYear ? 28 : timeinfo.tm_mday; @@ -575,7 +752,11 @@ void Correct_year_addition_struct_tm() AntiPattern_uncheckedUsageOf_mkgmtime(timeinfo); } -void Correct_LinuxPattern() +/** + * Positive Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and leap year is not handled correctly. +*/ +void Incorrect_LinuxPattern() { time_t rawtime; struct tm timeinfo; @@ -584,6 +765,7 @@ void Correct_LinuxPattern() errno_t err = gmtime_s(&timeinfo, &rawtime); /* from 1900 -> from 1980 */ + // BUG - UncheckedLeapYearAfterYearModification timeinfo.tm_year -= 80; /* 0~11 -> 1~12 */ timeinfo.tm_mon++; @@ -596,34 +778,30 @@ void Correct_LinuxPattern() ////////////////////////////////////////// +/** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Years is incremented by some integer and leap year is assumed checked through + * check of a conversion functions return value. +*/ void AntiPattern_year_addition_struct_tm() { time_t rawtime; struct tm timeinfo; time(&rawtime); gmtime_s(&timeinfo, &rawtime); - // BUG - UncheckedLeapYearAfterYearModification timeinfo.tm_year++; - // Usage of potentially invalid date + // mkgmtime result checked in nested call here, assume leap year conversion is potentially handled CorrectUsageOf_mkgmtime(timeinfo); } ///////////////////////////////////////////////////////// -void FalsePositiveTests(int x) -{ - struct tm timeinfo; - SYSTEMTIME st; - timeinfo.tm_year = x; - timeinfo.tm_year = 1970; - - st.wYear = x; - st.wYear = 1900 + x; -} - -void FalseNegativeTests(int x) +/** + * Positive Case - Anti-pattern 1: [year +-n, month, day] +*/ +void test(int x) { struct tm timeinfo; SYSTEMTIME st; @@ -631,106 +809,952 @@ void FalseNegativeTests(int x) timeinfo.tm_year = x; // BUG - UncheckedLeapYearAfterYearModification - timeinfo.tm_year = x + timeinfo.tm_year; - // BUG - UncheckedLeapYearAfterYearModification - timeinfo.tm_year = 1970 + timeinfo.tm_year; + // Positive Case - Anti-pattern 1: [year +-n, month, day] + timeinfo.tm_year = x + timeinfo.tm_year; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] st.wYear = x; // BUG - UncheckedLeapYearAfterYearModification - st.wYear = x + st.wYear; - // BUG - UncheckedLeapYearAfterYearModification - st.wYear = (1986 + st.wYear) - 1; + // Positive Case - Anti-pattern 1: [year +-n, month, day] + st.wYear = x + st.wYear; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] } -// False positive -inline void -IncrementMonth(LPSYSTEMTIME pst) +/** + * Positive AntiPattern 1 NOTE: historically considered positive but mktime checks year validity, needs re-assessment + * Year field is modified but via an intermediary variable. +*/ +void tp_intermediaryVar(struct timespec now, struct logtime ×tamp_remote) { - if (pst->wMonth < 12) + struct tm tm_parsed; + + struct tm tm_now; + time_t t_now; + int year; + + /* + * As the timestamp does not contain the year + * number, daylight saving time information, nor + * a time zone, attempt to infer it. Due to + * clock skews, the timestamp may even be part + * of the next year. Use the last year for which + * the timestamp is at most one week in the + * future. + * + * This loop can only run for at most three + * iterations before terminating. + */ + t_now = now.tv_sec; + localtime_r(&t_now, &tm_now); + + timestamp_remote.tm = tm_parsed; + timestamp_remote.tm.tm_isdst = -1; + timestamp_remote.usec = now.tv_nsec * 0.001; + for (year = tm_now.tm_year + 1;; --year) { - pst->wMonth++; - } - else - { - pst->wMonth = 1; - pst->wYear++; + // assert(year >= tm_now.tm_year - 1); + timestamp_remote.tm.tm_year = year; + if (mktime(×tamp_remote.tm) < t_now + 7 * 24 * 60 * 60) + break; } } -///////////////////////////////////////////////////////// -void mkDateTest(int year) -{ - struct tm t; - - t.tm_sec = 0; - t.tm_min = 0; - t.tm_hour = 0; - t.tm_mday = 1; // day of the month - [1, 31] - t.tm_mon = 0; // months since January - [0, 11] - if (year >= 1900) + // False positive + inline void + IncrementMonth(LPSYSTEMTIME pst) { - // 4-digit year - t.tm_year = year - 1900; // GOOD - } else if ((year >= 0) && (year < 100)) { - // 2-digit year assumed in the range 2000 - 2099 - t.tm_year = year + 100; // GOOD [FALSE POSITIVE] - } else { - // fail + if (pst->wMonth < 12) + { + pst->wMonth++; + } + else + { + pst->wMonth = 1; + pst->wYear++; + } } - // ... + + ///////////////////////////////////////////////////////// + + void mkDateTest(int year) + { + struct tm t; + + t.tm_sec = 0; + t.tm_min = 0; + t.tm_hour = 0; + t.tm_mday = 1; // day of the month - [1, 31] + t.tm_mon = 0; // months since January - [0, 11] + if (year >= 1900) + { + // 4-digit year + t.tm_year = year - 1900; // GOOD + } + else if ((year >= 0) && (year < 100)) + { + // 2-digit year assumed in the range 2000 - 2099 + t.tm_year = year + 100; // GOOD [FALSE POSITIVE] + } + else + { + // fail + } + // ... + } + + /** + * Negative Case - Anti-pattern 1a: [a.year, b.month, b.day] + * False positive: No modification of SYSTEMTIME struct. + */ + void unmodified1() + { + SYSTEMTIME st; + FILETIME ft; + WORD w; + + GetSystemTime(&st); + + w = st.wYear; + + SystemTimeToFileTime(&st, &ft); // GOOD - no modification + } + + /** + * Negative Case - Anti-pattern 1a: [a.year, b.month, b.day] + * False positive: No modification of SYSTEMTIME struct. + */ + void unmodified2() + { + SYSTEMTIME st; + FILETIME ft; + WORD *w_ptr; + + GetSystemTime(&st); + + w_ptr = &(st.wYear); + + SystemTimeToFileTime(&st, &ft); // GOOD - no modification + } + + /** + * Positive Case - Anti-pattern 1: [year +-n, month, day] + * Modification of SYSTEMTIME struct adding to year but no leap year guard is conducted. + */ + void modified3() + { + SYSTEMTIME st; + FILETIME ft; + WORD *w_ptr; + + GetSystemTime(&st); + + // BUG - UncheckedLeapYearAfterYearModification + st.wYear = st.wYear + 1; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + SystemTimeToFileTime(&st, &ft); + } + + /** + * Positive Case - Anti-pattern 1: [year +-n, month, day] + * Modification of SYSTEMTIME struct adding to year but no leap year guard is conducted. + */ + void modified4() + { + SYSTEMTIME st; + FILETIME ft; + WORD *w_ptr; + + GetSystemTime(&st); + + // BUG - UncheckedLeapYearAfterYearModification + st.wYear++; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + SystemTimeToFileTime(&st, &ft); + } + + /** + * Negative Case - Anti-pattern 1: [year +-n, month, day] + * Modification of SYSTEMTIME struct adding to year but value passed to a + * conversion function that can be checked for success, and the result is checked. + */ + void modified5() + { + SYSTEMTIME st; + FILETIME ft; + WORD *w_ptr; + + GetSystemTime(&st); + + st.wYear++; + + // Presumed safe usage, as if the conversion is incorrect, a user can handle the error. + // NOTE: it doesn't mean the user actually does the correct conversion and it it also + // doesn't mean it will error our in all cases that may be invalid. + // For example, if a leap year and the date is 28, we may want 29 if the time is meant + // to capture the end of the month, but 28 is still valid and will not error out. + if (SystemTimeToFileTime(&st, &ft)) + { + ///... + } + } + +/** +* Negative Case - Anti-pattern 1: [year +-n, month, day] +* Modification of SYSTEMTIME struct by copying from another struct, but no arithmetic is performed. +*/ +bool +FMAPITimeToSysTimeW(LPCWSTR wszTime, SYSTEMTIME *psystime) +{ + // if (!wszTime || SafeIsBadReadPtr(wszTime, 1) || lstrlenW(wszTime) != cchMAPITime) + // return false; + // AssertTag(!SafeIsBadWritePtr(psystime, sizeof(SYSTEMTIME)), 0x0004289a /* tag_abc80 */); + // memset(psystime, 0, sizeof(SYSTEMTIME)); + + psystime->wYear = (WORD)_wtoi(wszTime); + psystime->wMonth = (WORD)_wtoi(wszTime+5); + psystime->wDay = (WORD)_wtoi(wszTime+8); + psystime->wHour = (WORD)_wtoi(wszTime+11); + psystime->wMinute = (WORD)_wtoi(wszTime+14); + return true; } -void unmodified1() -{ +/** +* Negative Case - Anti-pattern 1: [year +-n, month, day] +* Modification of SYSTEMTIME struct by copying from another struct, but no arithmetic is performed. +*/ +void fp_daymonth_guard(){ SYSTEMTIME st; FILETIME ft; - WORD w; - GetSystemTime(&st); + // FALSE POSITIVE: year is incremented but month is checked and day corrected + // in a ternary operation. It may be possible to fix this with a more sophisticated + // data flow analysis. + st.wYear++; // $ SPURIOUS: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] - w = st.wYear; - - SystemTimeToFileTime(&st, &ft); // GOOD - no modification -} - -void unmodified2() -{ - SYSTEMTIME st; - FILETIME ft; - WORD *w_ptr; - - GetSystemTime(&st); - - w_ptr = &(st.wYear); - - SystemTimeToFileTime(&st, &ft); // GOOD - no modification -} - -void modified3() -{ - SYSTEMTIME st; - FILETIME ft; - WORD *w_ptr; - - GetSystemTime(&st); - - st.wYear = st.wYear + 1; // BAD + st.wDay = st.wMonth == 2 && st.wDay == 29 ? 28 : st.wDay; SystemTimeToFileTime(&st, &ft); } -void modified4() -{ - SYSTEMTIME st; - FILETIME ft; - WORD *w_ptr; - - GetSystemTime(&st); - - st.wYear++; // BAD - st.wYear++; // BAD - st.wYear++; // BAD - - SystemTimeToFileTime(&st, &ft); +void increment_arg(WORD &x){ + x++; // $ Source +} + +void increment_arg_by_pointer(WORD *x){ + (*x)++; // $ Source +} + + +void fn_year_set_through_out_arg(){ + SYSTEMTIME st; + GetSystemTime(&st); + // BAD, year incremented without check + increment_arg(st.wYear); // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // GetSystemTime(&st); + // Bad, year incremented without check + increment_arg_by_pointer(&st.wYear); // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + + +/* TODO: don't alert on simple copies from another struct where all three {year,month,day} are copied +void +GetEpochTime(struct pg_tm *tm) +{ + struct pg_tm *t0; + pg_time_t epoch = 0; + + t0 = pg_gmtime(&epoch); + + tm->tm_year = t0->tm_year; + tm->tm_mon = t0->tm_mon; + tm->tm_mday = t0->tm_mday; + tm->tm_hour = t0->tm_hour; + tm->tm_min = t0->tm_min; + tm->tm_sec = t0->tm_sec; + + tm->tm_year += 1900; + tm->tm_mon++; +} */ + +void +fp_guarded_by_month(struct pg_tm *tm){ + int woy = 52; + int MONTHS_PER_YEAR = 12; + /* + * If it is week 52/53 and the month is January, then the + * week must belong to the previous year. Also, some + * December dates belong to the next year. + */ + if (woy >= 52 && tm->tm_mon == 1) + --tm->tm_year; // Negative Test Case + if (woy <= 1 && tm->tm_mon == MONTHS_PER_YEAR) + ++tm->tm_year; // Negative Test Case +} + +typedef unsigned short CSHORT; + +typedef struct _TIME_FIELDS { + CSHORT Year; + CSHORT Month; + CSHORT Day; + CSHORT Hour; + CSHORT Minute; + CSHORT Second; + CSHORT Milliseconds; + CSHORT Weekday; +} TIME_FIELDS, *PTIME_FIELDS; + +void +tp_ptime(PTIME_FIELDS ptm){ + ptm->Year = ptm->Year - 1; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + + +bool isLeapYearRaw(WORD year) +{ + return year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); +} + +void leap_year_checked_raw_false_positive1(WORD year, WORD offset, WORD day){ + struct tm tmp; + + year += offset; + + if (isLeapYearRaw(year)){ + // in this simplified example, assume the logic of this function + // can assume a day is 28 by default + // this check is more to establish the leap year guard is present + day += 1; + } + + // Assume the check handled leap year correctly + tmp.tm_year = year; // GOOD + tmp.tm_mday = day; +} + + +void leap_year_checked_raw_false_positive2(WORD year, WORD offset, WORD day){ + struct tm tmp; + + year += offset; + + tmp.tm_year = year; // GOOD, check performed immediately after on raw year + + // Adding some additional checks to resemble cases observed in the wild + if ( day > 0) + { + if (isLeapYearRaw(year)){ + // Assume logic that would adjust the day correctly + } + } + else{ + if (isLeapYearRaw(year)){ + // Assume logic that would adjust the day correctly + } + } + + tmp.tm_mday = day; + + year += offset; // $ Source + + tmp.tm_year = year; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + +} + + +bool isNotLeapYear(struct tm tm) +{ + return !(tm.tm_year % 4 == 0 && (tm.tm_year % 100 != 0 || tm.tm_year % 400 == 0)); +} + +bool isNotLeapYear2(struct tm tm) +{ + return (tm.tm_year % 4 != 0 || (tm.tm_year % 100 == 0 && tm.tm_year % 400 != 0)); +} + + +void inverted_leap_year_check(WORD year, WORD offset, WORD day){ + struct tm tmp; + + tmp.tm_year = year + offset; + + if (isNotLeapYear(tmp)){ + day = 28; + } + + tmp.tm_year = year + offset; + + if(isNotLeapYear2(tmp)){ + day = 28; + } + + + tmp.tm_year = year + offset; + bool isNotLeapYear = (tmp.tm_year % 4 != 0 || (tmp.tm_year % 100 == 0 && tmp.tm_year % 400 != 0)); + + if(isNotLeapYear){ + day = 28; + } + + tmp.tm_year = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + + +void simplified_leap_year_check1(WORD year, WORD offset){ + struct tm tmp; + + tmp.tm_year = year + offset; // OK + + bool isLeap = (!((tmp.tm_year + 1900) % 4)) && ((tmp.tm_year + 1900) % 100 || !((tmp.tm_year + 1900) % 400)); + if(isLeap){ + // do something + } + + // Modified after check, could be dangerous + tmp.tm_year = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void simplified_leap_year_check2(WORD year, WORD offset){ + struct tm tmp; + + tmp.tm_year = year + offset; // OK + + bool isNotLeap = ((tmp.tm_year + 1900) % 4) || (!((tmp.tm_year + 1900) % 100) && ((tmp.tm_year + 1900) % 400)); + if(isNotLeap){ + // do something + } + + // Modified after check, could be dangerous + tmp.tm_year = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void simplified_leap_year_check3(WORD year, WORD offset){ + SYSTEMTIME tmp; + + tmp.wYear = year + offset; // OK + + bool isLeap = (!(tmp.wYear % 4)) && (tmp.wYear % 100 || !(tmp.wYear% 400)); + if(isLeap){ + // do something + } + + // Modified after check, could be dangerous + tmp.wYear = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void simplified_leap_year_check4(WORD year, WORD offset){ + SYSTEMTIME tmp; + + tmp.wYear = year + offset; // OK + + bool isNotLeap = (tmp.wYear % 4) || (!(tmp.wYear % 100) && (tmp.wYear % 400)); + if(isNotLeap){ + // do something + } + + // Modified after check, could be dangerous + tmp.wYear = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void bad_simplified_leap_year_check1(WORD year, WORD offset){ + struct tm tmp; + + tmp.tm_year = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // incorrect logic, should negate the %4 result + bool isLeap = ((tmp.tm_year + 1900) % 4) && ((tmp.tm_year + 1900) % 100 || !((tmp.tm_year + 1900) % 400)); + if(isLeap){ + // do something + } +} + +void bad_simplified_leap_year_check2(WORD year, WORD offset){ + struct tm tmp; + + tmp.tm_year = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + + // incorrect logic, should not negate the %4 result + bool isNotLeap = (!((tmp.tm_year + 1900) % 4)) || (!((tmp.tm_year + 1900) % 100) && ((tmp.tm_year + 1900) % 400)); + if(isNotLeap){ + // do something + } +} + +void bad_simplified_leap_year_check3(WORD year, WORD offset){ + SYSTEMTIME tmp; + + tmp.wYear = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // incorrect logic, should negate the %4 result + bool isLeap = (tmp.wYear % 4) && (tmp.wYear % 100 || !(tmp.wYear % 400)); + if(isLeap){ + // do something + } +} + +void bad_simplified_leap_year_check4(WORD year, WORD offset){ + SYSTEMTIME tmp; + + tmp.wYear = year + offset; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + + // incorrect logic, should not negate the %4 result + bool isNotLeap = (!(tmp.wYear % 4)) || (!(tmp.wYear % 100) && (tmp.wYear % 400)); + if(isNotLeap){ + // do something + } +} + + +void compound_leap_year_check(WORD year, WORD offset, WORD month, WORD day){ + struct tm tmp; + + tmp.tm_year = year + offset; + + bool isLeap = tmp.tm_year % 4 == 0 && (tmp.tm_year % 100 != 0 || tmp.tm_year % 400 == 0) && (month == 2 && day == 29); + + if(isLeap){ + // do something + } + tmp.tm_mday = day; + tmp.tm_mon = month; +} + +void indirect_time_conversion_check(WORD year, WORD offset){ + SYSTEMTIME tmp; + + tmp.wYear = year + offset; + + FILETIME ft; + + // (out-of-scope) GeneralBug: Unchecked call to SystemTimeToFileTime. this may have failed, but we didn't check the return value! + BOOL res = SystemTimeToFileTime(&tmp, &ft); + + // Assume this check of the result is sufficient as an implicit leap year check. + bool x = (res == 0) ? true : false; +} + +void set_time(WORD year, WORD month, WORD day){ + SYSTEMTIME tmp; + + tmp.wYear = year; //$ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + tmp.wMonth = month; + tmp.wDay = day; +} + +void constant_month_on_year_modification1(WORD year, WORD offset, WORD month){ + SYSTEMTIME tmp; + + if(month++ > 12){ + tmp.wMonth = 1; + tmp.wYear = year + 1;// OK since the year is incremented with a known non-leap year month change + } + + if(month++ > 12){ + + set_time(year+1, 1, 31);// OK since the year is incremented with a known non-leap year month change + } +} + +void constant_month_on_year_modification2(WORD year, WORD offset, WORD month){ + SYSTEMTIME tmp; + + if(month++ > 12){ + tmp.wMonth = 1; + tmp.wYear = year + 1;// OK since the year is incremented with a known non-leap year month change + } + + + if(month++ > 12){ + // some heuristics to detect a false positive here rely on variable names + // which is often consistent in the wild. + // This variant uses the variable names yeartmp and monthtmp + WORD yeartmp; + WORD monthtmp; + yeartmp = year + 1; + monthtmp = 1; + set_time(yeartmp, monthtmp, 31);// OK since the year is incremented with a known non-leap year month change + } +} + +typedef struct parent_struct { + SYSTEMTIME t; +} PARENT_STRUCT; + + + +void nested_time_struct(WORD year, WORD offset){ + PARENT_STRUCT ps; + + ps.t.wYear = year + offset; // OK, checked below + + bool isLeap = isLeapYearRaw(ps.t.wYear); + + if(isLeap){ + // do something + } +} + +void intermediate_time_struct(WORD year, WORD offset){ + SYSTEMTIME tm, tm2; + FILETIME ftTime; + + tm.wYear = year + offset; + + tm2.wYear = tm.wYear; + + + while ( !SystemTimeToFileTime( &tm2, &ftTime ) ) + { + /// handle error + } + +} + +void constant_day_on_year_modification1(WORD year, WORD offset, WORD month){ + SYSTEMTIME tmp; + + if(month++ > 12){ + tmp.wDay = 1; + tmp.wYear = year + 1;// OK since the year is incremented with a known non-leap year day + } + + if(month++ > 12){ + + set_time(year+1, month, 1);// OK since the year is incremented with a known non-leap year day + } + + if(month++ > 12){ + + // BAD, year incremented, month unknown in block, and date is set to 31 + // which is dangerous. + set_time(year+1, month, 31);// $ Source + } +} + +void constant_day_on_year_modification2(WORD year, WORD month){ + SYSTEMTIME tmp; + + // FLASE POSITIVE SOURCE: + // flowing into set_time, the set time does pass a constant day + // but the source here and the source of that constant month don't align + // Current heuristics require the source of the constant day align with the + // source and/or the sink of the year modification. + // We could potentially improve this by checking the paths of both the year and day + // flows, but this may be more complex than is warranted for now. + year = year + 1; // $ SPURIOUS: Source + + if(month++ > 12){ + tmp.wDay = 1; + tmp.wYear = year;// OK since the year is incremented with a known non-leap year day + } + + if(month++ > 12){ + + set_time(year, month, 1);// OK since the year is incremented with a known non-leap year day + } + + year = year + 1; // $ Source + + if(month++ > 12){ + + // BAD, year incremented, month unknown in block, and date is set to 31 + // which is dangerous. + set_time(year, month, 31); + } +} + + +void modification_after_conversion1(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; + + year += 1; // $ MISSING: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +WORD get_civil_year(tm timeinfo){ + return timeinfo.tm_year + 1900; +} + +void modification_after_conversion2(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = get_civil_year(timeinfo); + year += 1; // $ MISSING: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void modification_after_conversion_saved_to_other_time_struct1(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; + + year += 1; // $ MISSING: Source + + SYSTEMTIME s; + // FALSE NEGATIVE: missing this because the conversion happens locally before + // the year adjustment, which seems as though it is part of a conversion itself + s.wYear = year; // $ MISSING: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + + + +void modification_after_conversion_saved_to_other_time_struct2(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = get_civil_year(timeinfo); + + year += 1; // $ Source + + SYSTEMTIME s; + s.wYear = year; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void modification_after_conversion_saved_to_other_time_struct3(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; + + year = year + 1; // $ MISSING: Source + + SYSTEMTIME s; + // FALSE NEGATIVE: missing this because the conversion happens locally before + // the year adjustment, which seems as though it is part of a conversion itself + s.wYear = year; // $ MISSING: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + + +void year_saved_to_variable_then_modified1(tm timeinfo){ + // A modified year is not directly assigned to the year, rather, the year is + // saved to a variable, modified, used, but never assigned back. + WORD year = timeinfo.tm_year; + + // NOTE: should we even try to detect cases like this? + // Our current rationale is that a year in a struct is more dangerous than a year in isolation + // A year in isolation is harder to interpret + year += 1; // MISSING: $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] +} + +void modification_before_conversion1(tm timeinfo){ + timeinfo.tm_year += 1; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; +} + +void modification_before_conversion2(tm timeinfo){ + timeinfo.tm_year += 1; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = get_civil_year(timeinfo); +} + + + +void year_saved_to_variable_then_modified_with_leap_check1(tm timeinfo){ + // A modified year is not directly assigned to the year, rather, the year is + // saved to a variable, modified, used, but never assigned back. + WORD year = timeinfo.tm_year; + + year += 1; + + // performing a check is considered good enough, even if not used correctly + bool b = (year+1900) % 4 == 0 && ((year+1900) % 100 != 0 || (year+1900) % 400 == 0); +} + + +void modification_after_conversion_with_leap_check1(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; + + year += 1; + + // performing a check is considered good enough, even if not used correctly + bool b = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); +} + +void modification_after_conversion_with_leap_check2(tm timeinfo){ + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = get_civil_year(timeinfo); + + year += 1; + + // performing a check is considered good enough, even if not used correctly + bool b = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); +} + +void modification_before_conversion_with_leap_check1(tm timeinfo){ + timeinfo.tm_year += 1; + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = timeinfo.tm_year + 1900; + + // performing a check is considered good enough, even if not used correctly + bool b = year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); +} + +void modification_before_conversion_with_leap_check2(tm timeinfo){ + timeinfo.tm_year += 1; + // convert a tm year into a civil year, then modify after conversion + // This case shows a false negative where the year might be used and it is incorrectly modified, + // and never reassigned to another struct. + WORD year = get_civil_year(timeinfo); + + // performing a check is considered good enough, even if not used correctly + bool b = (year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0); +} + +void odd_leap_year_check1(tm timeinfo){ + timeinfo.tm_year += 1; + + + // Using an odd sytle of checking divisible by 4 presumably as an optimization trick + if(((timeinfo.tm_year+1900) & 3) == 0 && ((timeinfo.tm_year+1900) % 100 != 0 || (timeinfo.tm_year+1900) % 400 == 0)) + { + // do something + } +} + +void odd_leap_year_check2(tm timeinfo){ + timeinfo.tm_year += 1; // $ SPURIOUS: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // Using an odd sytle of checking divisible by 4 presumably as an optimization trick + // but also check unrelated conditions on the year as an optimization to rule out irrelevant years + // for gregorian leap years + if(timeinfo.tm_mon == 2 && ((timeinfo.tm_year+1900) & 3) == 0 && ((timeinfo.tm_year+1900) <= 1582 || (timeinfo.tm_year+1900) % 100 != 0 || (timeinfo.tm_year+1900) % 400 == 0)) + { + // do something + } +} + +void odd_leap_year_check3(tm timeinfo){ + timeinfo.tm_year += 1; // $ SPURIOUS: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // Using an odd sytle of checking divisible by 4 presumably as an optimization trick + // but also check unrelated conditions on the year as an optimization to rule out irrelevant years + // for gregorian leap years + if(timeinfo.tm_mon == 2 && ((timeinfo.tm_year+1900) % 4) == 0 && ((timeinfo.tm_year+1900) <= 1582 || (timeinfo.tm_year+1900) % 100 != 0 || (timeinfo.tm_year+1900) % 400 == 0)) + { + // do something + } +} + +void odd_leap_year_check4(tm timeinfo){ + timeinfo.tm_year += 1; + WORD year = timeinfo.tm_year + 1900; + + if( (year % 4 == 0) && (year % 100 > 0 || (year % 400 == 0))) + { + // do something + } +} + +void odd_leap_year_check5(tm timeinfo){ + timeinfo.tm_year += 1; + WORD year = timeinfo.tm_year + 1900; + + if( (year % 4 > 0) || (year % 100 == 0 && (year % 400 > 0))) + { + // do something + } +} + + +void date_adjusted_through_mkgmtime(tm timeinfo){ + timeinfo.tm_year += 1; // $ SPURIOUS: Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + // Using an odd sytle of checking divisible by 4 presumably as an optimization trick + // but also check unrelated conditions on the year as an optimization to rule out irrelevant years + // for gregorian leap years + if(timeinfo.tm_mon == 2 && ((timeinfo.tm_year+1900) % 4) == 0 && ((timeinfo.tm_year+1900) <= 1582 || (timeinfo.tm_year+1900) % 100 != 0 || (timeinfo.tm_year+1900) % 400 == 0)) + { + // do something + } +} + +bool data_killer(WORD *d){ + (*d) = 1; + return true; +} + +void interproc_data_killer1(tm timeinfo, WORD delta){ + WORD year = delta + 1; + + if(data_killer(&year)){ + timeinfo.tm_year = year; + } +} + + +void leap_year_check_after_normalization(tm timeinfo, WORD delta){ + WORD year = delta + 1; + + if(data_killer(&year)){ + timeinfo.tm_year = year; + } +} + + +void leap_year_check_call_on_conversion1(tm timeinfo){ + timeinfo.tm_year += 1; + isLeapYearRaw(timeinfo.tm_year + 1900); +} + +void leap_year_check_call_on_conversion2(tm timeinfo){ + timeinfo.tm_year += 1; + WORD year = get_civil_year(timeinfo); + isLeapYearRaw(year); +} + +WORD getDaysInMonth(WORD year, WORD month){ + // simplified + if(month == 2){ + return isLeapYearRaw(year) ? 29 : 28; + } + // else assume logic for every other month, + // returning 30 for simplicity + return 30; +} + +WORD get_civil_year_raw(WORD year){ + return year + 1900; +} + +void leap_year_check_call_on_conversion3(tm timeinfo, WORD year, WORD month, WORD delta){ + year += delta; + WORD days = getDaysInMonth(get_civil_year_raw(year), month); + timeinfo.tm_year = year; +} + +void assumed_maketime_conversion1(tm timeinfo) +{ + //the docs of mktime suggest feb29 is handled, and conversion will occur automatically + //no check required. + timeinfo.tm_year += 1; + + mktime(&timeinfo); +} + + +void bad_leap_year_check_logic1(tm timeinfo){ + timeinfo.tm_year += 1; // $ Alert[cpp/leap-year/unchecked-after-arithmetic-year-modification] + + WORD year = get_civil_year(timeinfo); + + // expected logic: + //(year % 4) && ((year % 100) || !(year % 400 ))) + WORD days = (!(year % 4) && (!(year % 100) || (year % 400))) ? 366 : 365; } diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp index abc21aa74d8..07e3520fa81 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp @@ -250,3 +250,8 @@ void* test_strndupa(const char* s, size_t size) { return s2; // BAD } +int* f_rec(int *p) { + int x; + int* px = f_rec(&x); // GOOD + return p; +} diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs index bbd90989617..c93df9ccc4f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs @@ -11,6 +11,10 @@ namespace Semmle.Extraction.CSharp.Entities private Event(Context cx, IEventSymbol init) : base(cx, init) { } + protected override IEventSymbol BodyDeclaringSymbol => Symbol.PartialImplementationPart ?? Symbol; + + public override Microsoft.CodeAnalysis.Location? ReportingLocation => BodyDeclaringSymbol.Locations.BestOrDefault(); + public override void WriteId(EscapingTextWriter trapFile) { trapFile.WriteSubId(ContainingType!); @@ -27,13 +31,13 @@ namespace Semmle.Extraction.CSharp.Entities var type = Type.Create(Context, Symbol.Type); trapFile.events(this, Symbol.GetName(), ContainingType!, type.TypeRef, Create(Context, Symbol.OriginalDefinition)); - var adder = Symbol.AddMethod; - var remover = Symbol.RemoveMethod; + var adder = BodyDeclaringSymbol.AddMethod; + var remover = BodyDeclaringSymbol.RemoveMethod; - if (!(adder is null)) + if (adder is not null) Method.Create(Context, adder); - if (!(remover is null)) + if (remover is not null) Method.Create(Context, remover); PopulateModifiers(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs index 254e7c76956..3e8ab9431be 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs @@ -13,6 +13,10 @@ namespace Semmle.Extraction.CSharp.Entities this.@event = @event; } + public override bool NeedsPopulation => + base.NeedsPopulation && + !Symbol.IsPartialDefinition; // Accessors always have an implementing declaration as well. + /// /// Gets the event symbol associated with accessor `symbol`, or `null` /// if there is no associated symbol. diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs index 0da8de1e5d5..ed8dae3738f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs @@ -160,6 +160,9 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions case SyntaxKind.ThisExpression: return This.CreateExplicit(info); + case SyntaxKind.FieldExpression: + return PropertyFieldAccess.Create(info); + case SyntaxKind.AddressOfExpression: return Unary.Create(info.SetKind(ExprKind.ADDRESS_OF)); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PropertyFieldAccess.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PropertyFieldAccess.cs new file mode 100644 index 00000000000..a9d2afa84c9 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PropertyFieldAccess.cs @@ -0,0 +1,28 @@ +using System.IO; +using Microsoft.CodeAnalysis; +using Microsoft.CodeAnalysis.CSharp.Syntax; +using Semmle.Extraction.Kinds; + +namespace Semmle.Extraction.CSharp.Entities.Expressions +{ + internal class PropertyFieldAccess : Expression + { + private PropertyFieldAccess(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.FIELD_ACCESS)) { } + + public static Expression Create(ExpressionNodeInfo info) => new PropertyFieldAccess(info).TryPopulate(); + + protected override void PopulateExpression(TextWriter trapFile) + { + var symbolInfo = Context.GetSymbolInfo(Syntax); + if (symbolInfo.Symbol is IFieldSymbol field) + { + var target = PropertyField.Create(Context, field); + trapFile.expr_access(this, target); + if (!field.IsStatic) + { + This.CreateImplicit(Context, field.ContainingType, Location, this, -1); + } + } + } + } +} diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs index 9a010aad376..329115f11c7 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs @@ -10,7 +10,7 @@ namespace Semmle.Extraction.CSharp.Entities { internal class Field : CachedSymbol, IExpressionParentEntity { - private Field(Context cx, IFieldSymbol init) + protected Field(Context cx, IFieldSymbol init) : base(cx, init) { type = new Lazy(() => Entities.Type.Create(cx, Symbol.Type)); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PropertyField.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PropertyField.cs new file mode 100644 index 00000000000..9e9b1f41fff --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PropertyField.cs @@ -0,0 +1,53 @@ +using System.IO; +using Microsoft.CodeAnalysis; +using Semmle.Extraction.CSharp.Util; +using Semmle.Extraction.Kinds; + +namespace Semmle.Extraction.CSharp.Entities +{ + /// + /// Represents the autogenerated backing field `field` for a property. + /// It is only created for properties that use the `field` keyword in their getter or setter, and + /// is not created for auto-properties. + /// + internal class PropertyField : Field + { + protected PropertyField(Context cx, IFieldSymbol init) + : base(cx, init) + { + } + + public static new PropertyField Create(Context cx, IFieldSymbol field) => PropertyFieldFactory.Instance.CreateEntity(cx, (field, field.AssociatedSymbol), field); + + public override bool NeedsPopulation => true; + + public override void Populate(TextWriter trapFile) + { + PopulateNullability(trapFile, Symbol.GetAnnotatedType()); + + var unboundFieldKey = PropertyField.Create(Context, Symbol.OriginalDefinition); + var name = Symbol.AssociatedSymbol is not null ? $"{Symbol.AssociatedSymbol.GetName()}.field" : Symbol.Name; + trapFile.fields(this, VariableKind.None, name, ContainingType!, Type.TypeRef, unboundFieldKey); + trapFile.compiler_generated(this); + + PopulateModifiers(trapFile); + + if (Context.OnlyScaffold) + { + return; + } + + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.field_location, this, Locations); + } + } + + private class PropertyFieldFactory : CachedEntityFactory + { + public static PropertyFieldFactory Instance { get; } = new PropertyFieldFactory(); + + public override PropertyField Create(Context cx, IFieldSymbol init) => new PropertyField(cx, init); + } + } +} diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 68238efa110..df4169a1174 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.59 + +No user-facing changes. + ## 1.7.58 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.59.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.59.md new file mode 100644 index 00000000000..7f6b5bd0256 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.59.md @@ -0,0 +1,3 @@ +## 1.7.59 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 422196097f2..45a32aec800 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.58 +lastReleaseVersion: 1.7.59 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index bc1e19c5d11..2bf13d256c9 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.59-dev +version: 1.7.60-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 68238efa110..df4169a1174 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.59 + +No user-facing changes. + ## 1.7.58 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.59.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.59.md new file mode 100644 index 00000000000..7f6b5bd0256 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.59.md @@ -0,0 +1,3 @@ +## 1.7.59 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 422196097f2..45a32aec800 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.58 +lastReleaseVersion: 1.7.59 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 87016f799ea..780301f353c 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.59-dev +version: 1.7.60-dev groups: - csharp - solorigate diff --git a/csharp/ql/integration-tests/posix/conftest.py b/csharp/ql/integration-tests/posix/conftest.py new file mode 100644 index 00000000000..543bc046c98 --- /dev/null +++ b/csharp/ql/integration-tests/posix/conftest.py @@ -0,0 +1,19 @@ +import runs_on + + +def _supports_mono_nuget(): + """ + Helper function to determine if the current platform supports Mono and nuget. + + Returns True if running on Linux or on macOS x86_64 (excluding macos-15 and macos-26). + macOS ARM runners (macos-15 and macos-26) are excluded due to issues with Mono and nuget. + """ + return ( + runs_on.linux + or ( + runs_on.macos + and runs_on.x86_64 + and not runs_on.macos_15 + and not runs_on.macos_26 + ) + ) diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py index d1c1745d69b..725ded1899c 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py @@ -1,13 +1,9 @@ -import runs_on import pytest import os +from ..conftest import _supports_mono_nuget -# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if( - runs_on.linux - or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) -) +@pytest.mark.only_if(_supports_mono_nuget()) def test(codeql, csharp): os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = ( "/non-existent-path" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py index 6d2058c684c..662178aa3c0 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py @@ -1,13 +1,9 @@ import os -import runs_on import pytest +from ..conftest import _supports_mono_nuget -# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if( - runs_on.linux - or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) -) +@pytest.mark.only_if(_supports_mono_nuget()) def test(codeql, csharp): # making sure we're not doing any fallback restore: os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py index 7f88196097f..d8e8c8055ad 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py @@ -1,11 +1,7 @@ -import runs_on import pytest +from ..conftest import _supports_mono_nuget -# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if( - runs_on.linux - or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) -) +@pytest.mark.only_if(_supports_mono_nuget()) def test(codeql, csharp): codeql.database.create(build_mode="none") diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py index 185fb5201f9..ccd8f61a384 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py @@ -1,11 +1,7 @@ -import runs_on import pytest +from ..conftest import _supports_mono_nuget -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if( - runs_on.linux - or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) -) +@pytest.mark.only_if(_supports_mono_nuget()) def test(codeql, csharp): codeql.database.create(source_root="proj", build_mode="none") diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 2910824c1b7..21b19c8a09a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 5.4.7 + +### Minor Analysis Improvements + +* The model for `System.Web.HttpUtility` has been modified to better model the flow of tainted URIs. +* C# 14: Added support for `extension` members in the extractor, QL library, data flow, and Models as Data, covering extension methods, properties, and operators. + ## 5.4.6 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2026-02-09-update-system.web.httputility-model.md b/csharp/ql/lib/change-notes/2026-02-09-update-system.web.httputility-model.md deleted file mode 100644 index 750761fdf37..00000000000 --- a/csharp/ql/lib/change-notes/2026-02-09-update-system.web.httputility-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The model for `System.Web.HttpUtility` has been modified to better model the flow of tainted URIs. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2026-02-12-field-keyword.md b/csharp/ql/lib/change-notes/2026-02-12-field-keyword.md new file mode 100644 index 00000000000..7ca6548b27f --- /dev/null +++ b/csharp/ql/lib/change-notes/2026-02-12-field-keyword.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* C# 14: Added support for the `field` keyword in properties. diff --git a/csharp/ql/lib/change-notes/2026-02-16-partial-events.md b/csharp/ql/lib/change-notes/2026-02-16-partial-events.md new file mode 100644 index 00000000000..3bbc1ae829a --- /dev/null +++ b/csharp/ql/lib/change-notes/2026-02-16-partial-events.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* C# 14: Added support for partial events. diff --git a/csharp/ql/lib/change-notes/2026-02-05-extension-types.md b/csharp/ql/lib/change-notes/released/5.4.7.md similarity index 53% rename from csharp/ql/lib/change-notes/2026-02-05-extension-types.md rename to csharp/ql/lib/change-notes/released/5.4.7.md index c3f1a21a5ed..b7d268470a2 100644 --- a/csharp/ql/lib/change-notes/2026-02-05-extension-types.md +++ b/csharp/ql/lib/change-notes/released/5.4.7.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 5.4.7 + +### Minor Analysis Improvements + +* The model for `System.Web.HttpUtility` has been modified to better model the flow of tainted URIs. * C# 14: Added support for `extension` members in the extractor, QL library, data flow, and Models as Data, covering extension methods, properties, and operators. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 2f1d6ff78a8..4db516ab415 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.4.6 +lastReleaseVersion: 5.4.7 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 31fb2ca6618..30f75e74304 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.7-dev +version: 5.4.8-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index d532951fadc..8f2e918ca55 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.6.2 + +### Bug Fixes + +* The `cs/web/missing-token-validation` ("Missing cross-site request forgery token validation") query now recognizes antiforgery attributes on base controller classes, fixing false positives when `[ValidateAntiForgeryToken]` or `[AutoValidateAntiforgeryToken]` is applied to a parent class. + ## 1.6.1 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2026-02-04-csrf-inherited-attribute.md b/csharp/ql/src/change-notes/released/1.6.2.md similarity index 92% rename from csharp/ql/src/change-notes/2026-02-04-csrf-inherited-attribute.md rename to csharp/ql/src/change-notes/released/1.6.2.md index 7c9875fcdfd..696f2d0d859 100644 --- a/csharp/ql/src/change-notes/2026-02-04-csrf-inherited-attribute.md +++ b/csharp/ql/src/change-notes/released/1.6.2.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 1.6.2 + +### Bug Fixes + * The `cs/web/missing-token-validation` ("Missing cross-site request forgery token validation") query now recognizes antiforgery attributes on base controller classes, fixing false positives when `[ValidateAntiForgeryToken]` or `[AutoValidateAntiforgeryToken]` is applied to a parent class. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index ef7a789e0cf..5f5beb68311 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.1 +lastReleaseVersion: 1.6.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 492445c2374..d43afd632c1 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.6.2-dev +version: 1.6.3-dev groups: - csharp - queries diff --git a/csharp/ql/test/library-tests/dataflow/fields/D.cs b/csharp/ql/test/library-tests/dataflow/fields/D.cs index 7f07cf5ca0b..45dfbffc801 100644 --- a/csharp/ql/test/library-tests/dataflow/fields/D.cs +++ b/csharp/ql/test/library-tests/dataflow/fields/D.cs @@ -89,3 +89,65 @@ public partial class DPartial static T Source(object source) => throw null; } + +public class DFieldProps +{ + object FieldProp0 + { + get { return field; } + set { field = value; } + } = Source(0); + + object FieldProp1 + { + get { return field; } + set { field = value; } + } + + object FieldProp2 + { + get { return field; } + set + { + var x = value; + field = x; + } + } + + static object StaticFieldProp + { + get { return field; } + set { field = value; } + } + + private void M() + { + var d0 = new DFieldProps(); + Sink(d0.FieldProp0); // $ hasValueFlow=0 + Sink(d0.FieldProp1); // no flow + Sink(d0.FieldProp2); // no flow + + var d1 = new DFieldProps(); + var o1 = Source(1); + d1.FieldProp1 = o1; + Sink(d1.FieldProp0); // $ hasValueFlow=0 + Sink(d1.FieldProp1); // $ hasValueFlow=1 + Sink(d1.FieldProp2); // no flow + + var d2 = new DFieldProps(); + var o2 = Source(2); + d2.FieldProp2 = o2; + Sink(d2.FieldProp0); // $ hasValueFlow=0 + Sink(d2.FieldProp1); // no flow + Sink(d2.FieldProp2); // $ hasValueFlow=2 + + var o3 = Source(3); + DFieldProps.StaticFieldProp = o3; + Sink(DFieldProps.StaticFieldProp); // $ hasValueFlow=3 + } + + public static void Sink(object o) { } + + static T Source(object source) => throw null; + +} diff --git a/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected b/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected index 4e469e11887..44789d1f847 100644 --- a/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected @@ -532,6 +532,118 @@ edges | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | provenance | | | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:84:14:84:27 | access to property PartialProp1 | provenance | | | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:84:14:84:27 | access to property PartialProp1 | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | provenance | | +| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | provenance | | +| D.cs:98:9:98:11 | value : Object | D.cs:98:23:98:27 | access to parameter value : Object | provenance | | +| D.cs:98:9:98:11 | value : Object | D.cs:98:23:98:27 | access to parameter value : Object | provenance | | +| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:98:23:98:27 | access to parameter value : Object | D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:98:23:98:27 | access to parameter value : Object | D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:98:9:98:11 | value : Object | provenance | | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:98:9:98:11 | value : Object | provenance | | +| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | provenance | | +| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | provenance | | +| D.cs:104:9:104:11 | value : Object | D.cs:104:23:104:27 | access to parameter value : Object | provenance | | +| D.cs:104:9:104:11 | value : Object | D.cs:104:23:104:27 | access to parameter value : Object | provenance | | +| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:104:23:104:27 | access to parameter value : Object | D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:104:23:104:27 | access to parameter value : Object | D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | provenance | | +| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | provenance | | +| D.cs:110:9:110:11 | value : Object | D.cs:112:17:112:17 | access to local variable x : Object | provenance | | +| D.cs:110:9:110:11 | value : Object | D.cs:112:17:112:17 | access to local variable x : Object | provenance | | +| D.cs:112:17:112:17 | access to local variable x : Object | D.cs:113:21:113:21 | access to local variable x : Object | provenance | | +| D.cs:112:17:112:17 | access to local variable x : Object | D.cs:113:21:113:21 | access to local variable x : Object | provenance | | +| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:113:21:113:21 | access to local variable x : Object | D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:113:21:113:21 | access to local variable x : Object | D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | | +| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | | +| D.cs:120:9:120:11 | value : Object | D.cs:120:23:120:27 | access to parameter value : Object | provenance | | +| D.cs:120:9:120:11 | value : Object | D.cs:120:23:120:27 | access to parameter value : Object | provenance | | +| D.cs:120:23:120:27 | access to parameter value : Object | D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | provenance | | +| D.cs:120:23:120:27 | access to parameter value : Object | D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | provenance | | +| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:26 | access to property FieldProp0 | provenance | | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:26 | access to property FieldProp0 | provenance | | +| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:131:13:131:14 | access to local variable o1 : Object | D.cs:132:25:132:26 | access to local variable o1 : Object | provenance | | +| D.cs:131:13:131:14 | access to local variable o1 : Object | D.cs:132:25:132:26 | access to local variable o1 : Object | provenance | | +| D.cs:131:18:131:34 | call to method Source : Object | D.cs:131:13:131:14 | access to local variable o1 : Object | provenance | | +| D.cs:131:18:131:34 | call to method Source : Object | D.cs:131:13:131:14 | access to local variable o1 : Object | provenance | | +| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | provenance | | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | provenance | | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:26 | access to property FieldProp0 | provenance | | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:26 | access to property FieldProp0 | provenance | | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | provenance | | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:26 | access to property FieldProp1 | provenance | | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:26 | access to property FieldProp1 | provenance | | +| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:138:13:138:14 | access to local variable o2 : Object | D.cs:139:25:139:26 | access to local variable o2 : Object | provenance | | +| D.cs:138:13:138:14 | access to local variable o2 : Object | D.cs:139:25:139:26 | access to local variable o2 : Object | provenance | | +| D.cs:138:18:138:34 | call to method Source : Object | D.cs:138:13:138:14 | access to local variable o2 : Object | provenance | | +| D.cs:138:18:138:34 | call to method Source : Object | D.cs:138:13:138:14 | access to local variable o2 : Object | provenance | | +| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | provenance | | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | provenance | | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:26 | access to property FieldProp0 | provenance | | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:26 | access to property FieldProp0 | provenance | | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | provenance | | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:26 | access to property FieldProp2 | provenance | | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:26 | access to property FieldProp2 | provenance | | +| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:9:145:35 | access to property StaticFieldProp : Object | provenance | | +| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:9:145:35 | access to property StaticFieldProp : Object | provenance | | +| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:39:145:40 | access to local variable o3 : Object | provenance | | +| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:39:145:40 | access to local variable o3 : Object | provenance | | +| D.cs:144:18:144:34 | call to method Source : Object | D.cs:144:13:144:14 | access to local variable o3 : Object | provenance | | +| D.cs:144:18:144:34 | call to method Source : Object | D.cs:144:13:144:14 | access to local variable o3 : Object | provenance | | +| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | | +| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | | +| D.cs:145:39:145:40 | access to local variable o3 : Object | D.cs:120:9:120:11 | value : Object | provenance | | +| D.cs:145:39:145:40 | access to local variable o3 : Object | D.cs:120:9:120:11 | value : Object | provenance | | | E.cs:8:29:8:29 | o : Object | E.cs:11:21:11:21 | access to parameter o : Object | provenance | | | E.cs:8:29:8:29 | o : Object | E.cs:11:21:11:21 | access to parameter o : Object | provenance | | | E.cs:11:9:11:11 | [post] access to local variable ret : S [field Field] : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | provenance | | @@ -1807,6 +1919,120 @@ nodes | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | semmle.label | access to local variable d : DPartial [field _backingField] : Object | | D.cs:84:14:84:27 | access to property PartialProp1 | semmle.label | access to property PartialProp1 | | D.cs:84:14:84:27 | access to property PartialProp1 | semmle.label | access to property PartialProp1 | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | semmle.label | this : DFieldProps [field FieldProp0.field] : Object | +| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | semmle.label | this : DFieldProps [field FieldProp0.field] : Object | +| D.cs:97:22:97:26 | access to field FieldProp0.field : Object | semmle.label | access to field FieldProp0.field : Object | +| D.cs:97:22:97:26 | access to field FieldProp0.field : Object | semmle.label | access to field FieldProp0.field : Object | +| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp0.field] : Object | +| D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp0.field] : Object | +| D.cs:98:9:98:11 | value : Object | semmle.label | value : Object | +| D.cs:98:9:98:11 | value : Object | semmle.label | value : Object | +| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:98:23:98:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:98:23:98:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:99:9:99:25 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:99:9:99:25 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | semmle.label | this : DFieldProps [field FieldProp1.field] : Object | +| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | semmle.label | this : DFieldProps [field FieldProp1.field] : Object | +| D.cs:103:22:103:26 | access to field FieldProp1.field : Object | semmle.label | access to field FieldProp1.field : Object | +| D.cs:103:22:103:26 | access to field FieldProp1.field : Object | semmle.label | access to field FieldProp1.field : Object | +| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | this access : DFieldProps [field FieldProp1.field] : Object | +| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | this access : DFieldProps [field FieldProp1.field] : Object | +| D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp1.field] : Object | +| D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp1.field] : Object | +| D.cs:104:9:104:11 | value : Object | semmle.label | value : Object | +| D.cs:104:9:104:11 | value : Object | semmle.label | value : Object | +| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp1.field] : Object | +| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp1.field] : Object | +| D.cs:104:23:104:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:104:23:104:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | semmle.label | this : DFieldProps [field FieldProp2.field] : Object | +| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | semmle.label | this : DFieldProps [field FieldProp2.field] : Object | +| D.cs:109:22:109:26 | access to field FieldProp2.field : Object | semmle.label | access to field FieldProp2.field : Object | +| D.cs:109:22:109:26 | access to field FieldProp2.field : Object | semmle.label | access to field FieldProp2.field : Object | +| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | this access : DFieldProps [field FieldProp2.field] : Object | +| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | this access : DFieldProps [field FieldProp2.field] : Object | +| D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp2.field] : Object | +| D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp2.field] : Object | +| D.cs:110:9:110:11 | value : Object | semmle.label | value : Object | +| D.cs:110:9:110:11 | value : Object | semmle.label | value : Object | +| D.cs:112:17:112:17 | access to local variable x : Object | semmle.label | access to local variable x : Object | +| D.cs:112:17:112:17 | access to local variable x : Object | semmle.label | access to local variable x : Object | +| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp2.field] : Object | +| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp2.field] : Object | +| D.cs:113:21:113:21 | access to local variable x : Object | semmle.label | access to local variable x : Object | +| D.cs:113:21:113:21 | access to local variable x : Object | semmle.label | access to local variable x : Object | +| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | semmle.label | access to field StaticFieldProp.field : Object | +| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | semmle.label | access to field StaticFieldProp.field : Object | +| D.cs:120:9:120:11 | value : Object | semmle.label | value : Object | +| D.cs:120:9:120:11 | value : Object | semmle.label | value : Object | +| D.cs:120:23:120:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:120:23:120:27 | access to parameter value : Object | semmle.label | access to parameter value : Object | +| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:126:14:126:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:126:14:126:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:131:13:131:14 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object | +| D.cs:131:13:131:14 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object | +| D.cs:131:18:131:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:131:18:131:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:132:25:132:26 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object | +| D.cs:132:25:132:26 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:133:14:133:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:133:14:133:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:134:14:134:26 | access to property FieldProp1 | semmle.label | access to property FieldProp1 | +| D.cs:134:14:134:26 | access to property FieldProp1 | semmle.label | access to property FieldProp1 | +| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | +| D.cs:138:13:138:14 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object | +| D.cs:138:13:138:14 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object | +| D.cs:138:18:138:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:138:18:138:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:139:25:139:26 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object | +| D.cs:139:25:139:26 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | +| D.cs:140:14:140:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:140:14:140:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:142:14:142:26 | access to property FieldProp2 | semmle.label | access to property FieldProp2 | +| D.cs:142:14:142:26 | access to property FieldProp2 | semmle.label | access to property FieldProp2 | +| D.cs:144:13:144:14 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object | +| D.cs:144:13:144:14 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object | +| D.cs:144:18:144:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:144:18:144:34 | call to method Source : Object | semmle.label | call to method Source : Object | +| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | semmle.label | access to property StaticFieldProp : Object | +| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | semmle.label | access to property StaticFieldProp : Object | +| D.cs:145:39:145:40 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object | +| D.cs:145:39:145:40 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object | +| D.cs:146:14:146:40 | access to property StaticFieldProp | semmle.label | access to property StaticFieldProp | +| D.cs:146:14:146:40 | access to property StaticFieldProp | semmle.label | access to property StaticFieldProp | | E.cs:8:29:8:29 | o : Object | semmle.label | o : Object | | E.cs:8:29:8:29 | o : Object | semmle.label | o : Object | | E.cs:11:9:11:11 | [post] access to local variable ret : S [field Field] : Object | semmle.label | [post] access to local variable ret : S [field Field] : Object | @@ -2648,6 +2874,22 @@ subpaths | D.cs:81:26:81:26 | access to local variable o : Object | D.cs:61:9:61:11 | value : Object | D.cs:61:9:61:11 | this [Return] : DPartial [field _backingField] : Object | D.cs:81:9:81:9 | [post] access to local variable d : DPartial [field _backingField] : Object | | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | D.cs:60:22:60:34 | access to field _backingField : Object | D.cs:84:14:84:27 | access to property PartialProp1 | | D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | D.cs:60:22:60:34 | access to field _backingField : Object | D.cs:84:14:84:27 | access to property PartialProp1 | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:98:9:98:11 | value : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:99:9:99:25 | call to method Source : Object | D.cs:98:9:98:11 | value : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:126:14:126:26 | access to property FieldProp0 | +| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:126:14:126:26 | access to property FieldProp0 | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:133:14:133:26 | access to property FieldProp0 | +| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:133:14:133:26 | access to property FieldProp0 | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | D.cs:134:14:134:26 | access to property FieldProp1 | +| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | D.cs:134:14:134:26 | access to property FieldProp1 | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:140:14:140:26 | access to property FieldProp0 | +| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:140:14:140:26 | access to property FieldProp0 | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | D.cs:142:14:142:26 | access to property FieldProp2 | +| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | D.cs:142:14:142:26 | access to property FieldProp2 | | E.cs:23:25:23:25 | access to local variable o : Object | E.cs:8:29:8:29 | o : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | E.cs:23:17:23:26 | call to method CreateS : S [field Field] : Object | | E.cs:23:25:23:25 | access to local variable o : Object | E.cs:8:29:8:29 | o : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | E.cs:23:17:23:26 | call to method CreateS : S [field Field] : Object | | E.cs:55:29:55:33 | access to local variable taint : Object | E.cs:43:46:43:46 | o : Object | E.cs:43:36:43:36 | s [Return] : RefS [field RefField] : Object | E.cs:55:23:55:26 | [post] access to local variable refs : RefS [field RefField] : Object | @@ -2758,6 +3000,18 @@ testFailures | D.cs:47:14:47:26 | access to property ComplexProp | D.cs:43:32:43:48 | call to method Source : Object | D.cs:47:14:47:26 | access to property ComplexProp | $@ | D.cs:43:32:43:48 | call to method Source : Object | call to method Source : Object | | D.cs:84:14:84:27 | access to property PartialProp1 | D.cs:78:17:78:33 | call to method Source : Object | D.cs:84:14:84:27 | access to property PartialProp1 | $@ | D.cs:78:17:78:33 | call to method Source : Object | call to method Source : Object | | D.cs:84:14:84:27 | access to property PartialProp1 | D.cs:78:17:78:33 | call to method Source : Object | D.cs:84:14:84:27 | access to property PartialProp1 | $@ | D.cs:78:17:78:33 | call to method Source : Object | call to method Source : Object | +| D.cs:126:14:126:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:126:14:126:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:126:14:126:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:126:14:126:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:133:14:133:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:133:14:133:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:133:14:133:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:133:14:133:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:134:14:134:26 | access to property FieldProp1 | D.cs:131:18:131:34 | call to method Source : Object | D.cs:134:14:134:26 | access to property FieldProp1 | $@ | D.cs:131:18:131:34 | call to method Source : Object | call to method Source : Object | +| D.cs:134:14:134:26 | access to property FieldProp1 | D.cs:131:18:131:34 | call to method Source : Object | D.cs:134:14:134:26 | access to property FieldProp1 | $@ | D.cs:131:18:131:34 | call to method Source : Object | call to method Source : Object | +| D.cs:140:14:140:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:140:14:140:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:140:14:140:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source : Object | D.cs:140:14:140:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source : Object | call to method Source : Object | +| D.cs:142:14:142:26 | access to property FieldProp2 | D.cs:138:18:138:34 | call to method Source : Object | D.cs:142:14:142:26 | access to property FieldProp2 | $@ | D.cs:138:18:138:34 | call to method Source : Object | call to method Source : Object | +| D.cs:142:14:142:26 | access to property FieldProp2 | D.cs:138:18:138:34 | call to method Source : Object | D.cs:142:14:142:26 | access to property FieldProp2 | $@ | D.cs:138:18:138:34 | call to method Source : Object | call to method Source : Object | +| D.cs:146:14:146:40 | access to property StaticFieldProp | D.cs:144:18:144:34 | call to method Source : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | $@ | D.cs:144:18:144:34 | call to method Source : Object | call to method Source : Object | +| D.cs:146:14:146:40 | access to property StaticFieldProp | D.cs:144:18:144:34 | call to method Source : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | $@ | D.cs:144:18:144:34 | call to method Source : Object | call to method Source : Object | | E.cs:24:14:24:20 | access to field Field | E.cs:22:17:22:33 | call to method Source : Object | E.cs:24:14:24:20 | access to field Field | $@ | E.cs:22:17:22:33 | call to method Source : Object | call to method Source : Object | | E.cs:24:14:24:20 | access to field Field | E.cs:22:17:22:33 | call to method Source : Object | E.cs:24:14:24:20 | access to field Field | $@ | E.cs:22:17:22:33 | call to method Source : Object | call to method Source : Object | | E.cs:57:14:57:26 | access to field RefField | E.cs:54:21:54:37 | call to method Source : Object | E.cs:57:14:57:26 | access to field RefField | $@ | E.cs:54:21:54:37 | call to method Source : Object | call to method Source : Object | diff --git a/csharp/ql/test/library-tests/dispatch/CallGraph.expected b/csharp/ql/test/library-tests/dispatch/CallGraph.expected index 4eed880f0a3..2feb959dd86 100644 --- a/csharp/ql/test/library-tests/dispatch/CallGraph.expected +++ b/csharp/ql/test/library-tests/dispatch/CallGraph.expected @@ -270,7 +270,9 @@ | ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:637:21:637:21 | M | | ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:646:21:646:21 | M | | ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:648:21:648:21 | M | -| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:702:42:702:44 | get_Property | -| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:702:63:702:65 | set_Property | -| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:704:49:704:51 | get_Item | -| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:704:70:704:72 | set_Item | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:703:42:703:44 | get_Property | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:703:63:703:65 | set_Property | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:705:49:705:51 | get_Item | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:705:70:705:72 | set_Item | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:706:51:706:53 | add_Event | +| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:706:59:706:64 | remove_Event | diff --git a/csharp/ql/test/library-tests/dispatch/GetADynamicTarget.expected b/csharp/ql/test/library-tests/dispatch/GetADynamicTarget.expected index b38eed691b9..5d6b4be4f87 100644 --- a/csharp/ql/test/library-tests/dispatch/GetADynamicTarget.expected +++ b/csharp/ql/test/library-tests/dispatch/GetADynamicTarget.expected @@ -518,7 +518,9 @@ | ViableCallable.cs:683:9:683:16 | call to method M | C22+TestOverloadResolution2.M(Int32[]) | | ViableCallable.cs:687:9:687:16 | call to method M | C22+TestOverloadResolution1.M(List) | | ViableCallable.cs:687:9:687:16 | call to method M | C22+TestOverloadResolution2.M(List) | -| ViableCallable.cs:712:9:712:18 | access to property Property | C23+Partial1.set_Property(object) | -| ViableCallable.cs:715:13:715:22 | access to property Property | C23+Partial1.get_Property() | -| ViableCallable.cs:718:9:718:12 | access to indexer | C23+Partial1.set_Item(int, object) | -| ViableCallable.cs:721:13:721:16 | access to indexer | C23+Partial1.get_Item(int) | +| ViableCallable.cs:714:9:714:18 | access to property Property | C23+Partial1.set_Property(object) | +| ViableCallable.cs:717:13:717:22 | access to property Property | C23+Partial1.get_Property() | +| ViableCallable.cs:720:9:720:12 | access to indexer | C23+Partial1.set_Item(int, object) | +| ViableCallable.cs:723:13:723:16 | access to indexer | C23+Partial1.get_Item(int) | +| ViableCallable.cs:726:9:726:15 | access to event Event | C23+Partial1.add_Event(EventHandler) | +| ViableCallable.cs:729:9:729:15 | access to event Event | C23+Partial1.remove_Event(EventHandler) | diff --git a/csharp/ql/test/library-tests/dispatch/ViableCallable.cs b/csharp/ql/test/library-tests/dispatch/ViableCallable.cs index 99b4ec54a99..e904eb01a86 100644 --- a/csharp/ql/test/library-tests/dispatch/ViableCallable.cs +++ b/csharp/ql/test/library-tests/dispatch/ViableCallable.cs @@ -695,6 +695,7 @@ public class C23 public partial object Property { get; set; } public partial object this[int index] { get; set; } + public partial event EventHandler Event; } public partial class Partial1 @@ -702,6 +703,7 @@ public class C23 public partial object Property { get { return null; } set { } } public partial object this[int index] { get { return null; } set { } } + public partial event EventHandler Event { add { } remove { } } } public void Run1(Partial1 p) @@ -719,5 +721,11 @@ public class C23 // Viable callable: Partial1.get_Item(int) o = p[0]; + + // Viable callable: Partial1.add_Event + p.Event += (sender, e) => { }; + + // Viable callable: Partial1.remove_Event + p.Event -= (sender, e) => { }; } } diff --git a/csharp/ql/test/library-tests/partial/MethodIsPartial.expected b/csharp/ql/test/library-tests/partial/MethodIsPartial.expected index 4c0e905d8c5..a0f1f88fb98 100644 --- a/csharp/ql/test/library-tests/partial/MethodIsPartial.expected +++ b/csharp/ql/test/library-tests/partial/MethodIsPartial.expected @@ -1,7 +1,7 @@ -| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | true | -| Partial.cs:5:17:5:23 | Method2 | false | -| Partial.cs:14:18:14:39 | PartialMethodWithBody1 | true | -| Partial.cs:15:17:15:23 | Method3 | false | -| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | true | -| Partial.cs:35:17:35:23 | Method4 | false | -| Partial.cs:40:17:40:23 | Method5 | false | +| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | true | +| Partial.cs:7:17:7:23 | Method2 | false | +| Partial.cs:18:18:18:39 | PartialMethodWithBody1 | true | +| Partial.cs:19:17:19:23 | Method3 | false | +| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | true | +| Partial.cs:42:17:42:23 | Method4 | false | +| Partial.cs:47:17:47:23 | Method5 | false | diff --git a/csharp/ql/test/library-tests/partial/Partial.cs b/csharp/ql/test/library-tests/partial/Partial.cs index 5a3e4af2e8c..8dd757fcd24 100644 --- a/csharp/ql/test/library-tests/partial/Partial.cs +++ b/csharp/ql/test/library-tests/partial/Partial.cs @@ -1,3 +1,5 @@ +using System; + partial class TwoPartClass { partial void PartialMethodWithBody1(); @@ -7,6 +9,8 @@ partial class TwoPartClass public partial object PartialProperty1 { get; set; } // Declaring declaration. public partial object this[int index] { get; set; } + // Declaring declaration. + public partial event EventHandler PartialEvent1; } partial class TwoPartClass @@ -27,6 +31,9 @@ partial class TwoPartClass get { return _backingArray[index]; } set { _backingArray[index] = value; } } + + // Implementation declaration. + public partial event EventHandler PartialEvent1 { add { } remove { } } } partial class OnePartPartialClass @@ -44,4 +51,5 @@ class NonPartialClass get { return null; } set { } } + public event EventHandler Event; } diff --git a/csharp/ql/test/library-tests/partial/Partial1.expected b/csharp/ql/test/library-tests/partial/Partial1.expected index 55dcaabcea7..fe8f5658f48 100644 --- a/csharp/ql/test/library-tests/partial/Partial1.expected +++ b/csharp/ql/test/library-tests/partial/Partial1.expected @@ -1,14 +1,17 @@ -| Partial.cs:1:15:1:26 | TwoPartClass | -| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | -| Partial.cs:12:15:12:26 | TwoPartClass | -| Partial.cs:14:18:14:39 | PartialMethodWithBody1 | -| Partial.cs:18:27:18:42 | PartialProperty1 | -| Partial.cs:20:9:20:11 | get_PartialProperty1 | -| Partial.cs:21:9:21:11 | set_PartialProperty1 | -| Partial.cs:25:27:25:30 | Item | -| Partial.cs:27:9:27:11 | get_Item | -| Partial.cs:28:9:28:11 | set_Item | -| Partial.cs:32:15:32:33 | OnePartPartialClass | -| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | +| Partial.cs:3:15:3:26 | TwoPartClass | +| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | +| Partial.cs:16:15:16:26 | TwoPartClass | +| Partial.cs:18:18:18:39 | PartialMethodWithBody1 | +| Partial.cs:22:27:22:42 | PartialProperty1 | +| Partial.cs:24:9:24:11 | get_PartialProperty1 | +| Partial.cs:25:9:25:11 | set_PartialProperty1 | +| Partial.cs:29:27:29:30 | Item | +| Partial.cs:31:9:31:11 | get_Item | +| Partial.cs:32:9:32:11 | set_Item | +| Partial.cs:36:39:36:51 | PartialEvent1 | +| Partial.cs:36:55:36:57 | add_PartialEvent1 | +| Partial.cs:36:63:36:68 | remove_PartialEvent1 | +| Partial.cs:39:15:39:33 | OnePartPartialClass | +| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | | PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | | PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles | diff --git a/csharp/ql/test/library-tests/partial/Partial2.expected b/csharp/ql/test/library-tests/partial/Partial2.expected index 87194dd3f9e..8d608c26011 100644 --- a/csharp/ql/test/library-tests/partial/Partial2.expected +++ b/csharp/ql/test/library-tests/partial/Partial2.expected @@ -1,15 +1,15 @@ -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | | -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:5:17:5:23 | Method2 | -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:14:18:14:39 | PartialMethodWithBody1 | -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:15:17:15:23 | Method3 | -| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:1:15:1:26 | | -| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | -| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:5:17:5:23 | Method2 | -| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:14:18:14:39 | PartialMethodWithBody1 | -| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:15:17:15:23 | Method3 | -| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | | -| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | -| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:35:17:35:23 | Method4 | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:3:15:3:26 | | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:7:17:7:23 | Method2 | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:18:18:18:39 | PartialMethodWithBody1 | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:19:17:19:23 | Method3 | +| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:3:15:3:26 | | +| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | +| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:7:17:7:23 | Method2 | +| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:18:18:18:39 | PartialMethodWithBody1 | +| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:19:17:19:23 | Method3 | +| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:39:15:39:33 | | +| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | +| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:42:17:42:23 | Method4 | | PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | | | PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | | diff --git a/csharp/ql/test/library-tests/partial/PartialAccessors.expected b/csharp/ql/test/library-tests/partial/PartialAccessors.expected index 2c69ed620ae..a9d70645420 100644 --- a/csharp/ql/test/library-tests/partial/PartialAccessors.expected +++ b/csharp/ql/test/library-tests/partial/PartialAccessors.expected @@ -1,8 +1,12 @@ -| Partial.cs:20:9:20:11 | get_PartialProperty1 | true | -| Partial.cs:21:9:21:11 | set_PartialProperty1 | true | -| Partial.cs:27:9:27:11 | get_Item | true | -| Partial.cs:28:9:28:11 | set_Item | true | -| Partial.cs:41:30:41:32 | get_Property | false | -| Partial.cs:41:35:41:37 | set_Property | false | -| Partial.cs:44:9:44:11 | get_Item | false | -| Partial.cs:45:9:45:11 | set_Item | false | +| Partial.cs:24:9:24:11 | get_PartialProperty1 | true | +| Partial.cs:25:9:25:11 | set_PartialProperty1 | true | +| Partial.cs:31:9:31:11 | get_Item | true | +| Partial.cs:32:9:32:11 | set_Item | true | +| Partial.cs:36:55:36:57 | add_PartialEvent1 | true | +| Partial.cs:36:63:36:68 | remove_PartialEvent1 | true | +| Partial.cs:48:30:48:32 | get_Property | false | +| Partial.cs:48:35:48:37 | set_Property | false | +| Partial.cs:51:9:51:11 | get_Item | false | +| Partial.cs:52:9:52:11 | set_Item | false | +| Partial.cs:54:31:54:35 | add_Event | false | +| Partial.cs:54:31:54:35 | remove_Event | false | diff --git a/csharp/ql/test/library-tests/partial/PartialConstructors.expected b/csharp/ql/test/library-tests/partial/PartialConstructors.expected index 01779f1b81e..69cabb244f5 100644 --- a/csharp/ql/test/library-tests/partial/PartialConstructors.expected +++ b/csharp/ql/test/library-tests/partial/PartialConstructors.expected @@ -1,4 +1,4 @@ -| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | {...} | -| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | {...} | -| Partial.cs:38:7:38:21 | NonPartialClass | Partial.cs:38:7:38:21 | {...} | +| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:3:15:3:26 | {...} | +| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:39:15:39:33 | {...} | +| Partial.cs:45:7:45:21 | NonPartialClass | Partial.cs:45:7:45:21 | {...} | | PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | {...} | diff --git a/csharp/ql/test/library-tests/partial/PartialEvents.expected b/csharp/ql/test/library-tests/partial/PartialEvents.expected new file mode 100644 index 00000000000..b12f8a07a9d --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialEvents.expected @@ -0,0 +1,2 @@ +| Partial.cs:36:39:36:51 | PartialEvent1 | true | +| Partial.cs:54:31:54:35 | Event | false | diff --git a/csharp/ql/test/library-tests/partial/PartialEvents.ql b/csharp/ql/test/library-tests/partial/PartialEvents.ql new file mode 100644 index 00000000000..e9f45250266 --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialEvents.ql @@ -0,0 +1,7 @@ +import csharp + +private boolean isPartial(Event e) { if e.isPartial() then result = true else result = false } + +from Event e +where e.fromSource() +select e, isPartial(e) diff --git a/csharp/ql/test/library-tests/partial/PartialIndexers.expected b/csharp/ql/test/library-tests/partial/PartialIndexers.expected index 151ed5aad03..be625fc4ad5 100644 --- a/csharp/ql/test/library-tests/partial/PartialIndexers.expected +++ b/csharp/ql/test/library-tests/partial/PartialIndexers.expected @@ -1,2 +1,2 @@ -| Partial.cs:25:27:25:30 | Item | true | -| Partial.cs:42:19:42:22 | Item | false | +| Partial.cs:29:27:29:30 | Item | true | +| Partial.cs:49:19:49:22 | Item | false | diff --git a/csharp/ql/test/library-tests/partial/PartialMethodBody.expected b/csharp/ql/test/library-tests/partial/PartialMethodBody.expected index b75a105bea0..a91a156cb62 100644 --- a/csharp/ql/test/library-tests/partial/PartialMethodBody.expected +++ b/csharp/ql/test/library-tests/partial/PartialMethodBody.expected @@ -1,3 +1,3 @@ -| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | false | -| Partial.cs:14:18:14:39 | PartialMethodWithBody1 | true | -| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | false | +| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | false | +| Partial.cs:18:18:18:39 | PartialMethodWithBody1 | true | +| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | false | diff --git a/csharp/ql/test/library-tests/partial/PartialProperties.expected b/csharp/ql/test/library-tests/partial/PartialProperties.expected index 8d2dfc01e74..4686bbf087a 100644 --- a/csharp/ql/test/library-tests/partial/PartialProperties.expected +++ b/csharp/ql/test/library-tests/partial/PartialProperties.expected @@ -1,2 +1,2 @@ -| Partial.cs:18:27:18:42 | PartialProperty1 | true | -| Partial.cs:41:19:41:26 | Property | false | +| Partial.cs:22:27:22:42 | PartialProperty1 | true | +| Partial.cs:48:19:48:26 | Property | false | diff --git a/csharp/ql/test/library-tests/partial/PrintAst.expected b/csharp/ql/test/library-tests/partial/PrintAst.expected index 0729946b18b..315de869fb3 100644 --- a/csharp/ql/test/library-tests/partial/PrintAst.expected +++ b/csharp/ql/test/library-tests/partial/PrintAst.expected @@ -1,94 +1,112 @@ Partial.cs: -# 1| [Class] TwoPartClass -# 4| 6: [Method] PartialMethodWithoutBody1 -# 4| -1: [TypeMention] Void -# 5| 7: [Method] Method2 +# 3| [Class] TwoPartClass +# 6| 6: [Method] PartialMethodWithoutBody1 +# 6| -1: [TypeMention] Void +# 7| 7: [Method] Method2 +# 7| -1: [TypeMention] Void +# 7| 4: [BlockStmt] {...} +# 18| 8: [Method] PartialMethodWithBody1 # 5| -1: [TypeMention] Void -# 5| 4: [BlockStmt] {...} -# 14| 8: [Method] PartialMethodWithBody1 -# 3| -1: [TypeMention] Void -# 14| 4: [BlockStmt] {...} -# 15| 9: [Method] Method3 -# 15| -1: [TypeMention] Void -# 15| 4: [BlockStmt] {...} -# 16| 10: [Field] _backingField -# 16| -1: [TypeMention] object -# 18| 11: [Property] PartialProperty1 -# 7| -1: [TypeMention] object -# 18| -1: [TypeMention] object -# 20| 3: [Getter] get_PartialProperty1 -# 20| 4: [BlockStmt] {...} -# 20| 0: [ReturnStmt] return ...; -# 20| 0: [FieldAccess] access to field _backingField -# 21| 4: [Setter] set_PartialProperty1 -#-----| 2: (Parameters) -# 21| 0: [Parameter] value -# 21| 4: [BlockStmt] {...} -# 21| 0: [ExprStmt] ...; -# 21| 0: [AssignExpr] ... = ... -# 21| 0: [FieldAccess] access to field _backingField -# 21| 1: [ParameterAccess] access to parameter value -# 23| 12: [Field] _backingArray -# 23| -1: [TypeMention] Object[] -# 23| 1: [TypeMention] object -# 25| 13: [Indexer] Item +# 18| 4: [BlockStmt] {...} +# 19| 9: [Method] Method3 +# 19| -1: [TypeMention] Void +# 19| 4: [BlockStmt] {...} +# 20| 10: [Field] _backingField +# 20| -1: [TypeMention] object +# 22| 11: [Property] PartialProperty1 # 9| -1: [TypeMention] object -# 25| -1: [TypeMention] object +# 22| -1: [TypeMention] object +# 24| 3: [Getter] get_PartialProperty1 +# 24| 4: [BlockStmt] {...} +# 24| 0: [ReturnStmt] return ...; +# 24| 0: [FieldAccess] access to field _backingField +# 25| 4: [Setter] set_PartialProperty1 +#-----| 2: (Parameters) +# 25| 0: [Parameter] value +# 25| 4: [BlockStmt] {...} +# 25| 0: [ExprStmt] ...; +# 25| 0: [AssignExpr] ... = ... +# 25| 0: [FieldAccess] access to field _backingField +# 25| 1: [ParameterAccess] access to parameter value +# 27| 12: [Field] _backingArray +# 27| -1: [TypeMention] Object[] +# 27| 1: [TypeMention] object +# 29| 13: [Indexer] Item +# 11| -1: [TypeMention] object +# 29| -1: [TypeMention] object #-----| 1: (Parameters) -# 9| 0: [Parameter] index -# 9| -1: [TypeMention] int -# 25| -1: [TypeMention] int -# 27| 3: [Getter] get_Item +# 11| 0: [Parameter] index +# 11| -1: [TypeMention] int +# 29| -1: [TypeMention] int +# 31| 3: [Getter] get_Item #-----| 2: (Parameters) -# 25| 0: [Parameter] index -# 27| 4: [BlockStmt] {...} -# 27| 0: [ReturnStmt] return ...; -# 27| 0: [ArrayAccess] access to array element -# 27| -1: [FieldAccess] access to field _backingArray -# 27| 0: [ParameterAccess] access to parameter index -# 28| 4: [Setter] set_Item +# 29| 0: [Parameter] index +# 31| 4: [BlockStmt] {...} +# 31| 0: [ReturnStmt] return ...; +# 31| 0: [ArrayAccess] access to array element +# 31| -1: [FieldAccess] access to field _backingArray +# 31| 0: [ParameterAccess] access to parameter index +# 32| 4: [Setter] set_Item #-----| 2: (Parameters) -# 25| 0: [Parameter] index -# 28| 1: [Parameter] value -# 28| 4: [BlockStmt] {...} -# 28| 0: [ExprStmt] ...; -# 28| 0: [AssignExpr] ... = ... -# 28| 0: [ArrayAccess] access to array element -# 28| -1: [FieldAccess] access to field _backingArray -# 28| 0: [ParameterAccess] access to parameter index -# 28| 1: [ParameterAccess] access to parameter value -# 32| [Class] OnePartPartialClass -# 34| 6: [Method] PartialMethodWithoutBody2 -# 34| -1: [TypeMention] Void -# 35| 7: [Method] Method4 -# 35| -1: [TypeMention] Void -# 35| 4: [BlockStmt] {...} -# 38| [Class] NonPartialClass -# 40| 6: [Method] Method5 -# 40| -1: [TypeMention] Void -# 40| 4: [BlockStmt] {...} -# 41| 7: [Property] Property -# 41| -1: [TypeMention] object -# 41| 3: [Getter] get_Property -# 41| 4: [Setter] set_Property +# 29| 0: [Parameter] index +# 32| 1: [Parameter] value +# 32| 4: [BlockStmt] {...} +# 32| 0: [ExprStmt] ...; +# 32| 0: [AssignExpr] ... = ... +# 32| 0: [ArrayAccess] access to array element +# 32| -1: [FieldAccess] access to field _backingArray +# 32| 0: [ParameterAccess] access to parameter index +# 32| 1: [ParameterAccess] access to parameter value +# 36| 14: [Event] PartialEvent1 +# 13| -1: [TypeMention] EventHandler +# 36| 3: [AddEventAccessor] add_PartialEvent1 #-----| 2: (Parameters) -# 41| 0: [Parameter] value -# 42| 8: [Indexer] Item -# 42| -1: [TypeMention] object +# 36| 0: [Parameter] value +# 36| 4: [BlockStmt] {...} +# 36| 4: [RemoveEventAccessor] remove_PartialEvent1 +#-----| 2: (Parameters) +# 36| 0: [Parameter] value +# 36| 4: [BlockStmt] {...} +# 39| [Class] OnePartPartialClass +# 41| 6: [Method] PartialMethodWithoutBody2 +# 41| -1: [TypeMention] Void +# 42| 7: [Method] Method4 +# 42| -1: [TypeMention] Void +# 42| 4: [BlockStmt] {...} +# 45| [Class] NonPartialClass +# 47| 6: [Method] Method5 +# 47| -1: [TypeMention] Void +# 47| 4: [BlockStmt] {...} +# 48| 7: [Property] Property +# 48| -1: [TypeMention] object +# 48| 3: [Getter] get_Property +# 48| 4: [Setter] set_Property +#-----| 2: (Parameters) +# 48| 0: [Parameter] value +# 49| 8: [Indexer] Item +# 49| -1: [TypeMention] object #-----| 1: (Parameters) -# 42| 0: [Parameter] index -# 42| -1: [TypeMention] int -# 44| 3: [Getter] get_Item +# 49| 0: [Parameter] index +# 49| -1: [TypeMention] int +# 51| 3: [Getter] get_Item #-----| 2: (Parameters) -# 42| 0: [Parameter] index -# 44| 4: [BlockStmt] {...} -# 44| 0: [ReturnStmt] return ...; -# 44| 0: [NullLiteral] null -# 45| 4: [Setter] set_Item +# 49| 0: [Parameter] index +# 51| 4: [BlockStmt] {...} +# 51| 0: [ReturnStmt] return ...; +# 51| 0: [NullLiteral] null +# 52| 4: [Setter] set_Item #-----| 2: (Parameters) -# 42| 0: [Parameter] index -# 45| 1: [Parameter] value -# 45| 4: [BlockStmt] {...} +# 49| 0: [Parameter] index +# 52| 1: [Parameter] value +# 52| 4: [BlockStmt] {...} +# 54| 9: [Event] Event +# 54| -1: [TypeMention] EventHandler +# 54| 3: [AddEventAccessor] add_Event +#-----| 2: (Parameters) +# 54| 0: [Parameter] value +# 54| 4: [RemoveEventAccessor] remove_Event +#-----| 2: (Parameters) +# 54| 0: [Parameter] value PartialMultipleFiles1.cs: # 1| [Class] PartialMultipleFiles PartialMultipleFiles2.cs: diff --git a/csharp/ql/test/library-tests/properties/PrintAst.expected b/csharp/ql/test/library-tests/properties/PrintAst.expected index 2df3ee3f5e8..711e417558e 100644 --- a/csharp/ql/test/library-tests/properties/PrintAst.expected +++ b/csharp/ql/test/library-tests/properties/PrintAst.expected @@ -230,3 +230,19 @@ properties.cs: #-----| 2: (Parameters) # 124| 0: [Parameter] value # 124| 4: [BlockStmt] {...} +# 128| 10: [Class] UseFieldKeyword +# 130| 6: [Property] Prop +# 130| -1: [TypeMention] object +# 132| 3: [Getter] get_Prop +# 132| 4: [BlockStmt] {...} +# 132| 0: [ReturnStmt] return ...; +# 132| 0: [FieldAccess] access to field Prop.field +# 133| 4: [Setter] set_Prop +#-----| 2: (Parameters) +# 133| 0: [Parameter] value +# 133| 4: [BlockStmt] {...} +# 133| 0: [ExprStmt] ...; +# 133| 0: [AssignExpr] ... = ... +# 133| 0: [FieldAccess] access to field Prop.field +# 133| 1: [ParameterAccess] access to parameter value +# 130| 7: [Field] Prop.field diff --git a/csharp/ql/test/library-tests/properties/Properties17.expected b/csharp/ql/test/library-tests/properties/Properties17.expected index 47b563e2676..ee817a63df9 100644 --- a/csharp/ql/test/library-tests/properties/Properties17.expected +++ b/csharp/ql/test/library-tests/properties/Properties17.expected @@ -1,3 +1,4 @@ +| Prop.field | | caption | | next | | y | diff --git a/csharp/ql/test/library-tests/properties/Properties17.ql b/csharp/ql/test/library-tests/properties/Properties17.ql index ca53f5423aa..6bd668ec118 100644 --- a/csharp/ql/test/library-tests/properties/Properties17.ql +++ b/csharp/ql/test/library-tests/properties/Properties17.ql @@ -1,5 +1,5 @@ /** - * @name Test that there are no backing fields + * @name Test that there are no backing fields except for properties that use the `field` keyword in their getter or setter. */ import csharp diff --git a/csharp/ql/test/library-tests/properties/properties.cs b/csharp/ql/test/library-tests/properties/properties.cs index 57ffa7a31a5..2f88214ec75 100644 --- a/csharp/ql/test/library-tests/properties/properties.cs +++ b/csharp/ql/test/library-tests/properties/properties.cs @@ -124,4 +124,13 @@ namespace Properties set { } } } + + class UseFieldKeyword + { + public object Prop + { + get { return field; } + set { field = value; } + } + } } diff --git a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/NullableTest.cs b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/NullableTest.cs new file mode 100644 index 00000000000..a66ffbec9a0 --- /dev/null +++ b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/NullableTest.cs @@ -0,0 +1,86 @@ +using System; + +#nullable enable + +namespace Test +{ + class TestClass1 : IEquatable + { + private int field1; + + public bool Equals(TestClass1? param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object? param2) + { + return param2 is TestClass1 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass2 : IEquatable + { + private int field1; + + public bool Equals(TestClass2 param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object? param2) + { + return param2 is TestClass2 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass3 : IEquatable + { + private int field1; + + public bool Equals(TestClass3? param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object param2) + { + return param2 is TestClass3 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass4 : IEquatable + { + private int field1; + + public bool Equals(TestClass4 param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object param2) + { + return param2 is TestClass4 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } +} \ No newline at end of file diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/NullableTest.cs b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/NullableTest.cs new file mode 100644 index 00000000000..a66ffbec9a0 --- /dev/null +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/NullableTest.cs @@ -0,0 +1,86 @@ +using System; + +#nullable enable + +namespace Test +{ + class TestClass1 : IEquatable + { + private int field1; + + public bool Equals(TestClass1? param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object? param2) + { + return param2 is TestClass1 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass2 : IEquatable + { + private int field1; + + public bool Equals(TestClass2 param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object? param2) + { + return param2 is TestClass2 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass3 : IEquatable + { + private int field1; + + public bool Equals(TestClass3? param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object param2) + { + return param2 is TestClass3 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } + + class TestClass4 : IEquatable + { + private int field1; + + public bool Equals(TestClass4 param1) + { + return param1 != null && field1 == param1.field1; + } + + public override bool Equals(object param2) + { + return param2 is TestClass4 tc && Equals(tc); + } + + public override int GetHashCode() + { + return field1; + } + } +} \ No newline at end of file diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 6216bae08df..566238658f3 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -18,7 +18,7 @@ .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``" Go (aka Golang), "Go up to 1.26", "Go 1.11 or more recent", ``.go`` - Java,"Java 7 to 25 [6]_","javac (OpenJDK and Oracle JDK), + Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [7]_",``.java`` Kotlin,"Kotlin 1.8.0 to 2.3.0\ *x*","kotlinc",``.kt`` @@ -36,7 +36,7 @@ .. [3] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported. .. [4] Support for the clang-cl compiler is preliminary. .. [5] Support for the Arm Compiler (armcc) is preliminary. - .. [6] Builds that execute on Java 7 to 25 can be analyzed. The analysis understands standard language features in Java 8 to 25; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code. + .. [6] Builds that execute on Java 7 to 26 can be analyzed. The analysis understands standard language features in Java 8 to 26; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code. .. [7] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. .. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. .. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python. diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index d0c8171cdf6..e91058f491a 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.42.md b/go/ql/consistency-queries/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 9db7c50224d..6f9302c9ac4 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.42-dev +version: 1.0.43-dev groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 126058537ce..34751dc5d8a 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 7.0.0 + +### Breaking Changes + +* The `BasicBlock` class is now defined using the shared basic blocks library. `BasicBlock.getRoot` has been replaced by `BasicBlock.getScope`. `BasicBlock.getAPredecessor` and `BasicBlock.getASuccessor` now take a `SuccessorType` argument. `ReachableJoinBlock.inDominanceFrontierOf` has been removed, so use `BasicBlock.inDominanceFrontier` instead, swapping the receiver and the argument. + +### Major Analysis Improvements + +* Go 1.26 is now supported. + ## 6.0.1 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md b/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md deleted file mode 100644 index 97f022480c4..00000000000 --- a/go/ql/lib/change-notes/2026-01-20-go-version-1-26.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Go 1.26 is now supported. diff --git a/go/ql/lib/change-notes/2026-01-28-shared-basic-block-library.md b/go/ql/lib/change-notes/released/7.0.0.md similarity index 80% rename from go/ql/lib/change-notes/2026-01-28-shared-basic-block-library.md rename to go/ql/lib/change-notes/released/7.0.0.md index f26aeb9c07a..602f9f36e35 100644 --- a/go/ql/lib/change-notes/2026-01-28-shared-basic-block-library.md +++ b/go/ql/lib/change-notes/released/7.0.0.md @@ -1,4 +1,9 @@ ---- -category: breaking ---- +## 7.0.0 + +### Breaking Changes + * The `BasicBlock` class is now defined using the shared basic blocks library. `BasicBlock.getRoot` has been replaced by `BasicBlock.getScope`. `BasicBlock.getAPredecessor` and `BasicBlock.getASuccessor` now take a `SuccessorType` argument. `ReachableJoinBlock.inDominanceFrontierOf` has been removed, so use `BasicBlock.inDominanceFrontier` instead, swapping the receiver and the argument. + +### Major Analysis Improvements + +* Go 1.26 is now supported. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index d1f3c68c812..e0db21c7869 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.0.1 +lastReleaseVersion: 7.0.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 758bb94451c..ac5f63a29bc 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 6.0.2-dev +version: 7.0.1-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index f2475a92207..95f203839c5 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.6 + +No user-facing changes. + ## 1.5.5 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.5.6.md b/go/ql/src/change-notes/released/1.5.6.md new file mode 100644 index 00000000000..17fb577dc9e --- /dev/null +++ b/go/ql/src/change-notes/released/1.5.6.md @@ -0,0 +1,3 @@ +## 1.5.6 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 1c73e9d9ce9..9a0b3c9461b 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.5 +lastReleaseVersion: 1.5.6 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index cb2e964d440..bbac3ffc212 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.6-dev +version: 1.5.7-dev groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index f238699b4e5..fb2908a561e 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 8.1.0 + +### Deprecated APIs + +* The `UnreachableBlocks.qll` library has been deprecated. +* Renamed the following predicates to increase uniformity across languages. The `getBody` predicate already existed on `LoopStmt`, but is now properly inherited. + - `UnaryExpr.getExpr` to `getOperand`. + - `ConditionalExpr.getTrueExpr` to `getThen`. + - `ConditionalExpr.getFalseExpr` to `getElse`. + - `ReturnStmt.getResult` to `getExpr`. + - `WhileStmt.getStmt` to `getBody`. + - `DoStmt.getStmt` to `getBody`. + - `ForStmt.getStmt` to `getBody`. + - `EnhancedForStmt.getStmt` to `getBody`. + +### Minor Analysis Improvements + +* Using a regular expression to check that a string doesn't contain any line breaks is already a sanitizer for `java/log-injection`. Additional ways of doing the regular expression check are now recognised, including annotation with `@javax.validation.constraints.Pattern`. +* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including `java/ssrf` and `java/path-injection`. In particular, being annotated with `@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries. +* Kotlin versions up to 2.3.10 are now supported. + ## 8.0.0 ### Breaking Changes @@ -6,7 +27,7 @@ ### New Features -* Kotlin versions up to 2.3.0*x* are now supported. +* Kotlin versions up to 2.3.0 are now supported. ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2026-02-04-renames.md b/java/ql/lib/change-notes/2026-02-04-renames.md deleted file mode 100644 index 9392bcbb4f6..00000000000 --- a/java/ql/lib/change-notes/2026-02-04-renames.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -category: deprecated ---- -* Renamed the following predicates to increase uniformity across languages. The `getBody` predicate already existed on `LoopStmt`, but is now properly inherited. - - `UnaryExpr.getExpr` to `getOperand`. - - `ConditionalExpr.getTrueExpr` to `getThen`. - - `ConditionalExpr.getFalseExpr` to `getElse`. - - `ReturnStmt.getResult` to `getExpr`. - - `WhileStmt.getStmt` to `getBody`. - - `DoStmt.getStmt` to `getBody`. - - `ForStmt.getStmt` to `getBody`. - - `EnhancedForStmt.getStmt` to `getBody`. diff --git a/java/ql/lib/change-notes/2026-02-06-kotlin-2.3.10.md b/java/ql/lib/change-notes/2026-02-06-kotlin-2.3.10.md deleted file mode 100644 index 49b62ea6bbd..00000000000 --- a/java/ql/lib/change-notes/2026-02-06-kotlin-2.3.10.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Kotlin versions up to 2.3.10 are now supported. diff --git a/java/ql/lib/change-notes/2026-02-12-deprecate-unreachableblocks.md b/java/ql/lib/change-notes/2026-02-12-deprecate-unreachableblocks.md deleted file mode 100644 index 24748cbb09e..00000000000 --- a/java/ql/lib/change-notes/2026-02-12-deprecate-unreachableblocks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `UnreachableBlocks.qll` library has been deprecated. diff --git a/java/ql/lib/change-notes/2026-02-12-jakarta.md b/java/ql/lib/change-notes/2026-02-12-jakarta.md new file mode 100644 index 00000000000..062e202cb8a --- /dev/null +++ b/java/ql/lib/change-notes/2026-02-12-jakarta.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Some modelling which previously only worked for Java EE packages beginning with "javax" will now also work for Java EE packages beginning with "jakarta" as well. This may lead to some alert changes. diff --git a/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md b/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md deleted file mode 100644 index 20d3d08b300..00000000000 --- a/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including `java/ssrf` and `java/path-injection`. In particular, being annotated with `@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries. diff --git a/java/ql/lib/change-notes/2026-02-14-pattern-annotation-log-injection-sanitizer.md b/java/ql/lib/change-notes/2026-02-14-pattern-annotation-log-injection-sanitizer.md deleted file mode 100644 index ceff0714ab8..00000000000 --- a/java/ql/lib/change-notes/2026-02-14-pattern-annotation-log-injection-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Using a regular expression to check that a string doesn't contain any line breaks is already a sanitizer for `java/log-injection`. Additional ways of doing the regular expression check are now recognised, including annotation with `@javax.validation.constraints.Pattern`. diff --git a/java/ql/lib/change-notes/released/8.1.0.md b/java/ql/lib/change-notes/released/8.1.0.md new file mode 100644 index 00000000000..e560747144d --- /dev/null +++ b/java/ql/lib/change-notes/released/8.1.0.md @@ -0,0 +1,20 @@ +## 8.1.0 + +### Deprecated APIs + +* The `UnreachableBlocks.qll` library has been deprecated. +* Renamed the following predicates to increase uniformity across languages. The `getBody` predicate already existed on `LoopStmt`, but is now properly inherited. + - `UnaryExpr.getExpr` to `getOperand`. + - `ConditionalExpr.getTrueExpr` to `getThen`. + - `ConditionalExpr.getFalseExpr` to `getElse`. + - `ReturnStmt.getResult` to `getExpr`. + - `WhileStmt.getStmt` to `getBody`. + - `DoStmt.getStmt` to `getBody`. + - `ForStmt.getStmt` to `getBody`. + - `EnhancedForStmt.getStmt` to `getBody`. + +### Minor Analysis Improvements + +* Using a regular expression to check that a string doesn't contain any line breaks is already a sanitizer for `java/log-injection`. Additional ways of doing the regular expression check are now recognised, including annotation with `@javax.validation.constraints.Pattern`. +* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including `java/ssrf` and `java/path-injection`. In particular, being annotated with `@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries. +* Kotlin versions up to 2.3.10 are now supported. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 0f48687270d..59984961848 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.0.0 +lastReleaseVersion: 8.1.0 diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index b1b536a3ccb..feac5aaf0ea 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -295,7 +295,7 @@ module JCAModel { class CipherGetInstanceCall extends MethodCall { CipherGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance") } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -307,7 +307,8 @@ module JCAModel { private class CipherOperationCall extends MethodCall { CipherOperationCall() { this.getMethod() - .hasQualifiedName("javax.crypto", "Cipher", ["update", "doFinal", "wrap", "unwrap"]) + .hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", + ["update", "doFinal", "wrap", "unwrap"]) } predicate isIntermediate() { this.getMethod().getName() = "update" } @@ -474,7 +475,9 @@ module JCAModel { * An access to the `javax.crypto.Cipher` class. */ private class CipherAccess extends TypeAccess { - CipherAccess() { this.getType().(Class).hasQualifiedName("javax.crypto", "Cipher") } + CipherAccess() { + this.getType().(Class).hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher") + } } /** @@ -708,7 +711,9 @@ module JCAModel { // and through setter methods class IvParameterSpecInstance extends NonceParameterInstantiation { IvParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec") } override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(0) } @@ -717,7 +722,9 @@ module JCAModel { // TODO: this also specifies the tag length for GCM class GCMParameterSpecInstance extends NonceParameterInstantiation { GCMParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "GCMParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "GCMParameterSpec") } override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(1) } @@ -725,7 +732,8 @@ module JCAModel { class IvParameterSpecGetIvCall extends MethodCall { IvParameterSpecGetIvCall() { - this.getMethod().hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "getIV") + this.getMethod() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec", "getIV") } } @@ -797,7 +805,9 @@ module JCAModel { } class CipherInitCall extends MethodCall { - CipherInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "init") } + CipherInitCall() { + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "init") + } /** * Returns the mode argument to the `init` method @@ -966,7 +976,9 @@ module JCAModel { class DHGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { DHGenParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec") } Expr getPrimeSizeArg() { result = this.getArgument(0) } @@ -1067,7 +1079,7 @@ module JCAModel { //TODO: Link getAlgorithm from KeyPairGenerator to algorithm instances or AVCs? High priority. class KeyGeneratorGetInstanceCall extends MethodCall { KeyGeneratorGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "getInstance") or this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "getInstance") } @@ -1082,7 +1094,8 @@ module JCAModel { this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "initialize") and keyType = Crypto::TAsymmetricKeyType() or - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", ["init", "initialize"]) and + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", ["init", "initialize"]) and keyType = Crypto::TSymmetricKeyType() } @@ -1111,7 +1124,7 @@ module JCAModel { Crypto::KeyArtifactType type; KeyGeneratorGenerateCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "generateKey") and + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "generateKey") and type instanceof Crypto::TSymmetricKeyType or this.getCallee() @@ -1176,7 +1189,7 @@ module JCAModel { class KeySpecInstantiation extends ClassInstanceExpr { KeySpecInstantiation() { this.getConstructedType() - .hasQualifiedName("javax.crypto.spec", + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", ["PBEKeySpec", "SecretKeySpec", "PBEKeySpec", "DESedeKeySpec"]) } @@ -1227,7 +1240,8 @@ module JCAModel { class SecretKeyFactoryGetInstanceCall extends MethodCall { SecretKeyFactoryGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance") + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance") } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -1235,7 +1249,8 @@ module JCAModel { class SecretKeyFactoryGenerateSecretCall extends MethodCall { SecretKeyFactoryGenerateSecretCall() { - this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "generateSecret") + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "generateSecret") } Expr getKeySpecArg() { result = this.getArgument(0) } @@ -1430,7 +1445,7 @@ module JCAModel { class KeyAgreementInitCall extends MethodCall { KeyAgreementInitCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "init") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "init") } Expr getServerKeyArg() { result = this.getArgument(0) } @@ -1438,7 +1453,7 @@ module JCAModel { class KeyAgreementGetInstanceCall extends MethodCall { KeyAgreementGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance") } Expr getAlgorithmArg() { result = super.getArgument(0) } @@ -1482,7 +1497,8 @@ module JCAModel { class KeyAgreementCall extends MethodCall { KeyAgreementCall() { this.getCallee() - .hasQualifiedName("javax.crypto", "KeyAgreement", ["generateSecret", "doPhase"]) + .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", + ["generateSecret", "doPhase"]) } predicate isIntermediate() { this.getCallee().getName() = "doPhase" } @@ -1647,7 +1663,9 @@ module JCAModel { } class MacGetInstanceCall extends MethodCall { - MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") } + MacGetInstanceCall() { + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "getInstance") + } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -1663,7 +1681,7 @@ module JCAModel { } class MacInitCall extends MethodCall { - MacInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "init") } + MacInitCall() { this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "init") } Expr getKeyArg() { result = this.getArgument(0) and this.getMethod().getParameterType(0).hasName("Key") @@ -1691,7 +1709,7 @@ module JCAModel { Expr output; MacOperationCall() { - super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and + super.getMethod().getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac") and ( super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output or diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 177711350d5..a1737f2d1cb 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 8.0.1-dev +version: 8.1.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/J2EE.qll b/java/ql/lib/semmle/code/java/J2EE.qll index 4412b3715e3..4cfffcdfa9f 100644 --- a/java/ql/lib/semmle/code/java/J2EE.qll +++ b/java/ql/lib/semmle/code/java/J2EE.qll @@ -6,52 +6,67 @@ module; import Type +/** Gets "java" or "jakarta". */ +string javaxOrJakarta() { result = ["javax", "jakarta"] } + /** An entity bean. */ class EntityBean extends Class { EntityBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EntityBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EntityBean") | + this.hasSupertype+(i) + ) } } /** An enterprise bean. */ class EnterpriseBean extends RefType { EnterpriseBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EnterpriseBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EnterpriseBean") | + this.hasSupertype+(i) + ) } } /** A local EJB home interface. */ class LocalEjbHomeInterface extends Interface { LocalEjbHomeInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalHome") | + this.hasSupertype+(i) + ) } } /** A remote EJB home interface. */ class RemoteEjbHomeInterface extends Interface { RemoteEjbHomeInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") | + this.hasSupertype+(i) + ) } } /** A local EJB interface. */ class LocalEjbInterface extends Interface { LocalEjbInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalObject") | + this.hasSupertype+(i) + ) } } /** A remote EJB interface. */ class RemoteEjbInterface extends Interface { RemoteEjbInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") | + this.hasSupertype+(i) + ) } } /** A message bean. */ class MessageBean extends Class { MessageBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "MessageDrivenBean") | + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDrivenBean") | this.hasSupertype+(i) ) } @@ -60,6 +75,8 @@ class MessageBean extends Class { /** A session bean. */ class SessionBean extends Class { SessionBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "SessionBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "SessionBean") | + this.hasSupertype+(i) + ) } } diff --git a/java/ql/lib/semmle/code/java/JMX.qll b/java/ql/lib/semmle/code/java/JMX.qll index 3f18e0ecf3d..a951b2a7d1a 100644 --- a/java/ql/lib/semmle/code/java/JMX.qll +++ b/java/ql/lib/semmle/code/java/JMX.qll @@ -18,7 +18,7 @@ class MBean extends ManagedBean { class MXBean extends ManagedBean { MXBean() { this.getQualifiedName().matches("%MXBean%") or - this.getAnAnnotation().getType().hasQualifiedName("javax.management", "MXBean") + this.getAnAnnotation().getType().hasQualifiedName(javaxOrJakarta() + ".management", "MXBean") } } @@ -61,7 +61,7 @@ class JmxRegistrationCall extends MethodCall { class JmxRegistrationMethod extends Method { JmxRegistrationMethod() { // A direct registration with the `MBeanServer`. - this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and this.getName() = "registerMBean" or // The `MBeanServer` is often wrapped by an application specific management class, so identify @@ -78,7 +78,7 @@ class JmxRegistrationMethod extends Method { */ int getObjectPosition() { // Passed as the first argument to `registerMBean`. - this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and this.getName() = "registerMBean" and result = 0 or @@ -92,16 +92,20 @@ class JmxRegistrationMethod extends Method { /** The class `javax.management.remote.JMXConnectorFactory`. */ class TypeJmxConnectorFactory extends Class { TypeJmxConnectorFactory() { - this.hasQualifiedName("javax.management.remote", "JMXConnectorFactory") + this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXConnectorFactory") } } /** The class `javax.management.remote.JMXServiceURL`. */ class TypeJmxServiceUrl extends Class { - TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") } + TypeJmxServiceUrl() { + this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXServiceURL") + } } /** The class `javax.management.remote.rmi.RMIConnector`. */ class TypeRmiConnector extends Class { - TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") } + TypeRmiConnector() { + this.hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnector") + } } diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index ec8ad6e2d4f..26444920a7e 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -316,7 +316,7 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed * Entry point for EJB home interfaces. */ class EjbHome extends Interface, EntryPoint { - EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") } + EjbHome() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") } override Callable getALiveCallable() { result = this.getACallable() } } @@ -325,7 +325,7 @@ class EjbHome extends Interface, EntryPoint { * Entry point for EJB object interfaces. */ class EjbObject extends Interface, EntryPoint { - EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") } + EjbObject() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") } override Callable getALiveCallable() { result = this.getACallable() } } @@ -341,7 +341,9 @@ class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass { class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass { JaxbDeserializationEntryPoint() { // A class can be deserialized by JAXB if it's an `XmlRootElement`... - this.getAnAnnotation().getType().hasQualifiedName("javax.xml.bind.annotation", "XmlRootElement") + this.getAnAnnotation() + .getType() + .hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation", "XmlRootElement") or // ... or the type of an `XmlElement` field. exists(Field elementField | diff --git a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll index df9ef0a7b7c..63b142ae3ad 100644 --- a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll @@ -45,7 +45,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass { */ class ServletFilterClass extends ReflectivelyConstructedClass { ServletFilterClass() { - this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") and + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Filter") and // If we have seen any `web.xml` files, this filter will be considered to be live only if it is // referred to as a filter-class in at least one. If no `web.xml` files are found, we assume // that XML extraction was not enabled, and therefore consider all filter classes as live. diff --git a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll index 1283aa3d21e..c781abdb828 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll @@ -6,20 +6,20 @@ import semmle.code.java.Type class JaxbElement extends Class { JaxbElement() { - this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "JAXBElement") or this.getAnAnnotation().getType().getName() = "XmlRootElement" } } class JaxbMarshalMethod extends Method { JaxbMarshalMethod() { - this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Marshaller") and this.getName() = "marshal" } } class JaxbAnnotationType extends AnnotationType { - JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" } + JaxbAnnotationType() { this.getPackage().getName() = javaxOrJakarta() + ".xml.bind.annotation" } } class JaxbAnnotated extends Annotatable { diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll b/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll index 517f55fcc86..3b70c42fbec 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll @@ -14,35 +14,45 @@ import java * A `@javax.annotation.Generated` annotation. */ class GeneratedAnnotation extends Annotation { - GeneratedAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Generated") } + GeneratedAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Generated") + } } /** * A `@javax.annotation.PostConstruct` annotation. */ class PostConstructAnnotation extends Annotation { - PostConstructAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PostConstruct") } + PostConstructAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PostConstruct") + } } /** * A `@javax.annotation.PreDestroy` annotation. */ class PreDestroyAnnotation extends Annotation { - PreDestroyAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PreDestroy") } + PreDestroyAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PreDestroy") + } } /** * A `@javax.annotation.Resource` annotation. */ class ResourceAnnotation extends Annotation { - ResourceAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resource") } + ResourceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resource") + } } /** * A `@javax.annotation.Resources` annotation. */ class ResourcesAnnotation extends Annotation { - ResourcesAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resources") } + ResourcesAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resources") + } } /** @@ -50,7 +60,7 @@ class ResourcesAnnotation extends Annotation { */ class JavaxManagedBeanAnnotation extends Annotation { JavaxManagedBeanAnnotation() { - this.getType().hasQualifiedName("javax.annotation", "ManagedBean") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "ManagedBean") } } @@ -63,7 +73,7 @@ class JavaxManagedBeanAnnotation extends Annotation { */ class DeclareRolesAnnotation extends Annotation { DeclareRolesAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "DeclareRoles") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DeclareRoles") } } @@ -71,7 +81,9 @@ class DeclareRolesAnnotation extends Annotation { * A `@javax.annotation.security.DenyAll` annotation. */ class DenyAllAnnotation extends Annotation { - DenyAllAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "DenyAll") } + DenyAllAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DenyAll") + } } /** @@ -79,7 +91,7 @@ class DenyAllAnnotation extends Annotation { */ class PermitAllAnnotation extends Annotation { PermitAllAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "PermitAll") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "PermitAll") } } @@ -88,7 +100,7 @@ class PermitAllAnnotation extends Annotation { */ class RolesAllowedAnnotation extends Annotation { RolesAllowedAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "RolesAllowed") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RolesAllowed") } } @@ -96,7 +108,9 @@ class RolesAllowedAnnotation extends Annotation { * A `@javax.annotation.security.RunAs` annotation. */ class RunAsAnnotation extends Annotation { - RunAsAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "RunAs") } + RunAsAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RunAs") + } } /* @@ -107,7 +121,9 @@ class RunAsAnnotation extends Annotation { * A `@javax.interceptor.AroundInvoke` annotation. */ class AroundInvokeAnnotation extends Annotation { - AroundInvokeAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "AroundInvoke") } + AroundInvokeAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "AroundInvoke") + } } /** @@ -115,7 +131,7 @@ class AroundInvokeAnnotation extends Annotation { */ class ExcludeClassInterceptorsAnnotation extends Annotation { ExcludeClassInterceptorsAnnotation() { - this.getType().hasQualifiedName("javax.interceptor", "ExcludeClassInterceptors") + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeClassInterceptors") } } @@ -124,7 +140,7 @@ class ExcludeClassInterceptorsAnnotation extends Annotation { */ class ExcludeDefaultInterceptorsAnnotation extends Annotation { ExcludeDefaultInterceptorsAnnotation() { - this.getType().hasQualifiedName("javax.interceptor", "ExcludeDefaultInterceptors") + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeDefaultInterceptors") } } @@ -132,7 +148,9 @@ class ExcludeDefaultInterceptorsAnnotation extends Annotation { * A `@javax.interceptor.Interceptors` annotation. */ class InterceptorsAnnotation extends Annotation { - InterceptorsAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "Interceptors") } + InterceptorsAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "Interceptors") + } } /* @@ -143,14 +161,16 @@ class InterceptorsAnnotation extends Annotation { * A `@javax.jws.WebMethod` annotation. */ class WebMethodAnnotation extends Annotation { - WebMethodAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebMethod") } + WebMethodAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") } } /** * A `@javax.jws.WebService` annotation. */ class WebServiceAnnotation extends Annotation { - WebServiceAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebService") } + WebServiceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebService") + } } /* @@ -161,7 +181,9 @@ class WebServiceAnnotation extends Annotation { * A `@javax.xml.ws.WebServiceRef` annotation. */ class WebServiceRefAnnotation extends Annotation { - WebServiceRefAnnotation() { this.getType().hasQualifiedName("javax.xml.ws", "WebServiceRef") } + WebServiceRefAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".xml.ws", "WebServiceRef") + } } /* @@ -173,9 +195,7 @@ class WebServiceRefAnnotation extends Annotation { */ class PatternAnnotation extends Annotation, RegexMatch::Range { PatternAnnotation() { - this.getType() - .hasQualifiedName(["javax.validation.constraints", "jakarta.validation.constraints"], - "Pattern") + this.getType().hasQualifiedName(javaxOrJakarta() + ".validation.constraints", "Pattern") } override Expr getRegex() { result = this.getValue("regexp") } diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index 8b3ab081ee0..38bac53485b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS /** * Gets a name for the root package of JAX-RS. */ -string getAJaxRsPackage() { result in ["javax.ws.rs", "jakarta.ws.rs"] } +string getAJaxRsPackage() { result = javaxOrJakarta() + ".ws.rs" } /** * Gets a name for package `subpackage` within the JAX-RS hierarchy. @@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class { result.isPublic() and not result instanceof InitializerMethod and not exists(Annotation a | a = result.getAnAnnotation() | - a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and + a.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") and a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true ) and forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result | @@ -62,8 +62,7 @@ class JaxWsEndpoint extends Class { /** The annotation type `@XmlJavaTypeAdapter`. */ class XmlJavaTypeAdapter extends AnnotationType { XmlJavaTypeAdapter() { - this.hasQualifiedName(["javax", "jakarta"] + ".xml.bind.annotation.adapters", - "XmlJavaTypeAdapter") + this.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter") } } @@ -292,7 +291,7 @@ class JaxRSAnnotation extends Annotation { JaxRSAnnotation() { exists(AnnotationType a | a = this.getType() and - a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"]) + a.getPackage().getName().regexpMatch(javaxOrJakarta() + "\\.ws\\.rs(\\..*)?") ) } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Jms.qll b/java/ql/lib/semmle/code/java/frameworks/Jms.qll index 3cc76771a77..abee6b3a427 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jms.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jms.qll @@ -7,6 +7,6 @@ import java /** The method `ObjectMessage.getObject`. */ class ObjectMessageGetObjectMethod extends Method { ObjectMessageGetObjectMethod() { - this.hasQualifiedName(["javax", "jakarta"] + ".jms", "ObjectMessage", "getObject") + this.hasQualifiedName(javaxOrJakarta() + ".jms", "ObjectMessage", "getObject") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll index 0d7d481dc1d..d2b14d5f58e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll @@ -9,32 +9,34 @@ import java /*--- Types ---*/ /** The interface `javax.naming.Context`. */ class TypeNamingContext extends Interface { - TypeNamingContext() { this.hasQualifiedName("javax.naming", "Context") } + TypeNamingContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "Context") } } /** The class `javax.naming.CompositeName`. */ class TypeCompositeName extends Class { - TypeCompositeName() { this.hasQualifiedName("javax.naming", "CompositeName") } + TypeCompositeName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompositeName") } } /** The class `javax.naming.CompoundName`. */ class TypeCompoundName extends Class { - TypeCompoundName() { this.hasQualifiedName("javax.naming", "CompoundName") } + TypeCompoundName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompoundName") } } /** The interface `javax.naming.directory.DirContext`. */ class TypeDirContext extends Interface { - TypeDirContext() { this.hasQualifiedName("javax.naming.directory", "DirContext") } + TypeDirContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "DirContext") } } /** The class `javax.naming.directory.SearchControls` */ class TypeSearchControls extends Class { - TypeSearchControls() { this.hasQualifiedName("javax.naming.directory", "SearchControls") } + TypeSearchControls() { + this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "SearchControls") + } } /** The class `javax.naming.ldap.LdapName`. */ class TypeLdapName extends Class { - TypeLdapName() { this.hasQualifiedName("javax.naming.ldap", "LdapName") } + TypeLdapName() { this.hasQualifiedName(javaxOrJakarta() + ".naming.ldap", "LdapName") } } /*--- Methods ---*/ diff --git a/java/ql/lib/semmle/code/java/frameworks/Mail.qll b/java/ql/lib/semmle/code/java/frameworks/Mail.qll index c61e5ae34f9..b99220c1737 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mail.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mail.qll @@ -8,7 +8,7 @@ import java * The class `javax.mail.Session` or `jakarta.mail.Session`. */ class MailSession extends Class { - MailSession() { this.hasQualifiedName(["javax.mail", "jakarta.mail"], "Session") } + MailSession() { this.hasQualifiedName(javaxOrJakarta() + ".mail", "Session") } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/Networking.qll b/java/ql/lib/semmle/code/java/frameworks/Networking.qll index 6eeb5aa9024..21df7ae7f8d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Networking.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Networking.qll @@ -20,7 +20,7 @@ class TypeSocket extends RefType { /** The type `javax.net.SocketFactory` */ class TypeSocketFactory extends RefType { - TypeSocketFactory() { this.hasQualifiedName("javax.net", "SocketFactory") } + TypeSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net", "SocketFactory") } } /** The type `java.net.URL`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll index 7d7beb74fc3..826636ce073 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll @@ -12,7 +12,7 @@ import semmle.code.java.Type */ class ServletRequest extends RefType { ServletRequest() { - this.hasQualifiedName("javax.servlet", "ServletRequest") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or this instanceof HttpServletRequest } } @@ -21,7 +21,9 @@ class ServletRequest extends RefType { * The interface `javax.servlet.http.HttpServletRequest`. */ class HttpServletRequest extends RefType { - HttpServletRequest() { this.hasQualifiedName("javax.servlet.http", "HttpServletRequest") } + HttpServletRequest() { + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletRequest") + } } /** @@ -168,7 +170,7 @@ class ServletRequestGetBodyMethod extends Method { */ class ServletResponse extends RefType { ServletResponse() { - this.hasQualifiedName("javax.servlet", "ServletResponse") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or this instanceof HttpServletResponse } } @@ -177,7 +179,9 @@ class ServletResponse extends RefType { * The interface `javax.servlet.http.HttpServletResponse`. */ class HttpServletResponse extends RefType { - HttpServletResponse() { this.hasQualifiedName("javax.servlet.http", "HttpServletResponse") } + HttpServletResponse() { + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse") + } } /** @@ -239,7 +243,7 @@ class ServletResponseGetOutputStreamMethod extends Method { /** The class `javax.servlet.http.Cookie`. */ class TypeCookie extends Class { - TypeCookie() { this.hasQualifiedName("javax.servlet.http", "Cookie") } + TypeCookie() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") } } /** @@ -331,7 +335,7 @@ class ResponseSetContentTypeMethod extends Method { * A class that has `javax.servlet.Servlet` as an ancestor. */ class ServletClass extends Class { - ServletClass() { this.getAnAncestor().hasQualifiedName("javax.servlet", "Servlet") } + ServletClass() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Servlet") } } /** @@ -342,13 +346,13 @@ class ServletClass extends Class { */ class ServletWebXmlListenerType extends RefType { ServletWebXmlListenerType() { - this.hasQualifiedName("javax.servlet", "ServletContextAttributeListener") or - this.hasQualifiedName("javax.servlet", "ServletContextListener") or - this.hasQualifiedName("javax.servlet", "ServletRequestAttributeListener") or - this.hasQualifiedName("javax.servlet", "ServletRequestListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionAttributeListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionIdListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionListener") + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionIdListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionListener") // Listeners that are not configured in `web.xml`: // - `HttpSessionActivationListener` // - `HttpSessionBindingListener` @@ -373,8 +377,8 @@ predicate isRequestGetParamMethod(MethodCall ma) { /** The Java EE RequestDispatcher. */ class RequestDispatcher extends RefType { RequestDispatcher() { - this.hasQualifiedName(["javax.servlet", "jakarta.servlet"], "RequestDispatcher") or - this.hasQualifiedName("javax.portlet", "PortletRequestDispatcher") + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "RequestDispatcher") or + this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher") } } @@ -398,7 +402,7 @@ class RequestDispatchMethod extends Method { * The interface `javax.servlet.ServletContext`. */ class ServletContext extends RefType { - ServletContext() { this.hasQualifiedName("javax.servlet", "ServletContext") } + ServletContext() { this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContext") } } /** The `getResource` method of `ServletContext`. */ @@ -419,5 +423,5 @@ class GetServletResourceAsStreamMethod extends Method { /** The interface `javax.servlet.http.HttpSession` */ class HttpServletSession extends RefType { - HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") } + HttpServletSession() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll index 2f749962e94..285bd7fd670 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll @@ -61,7 +61,7 @@ class FacesAccessibleType extends RefType { class FacesComponent extends Class { FacesComponent() { // Must extend UIComponent for it to be a valid component. - this.getAnAncestor().hasQualifiedName("javax.faces.component", "UIComponent") and + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".faces.component", "UIComponent") and ( // Must be registered using either an annotation exists(FacesComponentAnnotation componentAnnotation | diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index b5031d7dff0..a6cedcc3fee 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -9,7 +9,7 @@ import java /** * Gets a JavaEE Persistence API package name. */ -string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } +string getAPersistencePackageName() { result = javaxOrJakarta() + ".persistence" } /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll index 222b778ba58..6943c8023d4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll @@ -33,7 +33,7 @@ private class ValidatorConfig extends TransformerConfig { /** The class `javax.xml.validation.Validator`. */ private class Validator extends RefType { - Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") } + Validator() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "Validator") } } /** A safely configured `Validator`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll index a866d84df21..efbd0c0b1eb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll @@ -64,7 +64,7 @@ class SessionEjb extends EJB { result = this.getASupertype() and not result.hasQualifiedName("java.io", "Serializable") and not result.hasQualifiedName("java.io", "Externalizable") and - not result.getPackage().getName() = "javax.ejb" + not result.getPackage().getName() = javaxOrJakarta() + ".ejb" } /** Any remote interfaces of this EJB. */ @@ -216,14 +216,14 @@ abstract class BusinessInterfaceAnnotation extends EjbInterfaceAnnotation { } * An instance of a `@Remote` annotation. */ class RemoteAnnotation extends BusinessInterfaceAnnotation { - RemoteAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remote") } + RemoteAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remote") } } /** * An instance of a `@Local` annotation. */ class LocalAnnotation extends BusinessInterfaceAnnotation { - LocalAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Local") } + LocalAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Local") } } /** @@ -330,7 +330,7 @@ class LocalAnnotatedBusinessInterface extends AnnotatedBusinessInterface { * A `@javax.ejb.Init` annotation. */ class InitAnnotation extends Annotation { - InitAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Init") } + InitAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Init") } } /** @@ -383,14 +383,16 @@ abstract class HomeAnnotation extends EjbInterfaceAnnotation { } * An instance of a `@RemoteHome` annotation. */ class RemoteHomeAnnotation extends HomeAnnotation { - RemoteHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "RemoteHome") } + RemoteHomeAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "RemoteHome") + } } /** * An instance of a `@LocalHome` annotation. */ class LocalHomeAnnotation extends HomeAnnotation { - LocalHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalHome") } + LocalHomeAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalHome") } } /** @@ -748,7 +750,9 @@ Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfa * A `@javax.ejb.AccessTimeout` annotation. */ class AccessTimeoutAnnotation extends Annotation { - AccessTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AccessTimeout") } + AccessTimeoutAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AccessTimeout") + } } /** @@ -756,7 +760,7 @@ class AccessTimeoutAnnotation extends Annotation { */ class ActivationConfigPropertyAnnotation extends Annotation { ActivationConfigPropertyAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ActivationConfigProperty") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ActivationConfigProperty") } } @@ -764,14 +768,18 @@ class ActivationConfigPropertyAnnotation extends Annotation { * A `@javax.ejb.AfterBegin` annotation. */ class AfterBeginAnnotation extends Annotation { - AfterBeginAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterBegin") } + AfterBeginAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterBegin") + } } /** * A `@javax.ejb.AfterCompletion` annotation. */ class AfterCompletionAnnotation extends Annotation { - AfterCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterCompletion") } + AfterCompletionAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterCompletion") + } } /** @@ -779,7 +787,7 @@ class AfterCompletionAnnotation extends Annotation { */ class ApplicationExceptionAnnotation extends Annotation { ApplicationExceptionAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ApplicationException") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ApplicationException") } } @@ -787,14 +795,18 @@ class ApplicationExceptionAnnotation extends Annotation { * A `@javax.ejb.Asynchronous` annotation. */ class AsynchronousAnnotation extends Annotation { - AsynchronousAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Asynchronous") } + AsynchronousAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Asynchronous") + } } /** * A `@javax.ejb.BeforeCompletion` annotation. */ class BeforeCompletionAnnotation extends Annotation { - BeforeCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "BeforeCompletion") } + BeforeCompletionAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "BeforeCompletion") + } } /** @@ -802,7 +814,7 @@ class BeforeCompletionAnnotation extends Annotation { */ class ConcurrencyManagementAnnotation extends Annotation { ConcurrencyManagementAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ConcurrencyManagement") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ConcurrencyManagement") } } @@ -810,119 +822,127 @@ class ConcurrencyManagementAnnotation extends Annotation { * A `@javax.ejb.DependsOn` annotation. */ class DependsOnAnnotation extends Annotation { - DependsOnAnnotation() { this.getType().hasQualifiedName("javax.ejb", "DependsOn") } + DependsOnAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "DependsOn") } } /** * A `@javax.ejb.EJB` annotation. */ class EjbAnnotation extends Annotation { - EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") } + EjbAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJB") } } /** * A `@javax.ejb.EJBs` annotation. */ class EJBsAnnotation extends Annotation { - EJBsAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJBs") } + EJBsAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBs") } } /** * A `@javax.ejb.LocalBean` annotation. */ class LocalBeanAnnotation extends Annotation { - LocalBeanAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalBean") } + LocalBeanAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalBean") } } /** * A `@javax.ejb.Lock` annotation. */ class LockAnnotation extends Annotation { - LockAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Lock") } + LockAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Lock") } } /** * A `@javax.ejb.MessageDriven` annotation. */ class MessageDrivenAnnotation extends Annotation { - MessageDrivenAnnotation() { this.getType().hasQualifiedName("javax.ejb", "MessageDriven") } + MessageDrivenAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDriven") + } } /** * A `@javax.ejb.PostActivate` annotation. */ class PostActivateAnnotation extends Annotation { - PostActivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PostActivate") } + PostActivateAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PostActivate") + } } /** * A `@javax.ejb.PrePassivate` annotation. */ class PrePassivateAnnotation extends Annotation { - PrePassivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PrePassivate") } + PrePassivateAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PrePassivate") + } } /** * A `@javax.ejb.Remove` annotation. */ class RemoveAnnotation extends Annotation { - RemoveAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remove") } + RemoveAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remove") } } /** * A `@javax.ejb.Schedule` annotation. */ class ScheduleAnnotation extends Annotation { - ScheduleAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedule") } + ScheduleAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedule") } } /** * A `@javax.ejb.Schedules` annotation. */ class SchedulesAnnotation extends Annotation { - SchedulesAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedules") } + SchedulesAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedules") } } /** * A `@javax.ejb.Singleton` annotation. */ class SingletonAnnotation extends Annotation { - SingletonAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Singleton") } + SingletonAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Singleton") } } /** * A `@javax.ejb.Startup` annotation. */ class StartupAnnotation extends Annotation { - StartupAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Startup") } + StartupAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Startup") } } /** * A `@javax.ejb.Stateful` annotation. */ class StatefulAnnotation extends Annotation { - StatefulAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateful") } + StatefulAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateful") } } /** * A `@javax.ejb.StatefulTimeout` annotation. */ class StatefulTimeoutAnnotation extends Annotation { - StatefulTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "StatefulTimeout") } + StatefulTimeoutAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "StatefulTimeout") + } } /** * A `@javax.ejb.Stateless` annotation. */ class StatelessAnnotation extends Annotation { - StatelessAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateless") } + StatelessAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateless") } } /** * A `@javax.ejb.Timeout` annotation. */ class TimeoutAnnotation extends Annotation { - TimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Timeout") } + TimeoutAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Timeout") } } /** @@ -930,7 +950,7 @@ class TimeoutAnnotation extends Annotation { */ class TransactionAttributeAnnotation extends Annotation { TransactionAttributeAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "TransactionAttribute") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttribute") } } @@ -939,7 +959,7 @@ class TransactionAttributeAnnotation extends Annotation { */ class TransactionManagementAnnotation extends Annotation { TransactionManagementAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "TransactionManagement") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionManagement") } } @@ -951,7 +971,10 @@ class RequiredTransactionAttributeAnnotation extends TransactionAttributeAnnotat RequiredTransactionAttributeAnnotation() { exists(FieldRead fr | this.getValue("value") = fr and - fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and + fr.getField() + .getType() + .(RefType) + .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and fr.getField().getName() = "REQUIRED" ) } @@ -965,7 +988,10 @@ class RequiresNewTransactionAttributeAnnotation extends TransactionAttributeAnno RequiresNewTransactionAttributeAnnotation() { exists(FieldRead fr | this.getValue("value") = fr and - fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and + fr.getField() + .getType() + .(RefType) + .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and fr.getField().getName() = "REQUIRES_NEW" ) } @@ -999,7 +1025,9 @@ TransactionAttributeAnnotation getInnermostTransactionAttributeAnnotation(Method */ class SetRollbackOnlyMethod extends Method { SetRollbackOnlyMethod() { - this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.ejb", "EJBContext") and + this.getDeclaringType() + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBContext") and this.getName() = "setRollbackOnly" and this.hasNoParameters() } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll index 10b6e7f3df2..47872816825 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll @@ -159,8 +159,8 @@ class GraphicsPackage extends Package { GraphicsPackage() { this.getName() = "java.awt" or this.getName().matches("java.awt.%") or - this.getName() = "javax.swing" or - this.getName().matches("javax.swing.%") + this.getName() = javaxOrJakarta() + ".swing" or + this.getName().matches(javaxOrJakarta() + ".swing.%") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll index 3338fa840ab..f62d9e50b68 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll @@ -9,7 +9,7 @@ import default */ class FacesManagedBeanAnnotation extends Annotation { FacesManagedBeanAnnotation() { - this.getType().hasQualifiedName("javax.faces.bean", "ManagedBean") + this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.bean", "ManagedBean") } /** @@ -25,7 +25,7 @@ class FacesManagedBeanAnnotation extends Annotation { */ class FacesComponentAnnotation extends Annotation { FacesComponentAnnotation() { - this.getType().hasQualifiedName("javax.faces.component", "FacesComponent") + this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.component", "FacesComponent") } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll index df646e8a9a2..21f8fba6785 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll @@ -8,9 +8,7 @@ import java * The JSF class `FacesContext` for processing HTTP requests. */ class FacesContext extends RefType { - FacesContext() { - this.hasQualifiedName(["javax.faces.context", "jakarta.faces.context"], "FacesContext") - } + FacesContext() { this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "FacesContext") } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll index e758811b368..970870f9503 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll @@ -14,7 +14,7 @@ import SpringComponentScan predicate hasInjectAnnotation(Annotatable a) { a.hasAnnotation("org.springframework.beans.factory.annotation", "Autowired") or a.getAnAnnotation() instanceof SpringResourceAnnotation or - a.hasAnnotation("javax.inject", "Inject") + a.hasAnnotation(javaxOrJakarta() + ".inject", "Inject") } /** @@ -292,7 +292,7 @@ class SpringBeanAutowiredField extends Field { class SpringQualifierAnnotationType extends AnnotationType { SpringQualifierAnnotationType() { this.hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or - this.hasQualifiedName("javax.inject", "Qualifier") or + this.hasQualifiedName(javaxOrJakarta() + ".inject", "Qualifier") or this.getAnAnnotation().getType() instanceof SpringQualifierAnnotationType } } @@ -340,7 +340,9 @@ class SpringQualifierAnnotation extends Annotation { * autowired by Spring, and can optionally specify a qualifier in the "name". */ class SpringResourceAnnotation extends Annotation { - SpringResourceAnnotation() { this.getType().hasQualifiedName("javax.inject", "Resource") } + SpringResourceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".inject", "Resource") + } /** * Gets the specified name value, if any. diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll index a444dc96d5a..a26e4edc277 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll @@ -210,10 +210,22 @@ class SpringRequestMappingParameter extends Parameter { predicate isNotDirectlyTaintedInput() { this.getType().(RefType).getAnAncestor() instanceof SpringWebRequest or this.getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "PushBuilder") or this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or this.getType() .(RefType) diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll index 1c99821386d..9f04aff7e40 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll @@ -23,7 +23,9 @@ private class CookieCleartextStorageSink extends CleartextStorageSink { /** The instantiation of a cookie, which can act as storage. */ class Cookie extends Storable, ClassInstanceExpr { Cookie() { - this.getConstructor().getDeclaringType().hasQualifiedName("javax.servlet.http", "Cookie") + this.getConstructor() + .getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") } /** Gets an input, for example `input` in `new Cookie("...", input);`. */ @@ -42,7 +44,8 @@ private predicate cookieStore(DataFlow::Node cookie, Expr store) { exists(MethodCall m, Method def | m.getMethod() = def and def.getName() = "addCookie" and - def.getDeclaringType().hasQualifiedName("javax.servlet.http", "HttpServletResponse") and + def.getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse") and store = m and cookie.asExpr() = m.getAnArgument() ) diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index b948a94962c..b0a0fc72df7 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -9,6 +9,7 @@ import java class SslClass extends RefType { SslClass() { exists(Class c | this.getAnAncestor() = c | + // Note there are no jakarta equivalents of these classes. c.hasQualifiedName("javax.net.ssl", _) or c.hasQualifiedName("javax.rmi.ssl", _) ) diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index e1c840ce264..88fb540e83b 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -25,7 +25,7 @@ class SetMessageInterpolatorCall extends MethodCall { this.getMethod() = m and m.getDeclaringType().getASourceSupertype*() = t and ( - t.hasQualifiedName("javax.validation", ["Configuration", "ValidatorContext"]) and + t.hasQualifiedName(javaxOrJakarta() + ".validation", ["Configuration", "ValidatorContext"]) and m.getName() = "messageInterpolator" or t.hasQualifiedName("org.springframework.validation.beanvalidation", diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index 0d52d480ae7..b094346b753 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -127,7 +127,7 @@ class XssVulnerableWriterSource extends MethodCall { ) or exists(Method m | m = this.getMethod() | - m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut") + m.hasQualifiedName(javaxOrJakarta() + ".servlet.jsp", "JspContext", "getOut") ) or this.getMethod() instanceof FacesGetResponseWriterMethod diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index 8bb2a015a14..bd1520034eb 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -62,12 +62,14 @@ abstract class ParserConfig extends MethodCall { /** The class `javax.xml.parsers.DocumentBuilderFactory`. */ class DocumentBuilderFactory extends RefType { - DocumentBuilderFactory() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilderFactory") } + DocumentBuilderFactory() { + this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilderFactory") + } } /** The class `javax.xml.parsers.DocumentBuilder`. */ class DocumentBuilder extends RefType { - DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") } + DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") } } /** A call to `DocumentBuilder.parse`. */ @@ -174,7 +176,7 @@ class SafeDocumentBuilder extends DocumentBuilderConstruction { /** The class `javax.xml.stream.XMLInputFactory`. */ class XmlInputFactory extends RefType { - XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") } + XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") } } /** A call to `XMLInputFactory.createXMLStreamReader`. */ @@ -243,7 +245,8 @@ class XmlInputFactoryConfig extends ParserConfig { * An `XmlInputFactory` specific expression that indicates whether parsing external entities is supported. */ Expr configOptionIsSupportingExternalEntities() { - result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.isSupportingExternalEntities" + result.(ConstantStringExpr).getStringValue() = + javaxOrJakarta() + ".xml.stream.isSupportingExternalEntities" or exists(Field f | result = f.getAnAccess() and @@ -256,7 +259,7 @@ Expr configOptionIsSupportingExternalEntities() { * An `XmlInputFactory` specific expression that indicates whether DTD is supported. */ Expr configOptionSupportDtd() { - result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD" + result.(ConstantStringExpr).getStringValue() = javaxOrJakarta() + ".xml.stream.supportDTD" or exists(Field f | result = f.getAnAccess() and @@ -357,12 +360,14 @@ class SafeSaxBuilder extends VarAccess { * The class `javax.xml.parsers.SAXParser`. */ class SaxParser extends RefType { - SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") } + SaxParser() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParser") } } /** The class `javax.xml.parsers.SAXParserFactory`. */ class SaxParserFactory extends RefType { - SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") } + SaxParserFactory() { + this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParserFactory") + } } /** A call to `SAXParser.parse`. */ @@ -635,7 +640,7 @@ class CreatedSafeXmlReader extends Call { /** The class `javax.xml.transform.sax.SAXSource` */ class SaxSource extends RefType { - SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") } + SaxSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXSource") } } /** A call to the constructor of `SAXSource` with `XmlReader` and `InputSource`. */ @@ -697,7 +702,7 @@ abstract class TransformerConfig extends MethodCall { /** The class `javax.xml.XMLConstants`. */ class XmlConstants extends RefType { - XmlConstants() { this.hasQualifiedName("javax.xml", "XMLConstants") } + XmlConstants() { this.hasQualifiedName(javaxOrJakarta() + ".xml", "XMLConstants") } } /** A configuration specific for transformers and schema. */ @@ -739,14 +744,14 @@ Expr configAccessExternalSchema() { /** The class `javax.xml.transform.TransformerFactory` or `javax.xml.transform.sax.SAXTransformerFactory`. */ class TransformerFactory extends RefType { TransformerFactory() { - this.hasQualifiedName("javax.xml.transform", "TransformerFactory") or - this.hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") + this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "TransformerFactory") or + this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory") } } /** The class `javax.xml.transform.Transformer`. */ class Transformer extends RefType { - Transformer() { this.hasQualifiedName("javax.xml.transform", "Transformer") } + Transformer() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Transformer") } } /** A call to `Transformer.transform`. */ @@ -843,7 +848,8 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall { SaxTransformerFactoryNewXmlFilter() { exists(Method m | this.getMethod() = m and - m.getDeclaringType().hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") and + m.getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory") and m.hasName("newXMLFilter") ) } @@ -858,7 +864,7 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall { /* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */ /** The class `javax.xml.validation.SchemaFactory`. */ class SchemaFactory extends RefType { - SchemaFactory() { this.hasQualifiedName("javax.xml.validation", "SchemaFactory") } + SchemaFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "SchemaFactory") } } /** A `ParserConfig` specific to `SchemaFactory`. */ @@ -913,7 +919,7 @@ class SafeSchemaFactory extends VarAccess { /* Unmarshaller: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller */ /** The class `javax.xml.bind.Unmarshaller`. */ class XmlUnmarshaller extends RefType { - XmlUnmarshaller() { this.hasQualifiedName("javax.xml.bind", "Unmarshaller") } + XmlUnmarshaller() { this.hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Unmarshaller") } } /** A call to `Unmarshaller.unmarshal`. */ @@ -934,12 +940,12 @@ class XmlUnmarshal extends XmlParserCall { /* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */ /** The interface `javax.xml.xpath.XPathExpression`. */ class XPathExpression extends Interface { - XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") } + XPathExpression() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPathExpression") } } /** The interface `java.xml.xpath.XPath`. */ class XPath extends Interface { - XPath() { this.hasQualifiedName("javax.xml.xpath", "XPath") } + XPath() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPath") } } /** A call to the method `evaluate` of the classes `XPathExpression` or `XPath`. */ diff --git a/java/ql/lib/semmle/code/java/security/XsltInjection.qll b/java/ql/lib/semmle/code/java/security/XsltInjection.qll index d54e9206644..a6b18e1518f 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll @@ -163,17 +163,17 @@ private predicate xsltPackageStep(DataFlow::Node n1, DataFlow::Node n2) { /** The class `javax.xml.transform.stax.StAXSource`. */ private class TypeStAXSource extends Class { - TypeStAXSource() { this.hasQualifiedName("javax.xml.transform.stax", "StAXSource") } + TypeStAXSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.stax", "StAXSource") } } /** The class `javax.xml.transform.dom.DOMSource`. */ private class TypeDomSource extends Class { - TypeDomSource() { this.hasQualifiedName("javax.xml.transform.dom", "DOMSource") } + TypeDomSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.dom", "DOMSource") } } /** The interface `javax.xml.transform.Templates`. */ private class TypeTemplates extends Interface { - TypeTemplates() { this.hasQualifiedName("javax.xml.transform", "Templates") } + TypeTemplates() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Templates") } } /** The class `net.sf.saxon.s9api.XsltCompiler`. */ @@ -205,7 +205,7 @@ private class DocumentBuilderParse extends MethodCall { /** The class `javax.xml.parsers.DocumentBuilder`. */ private class DocumentBuilder extends RefType { - DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") } + DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") } } /** A call to `XMLInputFactory.createXMLStreamReader`. */ @@ -232,5 +232,5 @@ private class XmlInputFactoryEventReader extends MethodCall { /** The class `javax.xml.stream.XMLInputFactory`. */ private class XmlInputFactory extends RefType { - XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") } + XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") } } diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index a7307229a49..20585a7e1cc 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.10.7 + +No user-facing changes. + ## 1.10.6 No user-facing changes. diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql index 6a2db4b695f..34fd190ccf1 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql @@ -19,7 +19,7 @@ class Adapter extends Class { this.getName().matches("%Adapter") and ( this.getPackage().hasName("java.awt.event") or - this.getPackage().hasName("javax.swing.event") + this.getPackage().hasName(javaxOrJakarta() + ".swing.event") ) } } diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql index 8d49cf1d59e..623470aefc1 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql @@ -15,7 +15,12 @@ import java from MethodCall ma, Method m, MainMethod main where - ma.getQualifier().getType().getCompilationUnit().getPackage().getName().matches("javax.swing%") and + ma.getQualifier() + .getType() + .getCompilationUnit() + .getPackage() + .getName() + .matches(javaxOrJakarta() + ".swing%") and ( m.hasName("show") and m.hasNoParameters() or diff --git a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql index 494e851a533..afa08fb6928 100644 --- a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +++ b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql @@ -77,7 +77,9 @@ module MatchesHttpOnlyToRawHeaderFlow = TaintTracking::Global #include -#include "tools/cpp/runfiles/runfiles.h" +#include "rules_cc/cc/runfiles/runfiles.h" -using bazel::tools::cpp::runfiles::Runfiles; +using rules_cc::cc::runfiles::Runfiles; using namespace std::string_literals; namespace fs = std::filesystem; diff --git a/misc/bazel/registry/fix.py b/misc/bazel/registry/fix.py index 863c832be59..57a2bf3b3f9 100755 --- a/misc/bazel/registry/fix.py +++ b/misc/bazel/registry/fix.py @@ -62,10 +62,10 @@ for entry in this_dir.joinpath("modules").iterdir(): patch_json( version / "source.json", patches={ - p.name: sha256(p) for p in patches.iterdir() + p.name: sha256(p) for p in sorted(patches.iterdir()) } if patches.is_dir() else None, patch_strip=1 if patches.is_dir() else None, overlay={ - o.name: sha256(o) for o in overlay.iterdir() + o.name: sha256(o) for o in sorted(overlay.iterdir()) } if overlay.is_dir() else None, ) diff --git a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/source.json b/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/source.json deleted file mode 100644 index bfa243b5a22..00000000000 --- a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/source.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "integrity": "sha256-4STROYYIW8ChW+LIXBQVurVwhEK3jSSf4iv430OlNA0=", - "url": "https://github.com/bazelbuild/rules_kotlin/releases/download/v2.2.0/rules_kotlin-v2.2.0.tar.gz", - "patches": { - "codeql_do_not_emit_jdeps.patch": "sha256-gIlhXEY71vlCkpr5wj2vm3yv6RwcuKLhgbTGqdVvQfU=", - "codeql_add_language_version_option.patch": "sha256-HoH8NWXxmYHmm/SxaugRdXgMntvcQx5gRLW2yQIvWhM=" - }, - "patch_strip": 1 -} diff --git a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/MODULE.bazel b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/MODULE.bazel similarity index 86% rename from misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/MODULE.bazel rename to misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/MODULE.bazel index df66ce2051a..ec37914a8f7 100644 --- a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/MODULE.bazel +++ b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/MODULE.bazel @@ -1,19 +1,21 @@ module( name = "rules_kotlin", - version = "2.2.0-codeql.1", + version = "2.2.2-codeql.1", compatibility_level = 1, repo_name = "rules_kotlin", ) bazel_dep(name = "platforms", version = "0.0.11") bazel_dep(name = "bazel_skylib", version = "1.7.1") -bazel_dep(name = "rules_java", version = "7.2.0") +bazel_dep(name = "rules_java", version = "8.9.0") bazel_dep(name = "rules_android", version = "0.6.4") bazel_dep(name = "bazel_features", version = "1.25.0") bazel_dep(name = "protobuf", version = "29.0", repo_name = "com_google_protobuf") bazel_dep(name = "rules_proto", version = "6.0.2", repo_name = "rules_proto") bazel_dep(name = "abseil-py", version = "2.1.0", repo_name = "py_absl") bazel_dep(name = "rules_cc", version = "0.0.16") +bazel_dep(name = "bazel_worker_api", version = "0.0.8") +bazel_dep(name = "bazel_worker_java", version = "0.0.8") rules_java_toolchains = use_extension("@rules_java//java:extensions.bzl", "toolchains") use_repo(rules_java_toolchains, "remote_java_tools") diff --git a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_add_language_version_option.patch b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/patches/codeql_add_language_version_option.patch similarity index 100% rename from misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_add_language_version_option.patch rename to misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/patches/codeql_add_language_version_option.patch diff --git a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_do_not_emit_jdeps.patch b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/patches/codeql_do_not_emit_jdeps.patch similarity index 93% rename from misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_do_not_emit_jdeps.patch rename to misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/patches/codeql_do_not_emit_jdeps.patch index e6b71ab0c4f..838750ba12e 100644 --- a/misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_do_not_emit_jdeps.patch +++ b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/patches/codeql_do_not_emit_jdeps.patch @@ -1,6 +1,7 @@ Emitting jdeps is broken for the 2.0.0 kotlin extractor, and we don't need those files. Patching it here rather than passing `--@rules_kotlin//kotlin/settings:jvm_emit_jdeps=false` -allows us to not have to specify that option (and therefore pull in `rules_kotlin`) in `semmle-code`. +allows us to not have to specify that option (and therefore pull in `rules_kotlin`) in the +internal repo. --- a/kotlin/settings/BUILD.bazel +++ b/kotlin/settings/BUILD.bazel @@ -16,6 +16,6 @@ release_archive( diff --git a/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/source.json b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/source.json new file mode 100644 index 00000000000..7025fb00a27 --- /dev/null +++ b/misc/bazel/registry/modules/rules_kotlin/2.2.2-codeql.1/source.json @@ -0,0 +1,9 @@ +{ + "integrity": "sha256-QR2yavs0ksyDUbW1NJkxUir+LFTyZRttEncwoSVtD2A=", + "url": "https://github.com/bazelbuild/rules_kotlin/releases/download/v2.2.2/rules_kotlin-v2.2.2.tar.gz", + "patches": { + "codeql_add_language_version_option.patch": "sha256-HoH8NWXxmYHmm/SxaugRdXgMntvcQx5gRLW2yQIvWhM=", + "codeql_do_not_emit_jdeps.patch": "sha256-cg06knW+Eq13qHCaelbnZka/WnGPvRrcqXHtpXsy/rA=" + }, + "patch_strip": 1 +} diff --git a/misc/bazel/registry/modules/rules_kotlin/metadata.json b/misc/bazel/registry/modules/rules_kotlin/metadata.json index 3609865f4d5..ea756f78364 100644 --- a/misc/bazel/registry/modules/rules_kotlin/metadata.json +++ b/misc/bazel/registry/modules/rules_kotlin/metadata.json @@ -21,7 +21,7 @@ "github:bazelbuild/rules_kotlin" ], "versions": [ - "2.2.0-codeql.1", + "2.2.2-codeql.1" ], "yanked_versions": {} } diff --git a/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/MODULE.bazel b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/MODULE.bazel new file mode 100644 index 00000000000..aedc5a8a242 --- /dev/null +++ b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/MODULE.bazel @@ -0,0 +1,151 @@ +"""bazelbuild/rules_rust""" + +module( + name = "rules_rust", + version = "0.68.1.codeql.1", +) + +############################################################################### +## Core +############################################################################### + +bazel_dep(name = "bazel_features", version = "1.32.0") +bazel_dep(name = "bazel_skylib", version = "1.8.2") +bazel_dep(name = "platforms", version = "1.0.0") +bazel_dep(name = "rules_cc", version = "0.2.4") +bazel_dep(name = "rules_license", version = "1.0.0") +bazel_dep(name = "rules_shell", version = "0.6.1") +bazel_dep(name = "apple_support", version = "1.24.1", repo_name = "build_bazel_apple_support") + +internal_deps = use_extension("//rust/private:internal_extensions.bzl", "i") +use_repo( + internal_deps, + "rrra", + "rrra__anyhow-1.0.71", + "rrra__camino-1.1.9", + "rrra__clap-4.3.11", + "rrra__env_logger-0.10.0", + "rrra__itertools-0.11.0", + "rrra__log-0.4.19", + "rrra__serde-1.0.171", + "rrra__serde_json-1.0.102", + "rules_rust_tinyjson", +) + +cargo_internal_deps = use_extension("//cargo/private:internal_extensions.bzl", "i") +use_repo( + cargo_internal_deps, + "rrc", + "rrc__cargo-util-schemas-0.3.1", + "rrc__cargo_toml-0.20.5", + "rrc__pathdiff-0.1.0", + "rrc__semver-1.0.25", + "rrc__toml-0.8.20", +) + +rust = use_extension("//rust:extensions.bzl", "rust") +rust.toolchain(edition = "2021") +use_repo(rust, "rust_toolchains") + +register_toolchains( + "@rust_toolchains//:all", +) + +rust_host_tools = use_extension("//rust:extensions.bzl", "rust_host_tools") +rust_host_tools.host_tools( + name = "rust_host_tools", +) +use_repo( + rust_host_tools, + "rust_host_tools", +) + +rust_test = use_extension("//test:test_extensions.bzl", "rust_test", dev_dependency = True) +use_repo( + rust_test, + "buildkite_config", + "generated_inputs_in_external_repo", + "libc", + "rtra", + "rtra__serde-1.0.228", + "rtra__serde_json-1.0.145", + "rtvsc", + "rtvsc__serde-1.0.228", + "rtvsc__serde_json-1.0.145", + "rules_rust_test_load_arbitrary_tool", + "rules_rust_toolchain_test_target_json", +) + +bazel_dep(name = "rules_python", version = "0.40.0", dev_dependency = True) +bazel_dep(name = "rules_testing", version = "0.7.0", dev_dependency = True) +bazel_dep(name = "bazel_ci_rules", version = "1.0.0", dev_dependency = True) + +############################################################################### +## Crate Universe +############################################################################### + +crate_universe_internal_deps = use_extension( + "//crate_universe/private:internal_extensions.bzl", + "cu", +) +use_repo( + crate_universe_internal_deps, + "cargo_bazel.buildifier-darwin-amd64", + "cargo_bazel.buildifier-darwin-arm64", + "cargo_bazel.buildifier-linux-amd64", + "cargo_bazel.buildifier-linux-arm64", + "cargo_bazel.buildifier-windows-amd64.exe", + "cui", + "cui__anyhow-1.0.98", + "cui__camino-1.1.9", + "cui__cargo-lock-10.1.0", + "cui__cargo-platform-0.1.9", + "cui__cargo_metadata-0.19.2", + "cui__cargo_toml-0.22.1", + "cui__cfg-expr-0.18.0", + "cui__clap-4.5.37", + "cui__crates-index-3.7.0", + "cui__glob-0.3.2", + "cui__hex-0.4.3", + "cui__indoc-2.0.6", + "cui__itertools-0.14.0", + "cui__maplit-1.0.2", + "cui__normpath-1.3.0", + "cui__once_cell-1.21.3", + "cui__pathdiff-0.2.3", + "cui__regex-1.11.1", + "cui__semver-1.0.26", + "cui__serde-1.0.219", + "cui__serde_json-1.0.140", + "cui__serde_starlark-0.1.17", + "cui__sha2-0.10.8", + "cui__spdx-0.10.8", + "cui__tempfile-3.19.1", + "cui__tera-1.20.0", + "cui__textwrap-0.16.2", + "cui__toml-0.8.21", + "cui__tracing-0.1.41", + "cui__tracing-subscriber-0.3.19", + "cui__url-2.5.4", + "cui__walkdir-2.5.0", +) + +crate_universe_internal_non_repro_deps = use_extension( + "//crate_universe/private:internal_extensions.bzl", + "cu_nr", +) +use_repo( + crate_universe_internal_non_repro_deps, + "cargo_bazel_bootstrap", +) + +crate_universe_internal_dev_deps = use_extension( + "//crate_universe/private:internal_extensions.bzl", + "cu_dev", + dev_dependency = True, +) +use_repo( + crate_universe_internal_dev_deps, + "cross_rs", + "cross_rs_host_bin", +) diff --git a/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/patches/include_rmeta_in_stdlib.patch b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/patches/include_rmeta_in_stdlib.patch new file mode 100644 index 00000000000..3707cb51b63 --- /dev/null +++ b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/patches/include_rmeta_in_stdlib.patch @@ -0,0 +1,12 @@ +diff --git a/rust/private/repository_utils.bzl b/rust/private/repository_utils.bzl +index 05b741947..f88074af6 100644 +--- a/rust/private/repository_utils.bzl ++++ b/rust/private/repository_utils.bzl +@@ -280,6 +280,7 @@ rust_stdlib_filegroup( + srcs = glob( + [ + "lib/rustlib/{target_triple}/lib/*.rlib", ++ "lib/rustlib/{target_triple}/lib/*.rmeta", + "lib/rustlib/{target_triple}/lib/*{dylib_ext}*", + "lib/rustlib/{target_triple}/lib/*{staticlib_ext}", + "lib/rustlib/{target_triple}/lib/self-contained/**", diff --git a/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/source.json b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/source.json new file mode 100644 index 00000000000..6048521ce2f --- /dev/null +++ b/misc/bazel/registry/modules/rules_rust/0.68.1.codeql.1/source.json @@ -0,0 +1,9 @@ +{ + "integrity": "sha256-yKqAbPYGZnmsI0YyQe6ArWkiZdrQRl9RERy74wuJA1I=", + "strip_prefix": "", + "url": "https://github.com/bazelbuild/rules_rust/releases/download/0.68.1/rules_rust-0.68.1.tar.gz", + "patches": { + "include_rmeta_in_stdlib.patch": "sha256-7n8XHpfkLUMEbRG6lKqdhLWydsWlRRG+Ywkxk6LvY9c=" + }, + "patch_strip": 1 +} diff --git a/misc/bazel/registry/modules/rules_rust/metadata.json b/misc/bazel/registry/modules/rules_rust/metadata.json new file mode 100644 index 00000000000..deffe6f6dfa --- /dev/null +++ b/misc/bazel/registry/modules/rules_rust/metadata.json @@ -0,0 +1,11 @@ +{ + "homepage": "https://github.com/bazelbuild/rules_rust", + "maintainers": [], + "repository": [ + "github:bazelbuild/rules_rust" + ], + "versions": [ + "0.68.1.codeql.1" + ], + "yanked_versions": {} +} diff --git a/misc/codegen/BUILD.bazel b/misc/codegen/BUILD.bazel index c7b88de96b7..90e9842a941 100644 --- a/misc/codegen/BUILD.bazel +++ b/misc/codegen/BUILD.bazel @@ -5,6 +5,9 @@ py_binary( srcs = ["codegen.py"], data = [ "//misc/codegen/templates:cpp", + "//misc/codegen/templates:dbscheme", + "//misc/codegen/templates:ql", + "//misc/codegen/templates:rust", "//misc/codegen/templates:trap", ], visibility = ["//visibility:public"], diff --git a/misc/codegen/templates/BUILD.bazel b/misc/codegen/templates/BUILD.bazel index a86346245af..9068cc7f66e 100644 --- a/misc/codegen/templates/BUILD.bazel +++ b/misc/codegen/templates/BUILD.bazel @@ -1,5 +1,10 @@ package(default_visibility = ["//misc/codegen:__subpackages__"]) +filegroup( + name = "dbscheme", + srcs = ["dbscheme.mustache"], +) + filegroup( name = "trap", srcs = glob(["trap_*.mustache"]), @@ -9,3 +14,13 @@ filegroup( name = "cpp", srcs = glob(["cpp_*.mustache"]), ) + +filegroup( + name = "ql", + srcs = glob(["ql_*.mustache"]), +) + +filegroup( + name = "rust", + srcs = glob(["rust_*.mustache"]), +) diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 0d796d32439..2a81d5f40ba 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.42.md b/misc/suite-helpers/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 28a63301e69..48e31175a00 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.42-dev +version: 1.0.43-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index a273dc2628b..76d2adf3a03 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 6.1.1 + +### Minor Analysis Improvements + +* Added request forgery sink models for the Azure SDK. +* Made it so that models-as-data sinks with the kind `request-forgery` contribute to the class `Http::Client::Request` which represents HTTP client requests. + +### Bug Fixes + +- Using `=` as a fill character in a format specifier (e.g `f"{x:=^20}"`) now no longer results in a syntax error during parsing. + ## 6.1.0 ### New Features diff --git a/python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md b/python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md deleted file mode 100644 index 283b703a438..00000000000 --- a/python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added request forgery sink models for the Azure SDK. -* Made it so that models-as-data sinks with the kind `request-forgery` contribute to the class `Http::Client::Request` which represents HTTP client requests. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2026-02-05-fix-format-fill-character-misparse.md b/python/ql/lib/change-notes/2026-02-05-fix-format-fill-character-misparse.md deleted file mode 100644 index 8c0bd18c4dc..00000000000 --- a/python/ql/lib/change-notes/2026-02-05-fix-format-fill-character-misparse.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- - -- Using `=` as a fill character in a format specifier (e.g `f"{x:=^20}"`) now no longer results in a syntax error during parsing. diff --git a/python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md b/python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md new file mode 100644 index 00000000000..c3b4194e7b8 --- /dev/null +++ b/python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added new full SSRF sanitization barrier from the new AntiSSRF library. \ No newline at end of file diff --git a/python/ql/lib/change-notes/released/6.1.1.md b/python/ql/lib/change-notes/released/6.1.1.md new file mode 100644 index 00000000000..ca4d1bf4684 --- /dev/null +++ b/python/ql/lib/change-notes/released/6.1.1.md @@ -0,0 +1,10 @@ +## 6.1.1 + +### Minor Analysis Improvements + +* Added request forgery sink models for the Azure SDK. +* Made it so that models-as-data sinks with the kind `request-forgery` contribute to the class `Http::Client::Request` which represents HTTP client requests. + +### Bug Fixes + +- Using `=` as a fill character in a format specifier (e.g `f"{x:=^20}"`) now no longer results in a syntax error during parsing. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 22247782f3e..54acf3e5e47 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.1.0 +lastReleaseVersion: 6.1.1 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 1ead7adb605..36b8813f8de 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 6.1.1-dev +version: 6.1.2-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll index 274e7ee57ad..3fb260e425d 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll @@ -176,4 +176,36 @@ module ServerSideRequestForgery { strNode = [call.getArg(0), call.getArgByName("string")] ) } + + /** A validation of a URI using the `AntiSSRF` library, considered as a full-ssrf sanitizer. */ + private class UriValidator extends FullUrlControlSanitizer { + UriValidator() { this = DataFlow::BarrierGuard::getABarrierNode() } + } + + import semmle.python.dataflow.new.internal.DataFlowPublic + + private predicate uri_validator(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) { + exists(DataFlow::CallCfgNode call, string funcs | + funcs in ["in_domain", "in_azure_keyvault_domain", "in_azure_storage_domain"] and + call = API::moduleImport("AntiSSRF").getMember("URIValidator").getMember(funcs).getACall() and + call.getArg(0).asCfgNode() = node + | + // validator call directly (e.g., if URIValidator.in_domain(...) ) + g = call.asCfgNode() and + branch = true + or + // validator used in a comparison + exists(Cmpop op, Node n, ControlFlowNode l | + n.getALocalSource() = call and g.(CompareNode).operands(n.asCfgNode(), op, l) + | + // validator == true or validator == false or validator is True or validator is False + (op instanceof Eq or op instanceof Is) and + branch = l.getNode().(BooleanLiteral).booleanValue() + or + // validator != false or validator != true or validator is not True or validator is not False + (op instanceof NotEq or op instanceof IsNot) and + branch = l.getNode().(BooleanLiteral).booleanValue().booleanNot() + ) + ) + } } diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 3f9a869decc..a68b2d3b8db 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.7 + +No user-facing changes. + ## 1.7.6 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.7.7.md b/python/ql/src/change-notes/released/1.7.7.md new file mode 100644 index 00000000000..e1a2f3e1d9a --- /dev/null +++ b/python/ql/src/change-notes/released/1.7.7.md @@ -0,0 +1,3 @@ +## 1.7.7 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 1f68518dba9..df4010bd267 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.6 +lastReleaseVersion: 1.7.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index e6de4a768bf..c6b7d29f631 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.7-dev +version: 1.7.8-dev groups: - python - queries diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected index 33970318461..7434eca6978 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.expected @@ -1,156 +1,263 @@ +#select +| full_partial_test.py:11:5:11:28 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:11:18:11:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:15:5:15:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:15:18:15:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:22:5:22:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:22:18:22:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:27:5:27:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:27:18:27:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:47:5:47:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:47:18:47:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:51:5:51:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:55:5:55:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:55:18:55:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:59:5:59:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:59:18:59:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:63:5:63:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:63:18:63:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:72:5:72:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:72:18:72:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:76:5:76:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:89:5:89:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:93:5:93:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:93:18:93:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:97:5:97:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:97:18:97:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:16:5:16:59 | ControlFlowNode for SecretClient() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:16:28:16:35 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:18:5:18:43 | ControlFlowNode for Attribute() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:18:35:18:42 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:20:5:20:35 | ControlFlowNode for KeyClient() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:20:15:20:22 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:22:5:22:85 | ControlFlowNode for Attribute() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:22:54:22:61 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:25:5:25:104 | ControlFlowNode for download_blob_from_url() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:25:37:25:44 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:15:5:15:36 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:15:5:15:36 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:15:25:15:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:21:5:21:36 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:21:5:21:36 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:21:25:21:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:21:9:21:63 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:21:32:21:39 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:37:9:37:60 | ControlFlowNode for KeyClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:37:29:37:36 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:53:9:53:47 | ControlFlowNode for Attribute() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:53:39:53:46 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:64:9:64:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:64:32:64:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:71:9:71:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:71:32:71:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:74:9:74:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:74:32:74:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:79:9:79:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:79:32:79:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:87:9:87:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:87:32:87:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:90:9:90:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:90:32:90:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:95:9:95:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:95:32:95:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:102:9:102:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:102:32:102:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:107:9:107:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:107:32:107:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:110:9:110:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:110:32:110:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:115:9:115:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:115:32:115:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:122:9:122:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:122:32:122:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:125:9:125:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:125:32:125:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:132:9:132:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:132:32:132:34 | ControlFlowNode for url | The full URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_requests.py:9:5:9:28 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:9:18:9:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_requests.py:17:5:17:27 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:17:17:17:26 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_requests.py:22:5:22:44 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:22:34:22:43 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | edges | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | provenance | | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:41:18:41:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:66:18:66:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:83:18:83:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:11:18:11:27 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:13:5:13:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:20:5:20:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:25:5:25:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:7:19:7:25 | ControlFlowNode for request | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | test_azure_client.py:10:18:10:24 | ControlFlowNode for request | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | test_azure_client.py:11:19:11:25 | ControlFlowNode for request | provenance | | -| test_azure_client.py:10:18:10:24 | ControlFlowNode for request | test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | -| test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | provenance | | -| test_azure_client.py:11:19:11:25 | ControlFlowNode for request | test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:17:32:17:39 | ControlFlowNode for full_url | provenance | Sink:MaD:15 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:19:39:19:46 | ControlFlowNode for full_url | provenance | Sink:MaD:38 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:21:19:21:26 | ControlFlowNode for full_url | provenance | Sink:MaD:14 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:23:58:23:65 | ControlFlowNode for full_url | provenance | Sink:MaD:26 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:32:18:32:25 | ControlFlowNode for full_url | provenance | Sink:MaD:27 | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | ControlFlowNode for request | provenance | | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | provenance | | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | +| full_partial_test.py:13:5:13:7 | ControlFlowNode for url | full_partial_test.py:15:18:15:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:20:5:20:7 | ControlFlowNode for url | full_partial_test.py:22:18:22:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:25:5:25:7 | ControlFlowNode for url | full_partial_test.py:27:18:27:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:45:5:45:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:49:5:49:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:57:5:57:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:18:41:24 | ControlFlowNode for request | full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:45:5:45:7 | ControlFlowNode for url | full_partial_test.py:47:18:47:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:49:5:49:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:55:18:55:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:57:5:57:7 | ControlFlowNode for url | full_partial_test.py:59:18:59:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:63:18:63:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | full_partial_test.py:70:5:70:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | full_partial_test.py:74:5:74:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:18:66:24 | ControlFlowNode for request | full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:70:5:70:7 | ControlFlowNode for url | full_partial_test.py:72:18:72:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:74:5:74:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:87:5:87:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:91:5:91:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:95:5:95:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:18:83:24 | ControlFlowNode for request | full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:87:5:87:7 | ControlFlowNode for url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:91:5:91:7 | ControlFlowNode for url | full_partial_test.py:93:18:93:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:95:5:95:7 | ControlFlowNode for url | full_partial_test.py:97:18:97:20 | ControlFlowNode for url | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:6:19:6:25 | ControlFlowNode for request | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | test_azure_client.py:9:18:9:24 | ControlFlowNode for request | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | test_azure_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | +| test_azure_client.py:9:18:9:24 | ControlFlowNode for request | test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | provenance | | +| test_azure_client.py:10:19:10:25 | ControlFlowNode for request | test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:16:28:16:35 | ControlFlowNode for full_url | provenance | Sink:MaD:2 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:18:35:18:42 | ControlFlowNode for full_url | provenance | Sink:MaD:4 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:20:15:20:22 | ControlFlowNode for full_url | provenance | Sink:MaD:1 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:22:54:22:61 | ControlFlowNode for full_url | provenance | Sink:MaD:3 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:25:37:25:44 | ControlFlowNode for full_url | provenance | Sink:MaD:5 | +| test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:1:19:1:25 | ControlFlowNode for request | provenance | | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | provenance | | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | provenance | | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | provenance | | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:28:27:28:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | AdditionalTaintStep | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:15:25:15:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:21:25:21:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:34:25:34:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:5:19:5:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:8:18:8:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:9:19:9:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:24:18:24:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:25:19:25:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:40:18:40:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:41:19:41:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:57:18:57:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:8:18:8:24 | ControlFlowNode for request | test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:9:19:9:25 | ControlFlowNode for request | test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | test_path_validation.py:21:32:21:39 | ControlFlowNode for full_url | provenance | Sink:MaD:2 | +| test_path_validation.py:24:18:24:24 | ControlFlowNode for request | test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:25:19:25:25 | ControlFlowNode for request | test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | test_path_validation.py:37:29:37:36 | ControlFlowNode for full_url | provenance | Sink:MaD:1 | +| test_path_validation.py:40:18:40:24 | ControlFlowNode for request | test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:41:19:41:25 | ControlFlowNode for request | test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | test_path_validation.py:53:39:53:46 | ControlFlowNode for full_url | provenance | Sink:MaD:4 | +| test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | test_path_validation.py:61:5:61:7 | ControlFlowNode for url | provenance | | +| test_path_validation.py:57:18:57:24 | ControlFlowNode for request | test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:64:32:64:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:71:32:71:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:74:32:74:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:79:32:79:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:87:32:87:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:90:32:90:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:95:32:95:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:102:32:102:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:107:32:107:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:110:32:110:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:115:32:115:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:122:32:122:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:125:32:125:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:132:32:132:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | provenance | | -| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | provenance | | -| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | provenance | | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:7:18:7:24 | ControlFlowNode for request | provenance | | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:14:18:14:24 | ControlFlowNode for request | provenance | | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:20:18:20:24 | ControlFlowNode for request | provenance | | +| test_requests.py:7:5:7:14 | ControlFlowNode for user_input | test_requests.py:9:18:9:27 | ControlFlowNode for user_input | provenance | | +| test_requests.py:7:18:7:24 | ControlFlowNode for request | test_requests.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:14:5:14:14 | ControlFlowNode for user_input | test_requests.py:17:17:17:26 | ControlFlowNode for user_input | provenance | | +| test_requests.py:14:18:14:24 | ControlFlowNode for request | test_requests.py:14:5:14:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:20:5:20:14 | ControlFlowNode for user_input | test_requests.py:22:34:22:43 | ControlFlowNode for user_input | provenance | | +| test_requests.py:20:18:20:24 | ControlFlowNode for request | test_requests.py:20:5:20:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +models +| 1 | Sink: azure.keyvault.keys.KeyClient!; Call.Argument[0,vault_url:]; request-forgery | +| 2 | Sink: azure.keyvault.secrets.SecretClient!; Call.Argument[0,vault_url:]; request-forgery | +| 3 | Sink: azure.storage.blob.ContainerClient!; Member[from_container_url].Argument[0,container_url:]; request-forgery | +| 4 | Sink: azure.storage.fileshare.ShareFileClient!; Member[from_file_url].Argument[0,file_url:]; request-forgery | +| 5 | Sink: azure; Member[storage].Member[blob].Member[download_blob_from_url].Argument[0,blob_url:]; request-forgery | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:13:18:13:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:19:18:19:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:23:18:23:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:42:18:42:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:45:18:45:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:48:18:48:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:11:18:11:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:13:5:13:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:15:18:15:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:20:5:20:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:22:18:22:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:25:5:25:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:27:18:27:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:41:18:41:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:45:5:45:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:47:18:47:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:49:5:49:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:54:18:54:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:55:18:55:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:57:5:57:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:59:18:59:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:62:18:62:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:65:18:65:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:63:18:63:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:66:18:66:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:70:5:70:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:72:18:72:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:74:5:74:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:79:18:79:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:82:18:82:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:10:18:10:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | -| test_azure_client.py:11:19:11:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:17:32:17:39 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:19:39:19:46 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:21:19:21:26 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:23:58:23:65 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:32:18:32:25 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:83:18:83:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:87:5:87:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:89:18:89:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:91:5:91:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:93:18:93:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:95:5:95:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:97:18:97:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_azure_client.py:10:19:10:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:16:28:16:35 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:18:35:18:42 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:20:15:20:22 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:22:54:22:61 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:25:37:25:44 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:15:25:15:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | +| test_http_client.py:21:25:21:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:28:27:28:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | +| test_http_client.py:34:25:34:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:8:18:8:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:21:32:21:39 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:24:18:24:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:25:19:25:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:37:29:37:36 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:40:18:40:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:41:19:41:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:53:39:53:46 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_path_validation.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:64:32:64:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:71:32:71:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:74:32:74:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:79:32:79:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:87:32:87:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:90:32:90:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:95:32:95:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:102:32:102:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:107:32:107:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:110:32:110:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:115:32:115:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:122:32:122:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:125:32:125:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:132:32:132:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | test_requests.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:7:5:7:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:9:18:9:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:14:5:14:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:14:18:14:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:17:17:17:26 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:20:5:20:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:20:18:20:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:22:34:22:43 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths -#select -| full_partial_test.py:10:5:10:28 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:13:5:13:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:19:5:19:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:23:5:23:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:42:5:42:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:45:5:45:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:48:5:48:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:51:5:51:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:54:5:54:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:62:5:62:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:65:5:65:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:76:5:76:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:79:5:79:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:82:5:82:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | The full URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:17:9:17:63 | ControlFlowNode for SecretClient() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:17:32:17:39 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:19:9:19:47 | ControlFlowNode for Attribute() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:19:39:19:46 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:21:9:21:39 | ControlFlowNode for KeyClient() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:21:19:21:26 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:23:9:23:89 | ControlFlowNode for Attribute() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:23:58:23:65 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:31:5:36:5 | ControlFlowNode for download_blob_from_url() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:32:18:32:25 | ControlFlowNode for full_url | The full URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:14:5:14:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:19:5:19:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | The full URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_requests.py:8:5:8:28 | ControlFlowNode for Attribute() | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | The full URL of this request depends on a $@. | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.qlref b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.qlref index 50d53b5f47e..f0a8d1e6b15 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.qlref +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/FullServerSideRequestForgery.qlref @@ -1 +1,4 @@ -Security/CWE-918/FullServerSideRequestForgery.ql +query: Security/CWE-918/FullServerSideRequestForgery.ql +postprocess: +- utils/test/InlineExpectationsTestQuery.ql +- utils/test/PrettyPrintModels.ql \ No newline at end of file diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected index bdcac746538..0b875607157 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected @@ -1,124 +1,242 @@ +#select +| full_partial_test.py:80:5:80:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:80:18:80:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:105:5:105:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:105:18:105:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:112:5:112:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:112:18:112:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:119:5:119:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:119:18:119:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:126:5:126:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:126:18:126:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:136:5:136:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:136:18:136:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| full_partial_test.py:143:5:143:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:143:18:143:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:15:5:15:54 | ControlFlowNode for SecretClient() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:15:28:15:30 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:17:5:17:38 | ControlFlowNode for Attribute() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:17:35:17:37 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:19:5:19:30 | ControlFlowNode for KeyClient() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:19:15:19:17 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:21:5:21:80 | ControlFlowNode for Attribute() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:21:54:21:56 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_azure_client.py:24:5:24:100 | ControlFlowNode for download_blob_from_url() | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:24:37:24:39 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:25:5:25:31 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:30:5:30:31 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:28:27:28:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:34:5:34:36 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:34:25:34:35 | ControlFlowNode for unsafe_path | Part of the URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:39:5:39:29 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:39:25:39:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_http_client.py:44:5:44:29 | ControlFlowNode for Attribute() | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:44:25:44:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:14:9:14:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:14:32:14:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:16:9:16:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:16:32:16:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:19:9:19:63 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:19:32:19:39 | ControlFlowNode for full_url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:30:9:30:55 | ControlFlowNode for KeyClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:30:29:30:31 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:32:9:32:55 | ControlFlowNode for KeyClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:32:29:32:31 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:35:9:35:60 | ControlFlowNode for KeyClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:35:29:35:36 | ControlFlowNode for full_url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:46:9:46:42 | ControlFlowNode for Attribute() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:46:39:46:41 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:48:9:48:42 | ControlFlowNode for Attribute() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:48:39:48:41 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:51:9:51:47 | ControlFlowNode for Attribute() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:51:39:51:46 | ControlFlowNode for full_url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:66:9:66:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:66:32:66:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:69:9:69:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:69:32:69:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:76:9:76:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:76:32:76:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:81:9:81:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:81:32:81:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:85:9:85:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:85:32:85:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:92:9:92:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:92:32:92:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:97:9:97:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:97:32:97:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:100:9:100:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:100:32:100:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:105:9:105:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:105:32:105:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:112:9:112:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:112:32:112:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:117:9:117:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:117:32:117:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:120:9:120:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:120:32:120:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:127:9:127:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:127:32:127:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | +| test_path_validation.py:130:9:130:58 | ControlFlowNode for SecretClient() | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:130:32:130:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | user-provided value | edges | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | provenance | | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | provenance | | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:37:18:37:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:38:17:38:23 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:57:18:57:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:58:17:58:23 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:71:18:71:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:72:17:72:23 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:86:18:86:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:92:18:92:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:98:18:98:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:104:18:104:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:110:18:110:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:119:18:119:24 | ControlFlowNode for request | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:12:5:12:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:18:5:18:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:41:18:41:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:42:17:42:23 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:66:18:66:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:67:17:67:23 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:83:18:83:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:84:17:84:23 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:101:18:101:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:108:18:108:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:115:18:115:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:122:18:122:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:129:18:129:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:1:19:1:25 | ControlFlowNode for request | full_partial_test.py:139:18:139:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:11:18:11:27 | ControlFlowNode for user_input | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:13:5:13:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:20:5:20:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | full_partial_test.py:25:5:25:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | full_partial_test.py:22:5:22:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | full_partial_test.py:25:5:25:7 | ControlFlowNode for url | provenance | | | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | full_partial_test.py:13:18:13:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | full_partial_test.py:19:18:19:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | full_partial_test.py:23:18:23:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:41:5:41:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:44:5:44:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:50:5:50:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | full_partial_test.py:47:5:47:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | full_partial_test.py:42:18:42:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | full_partial_test.py:45:18:45:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | full_partial_test.py:48:18:48:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:54:18:54:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:64:5:64:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | full_partial_test.py:67:5:67:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:62:18:62:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | full_partial_test.py:65:18:65:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:67:5:67:7 | ControlFlowNode for url | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:75:5:75:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | full_partial_test.py:81:5:81:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | -| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:79:18:79:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | full_partial_test.py:82:18:82:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | full_partial_test.py:88:5:88:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:88:5:88:7 | ControlFlowNode for url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | full_partial_test.py:94:5:94:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:94:5:94:7 | ControlFlowNode for url | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | full_partial_test.py:100:5:100:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:100:5:100:7 | ControlFlowNode for url | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | full_partial_test.py:106:5:106:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:106:5:106:7 | ControlFlowNode for url | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | full_partial_test.py:115:5:115:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:115:5:115:7 | ControlFlowNode for url | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | provenance | | -| full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | full_partial_test.py:121:5:121:7 | ControlFlowNode for url | provenance | | -| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| full_partial_test.py:121:5:121:7 | ControlFlowNode for url | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:7:19:7:25 | ControlFlowNode for request | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | test_azure_client.py:10:18:10:24 | ControlFlowNode for request | provenance | | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | test_azure_client.py:11:19:11:25 | ControlFlowNode for request | provenance | | -| test_azure_client.py:10:5:10:14 | ControlFlowNode for user_input | test_azure_client.py:13:5:13:7 | ControlFlowNode for url | provenance | | -| test_azure_client.py:10:18:10:24 | ControlFlowNode for request | test_azure_client.py:10:5:10:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| test_azure_client.py:10:18:10:24 | ControlFlowNode for request | test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | -| test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | provenance | | -| test_azure_client.py:11:19:11:25 | ControlFlowNode for request | test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | test_azure_client.py:16:32:16:34 | ControlFlowNode for url | provenance | Sink:MaD:15 | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | test_azure_client.py:18:39:18:41 | ControlFlowNode for url | provenance | Sink:MaD:38 | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | test_azure_client.py:20:19:20:21 | ControlFlowNode for url | provenance | Sink:MaD:14 | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | test_azure_client.py:22:58:22:60 | ControlFlowNode for url | provenance | Sink:MaD:26 | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | test_azure_client.py:26:18:26:20 | ControlFlowNode for url | provenance | Sink:MaD:27 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:17:32:17:39 | ControlFlowNode for full_url | provenance | Sink:MaD:15 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:19:39:19:46 | ControlFlowNode for full_url | provenance | Sink:MaD:38 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:21:19:21:26 | ControlFlowNode for full_url | provenance | Sink:MaD:14 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:23:58:23:65 | ControlFlowNode for full_url | provenance | Sink:MaD:26 | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | test_azure_client.py:32:18:32:25 | ControlFlowNode for full_url | provenance | Sink:MaD:27 | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:1:26:1:32 | ControlFlowNode for request | provenance | | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | provenance | | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | test_http_client.py:11:18:11:24 | ControlFlowNode for request | provenance | | +| full_partial_test.py:13:5:13:7 | ControlFlowNode for url | full_partial_test.py:15:18:15:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:20:5:20:7 | ControlFlowNode for url | full_partial_test.py:22:18:22:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:25:5:25:7 | ControlFlowNode for url | full_partial_test.py:27:18:27:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:45:5:45:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:49:5:49:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:57:5:57:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:41:18:41:24 | ControlFlowNode for request | full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:41:18:41:24 | ControlFlowNode for request | full_partial_test.py:42:5:42:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:42:5:42:13 | ControlFlowNode for query_val | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:42:17:42:23 | ControlFlowNode for request | full_partial_test.py:42:5:42:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:45:5:45:7 | ControlFlowNode for url | full_partial_test.py:47:18:47:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:49:5:49:7 | ControlFlowNode for url | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:53:5:53:7 | ControlFlowNode for url | full_partial_test.py:55:18:55:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:57:5:57:7 | ControlFlowNode for url | full_partial_test.py:59:18:59:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:61:5:61:7 | ControlFlowNode for url | full_partial_test.py:63:18:63:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | full_partial_test.py:70:5:70:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | full_partial_test.py:74:5:74:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:66:18:66:24 | ControlFlowNode for request | full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:66:18:66:24 | ControlFlowNode for request | full_partial_test.py:67:5:67:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:67:5:67:13 | ControlFlowNode for query_val | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:67:17:67:23 | ControlFlowNode for request | full_partial_test.py:67:5:67:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:70:5:70:7 | ControlFlowNode for url | full_partial_test.py:72:18:72:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:74:5:74:7 | ControlFlowNode for url | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:78:5:78:7 | ControlFlowNode for url | full_partial_test.py:80:18:80:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:87:5:87:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:91:5:91:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | full_partial_test.py:95:5:95:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:83:18:83:24 | ControlFlowNode for request | full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:83:18:83:24 | ControlFlowNode for request | full_partial_test.py:84:5:84:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:84:5:84:13 | ControlFlowNode for query_val | full_partial_test.py:95:5:95:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:84:17:84:23 | ControlFlowNode for request | full_partial_test.py:84:5:84:13 | ControlFlowNode for query_val | provenance | AdditionalTaintStep | +| full_partial_test.py:87:5:87:7 | ControlFlowNode for url | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:91:5:91:7 | ControlFlowNode for url | full_partial_test.py:93:18:93:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:95:5:95:7 | ControlFlowNode for url | full_partial_test.py:97:18:97:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:101:5:101:14 | ControlFlowNode for user_input | full_partial_test.py:103:5:103:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:101:18:101:24 | ControlFlowNode for request | full_partial_test.py:101:5:101:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:103:5:103:7 | ControlFlowNode for url | full_partial_test.py:105:18:105:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:108:5:108:14 | ControlFlowNode for user_input | full_partial_test.py:110:5:110:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:108:18:108:24 | ControlFlowNode for request | full_partial_test.py:108:5:108:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:110:5:110:7 | ControlFlowNode for url | full_partial_test.py:112:18:112:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:115:5:115:14 | ControlFlowNode for user_input | full_partial_test.py:117:5:117:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:115:18:115:24 | ControlFlowNode for request | full_partial_test.py:115:5:115:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:117:5:117:7 | ControlFlowNode for url | full_partial_test.py:119:18:119:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:122:5:122:14 | ControlFlowNode for user_input | full_partial_test.py:124:5:124:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:122:18:122:24 | ControlFlowNode for request | full_partial_test.py:122:5:122:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:124:5:124:7 | ControlFlowNode for url | full_partial_test.py:126:18:126:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:129:5:129:14 | ControlFlowNode for user_input | full_partial_test.py:134:5:134:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:129:18:129:24 | ControlFlowNode for request | full_partial_test.py:129:5:129:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:134:5:134:7 | ControlFlowNode for url | full_partial_test.py:136:18:136:20 | ControlFlowNode for url | provenance | | +| full_partial_test.py:139:5:139:14 | ControlFlowNode for user_input | full_partial_test.py:141:5:141:7 | ControlFlowNode for url | provenance | | +| full_partial_test.py:139:18:139:24 | ControlFlowNode for request | full_partial_test.py:139:5:139:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| full_partial_test.py:141:5:141:7 | ControlFlowNode for url | full_partial_test.py:143:18:143:20 | ControlFlowNode for url | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | test_azure_client.py:6:19:6:25 | ControlFlowNode for request | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | test_azure_client.py:9:18:9:24 | ControlFlowNode for request | provenance | | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | test_azure_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | +| test_azure_client.py:9:5:9:14 | ControlFlowNode for user_input | test_azure_client.py:12:5:12:7 | ControlFlowNode for url | provenance | | +| test_azure_client.py:9:18:9:24 | ControlFlowNode for request | test_azure_client.py:9:5:9:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_azure_client.py:9:18:9:24 | ControlFlowNode for request | test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | provenance | | +| test_azure_client.py:10:19:10:25 | ControlFlowNode for request | test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | test_azure_client.py:15:28:15:30 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | test_azure_client.py:17:35:17:37 | ControlFlowNode for url | provenance | Sink:MaD:4 | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | test_azure_client.py:19:15:19:17 | ControlFlowNode for url | provenance | Sink:MaD:1 | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | test_azure_client.py:21:54:21:56 | ControlFlowNode for url | provenance | Sink:MaD:3 | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | test_azure_client.py:24:37:24:39 | ControlFlowNode for url | provenance | Sink:MaD:5 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:16:28:16:35 | ControlFlowNode for full_url | provenance | Sink:MaD:2 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:18:35:18:42 | ControlFlowNode for full_url | provenance | Sink:MaD:4 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:20:15:20:22 | ControlFlowNode for full_url | provenance | Sink:MaD:1 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:22:54:22:61 | ControlFlowNode for full_url | provenance | Sink:MaD:3 | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | test_azure_client.py:25:37:25:44 | ControlFlowNode for full_url | provenance | Sink:MaD:5 | +| test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | test_http_client.py:1:19:1:25 | ControlFlowNode for request | provenance | | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | test_http_client.py:9:19:9:25 | ControlFlowNode for request | provenance | | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | test_http_client.py:10:19:10:25 | ControlFlowNode for request | provenance | | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | test_http_client.py:11:18:11:24 | ControlFlowNode for request | provenance | | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | provenance | | -| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | provenance | | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | provenance | | +| test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | test_http_client.py:28:27:28:37 | ControlFlowNode for unsafe_host | provenance | | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | provenance | AdditionalTaintStep | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | provenance | | -| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:15:25:15:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:21:25:21:35 | ControlFlowNode for unsafe_path | provenance | | +| test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | test_http_client.py:34:25:34:35 | ControlFlowNode for unsafe_path | provenance | | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | provenance | AdditionalTaintStep | | test_http_client.py:10:19:10:25 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:31:5:31:8 | ControlFlowNode for path | provenance | | -| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:35:5:35:8 | ControlFlowNode for path | provenance | | +| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:36:5:36:8 | ControlFlowNode for path | provenance | | +| test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | test_http_client.py:41:5:41:8 | ControlFlowNode for path | provenance | | | test_http_client.py:11:18:11:24 | ControlFlowNode for request | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | -| test_http_client.py:31:5:31:8 | ControlFlowNode for path | test_http_client.py:33:25:33:28 | ControlFlowNode for path | provenance | | -| test_http_client.py:35:5:35:8 | ControlFlowNode for path | test_http_client.py:37:25:37:28 | ControlFlowNode for path | provenance | | +| test_http_client.py:36:5:36:8 | ControlFlowNode for path | test_http_client.py:39:25:39:28 | ControlFlowNode for path | provenance | | +| test_http_client.py:41:5:41:8 | ControlFlowNode for path | test_http_client.py:44:25:44:28 | ControlFlowNode for path | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | test_path_validation.py:5:19:5:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:8:18:8:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:9:19:9:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:24:18:24:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:25:19:25:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:40:18:40:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:41:19:41:25 | ControlFlowNode for request | provenance | | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | test_path_validation.py:57:18:57:24 | ControlFlowNode for request | provenance | | +| test_path_validation.py:8:5:8:14 | ControlFlowNode for user_input | test_path_validation.py:10:5:10:7 | ControlFlowNode for url | provenance | | +| test_path_validation.py:8:18:8:24 | ControlFlowNode for request | test_path_validation.py:8:5:8:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_path_validation.py:8:18:8:24 | ControlFlowNode for request | test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:9:19:9:25 | ControlFlowNode for request | test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:10:5:10:7 | ControlFlowNode for url | test_path_validation.py:14:32:14:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:10:5:10:7 | ControlFlowNode for url | test_path_validation.py:16:32:16:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | test_path_validation.py:19:32:19:39 | ControlFlowNode for full_url | provenance | Sink:MaD:2 | +| test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | test_path_validation.py:21:32:21:39 | ControlFlowNode for full_url | provenance | Sink:MaD:2 | +| test_path_validation.py:24:5:24:14 | ControlFlowNode for user_input | test_path_validation.py:26:5:26:7 | ControlFlowNode for url | provenance | | +| test_path_validation.py:24:18:24:24 | ControlFlowNode for request | test_path_validation.py:24:5:24:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_path_validation.py:24:18:24:24 | ControlFlowNode for request | test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:25:19:25:25 | ControlFlowNode for request | test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:26:5:26:7 | ControlFlowNode for url | test_path_validation.py:30:29:30:31 | ControlFlowNode for url | provenance | Sink:MaD:1 | +| test_path_validation.py:26:5:26:7 | ControlFlowNode for url | test_path_validation.py:32:29:32:31 | ControlFlowNode for url | provenance | Sink:MaD:1 | +| test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | test_path_validation.py:35:29:35:36 | ControlFlowNode for full_url | provenance | Sink:MaD:1 | +| test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | test_path_validation.py:37:29:37:36 | ControlFlowNode for full_url | provenance | Sink:MaD:1 | +| test_path_validation.py:40:5:40:14 | ControlFlowNode for user_input | test_path_validation.py:42:5:42:7 | ControlFlowNode for url | provenance | | +| test_path_validation.py:40:18:40:24 | ControlFlowNode for request | test_path_validation.py:40:5:40:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_path_validation.py:40:18:40:24 | ControlFlowNode for request | test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | provenance | | +| test_path_validation.py:41:19:41:25 | ControlFlowNode for request | test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | provenance | AdditionalTaintStep | +| test_path_validation.py:42:5:42:7 | ControlFlowNode for url | test_path_validation.py:46:39:46:41 | ControlFlowNode for url | provenance | Sink:MaD:4 | +| test_path_validation.py:42:5:42:7 | ControlFlowNode for url | test_path_validation.py:48:39:48:41 | ControlFlowNode for url | provenance | Sink:MaD:4 | +| test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | test_path_validation.py:51:39:51:46 | ControlFlowNode for full_url | provenance | Sink:MaD:4 | +| test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | test_path_validation.py:53:39:53:46 | ControlFlowNode for full_url | provenance | Sink:MaD:4 | +| test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | test_path_validation.py:61:5:61:7 | ControlFlowNode for url | provenance | | +| test_path_validation.py:57:18:57:24 | ControlFlowNode for request | test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:64:32:64:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:66:32:66:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:69:32:69:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:71:32:71:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:74:32:74:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:76:32:76:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:79:32:79:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:81:32:81:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:85:32:85:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:87:32:87:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:90:32:90:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:92:32:92:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:95:32:95:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:97:32:97:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:100:32:100:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:102:32:102:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:105:32:105:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:107:32:107:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:110:32:110:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:112:32:112:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:115:32:115:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:117:32:117:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:120:32:120:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:122:32:122:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:125:32:125:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:127:32:127:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:130:32:130:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | test_path_validation.py:132:32:132:34 | ControlFlowNode for url | provenance | Sink:MaD:2 | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | test_requests.py:1:19:1:25 | ControlFlowNode for request | provenance | | -| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:6:18:6:24 | ControlFlowNode for request | provenance | | -| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | test_requests.py:8:18:8:27 | ControlFlowNode for user_input | provenance | | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | test_requests.py:6:5:6:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:7:18:7:24 | ControlFlowNode for request | provenance | | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:14:18:14:24 | ControlFlowNode for request | provenance | | +| test_requests.py:1:19:1:25 | ControlFlowNode for request | test_requests.py:20:18:20:24 | ControlFlowNode for request | provenance | | +| test_requests.py:7:5:7:14 | ControlFlowNode for user_input | test_requests.py:9:18:9:27 | ControlFlowNode for user_input | provenance | | +| test_requests.py:7:18:7:24 | ControlFlowNode for request | test_requests.py:7:5:7:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:14:5:14:14 | ControlFlowNode for user_input | test_requests.py:17:17:17:26 | ControlFlowNode for user_input | provenance | | +| test_requests.py:14:18:14:24 | ControlFlowNode for request | test_requests.py:14:5:14:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +| test_requests.py:20:5:20:14 | ControlFlowNode for user_input | test_requests.py:22:34:22:43 | ControlFlowNode for user_input | provenance | | +| test_requests.py:20:18:20:24 | ControlFlowNode for request | test_requests.py:20:5:20:14 | ControlFlowNode for user_input | provenance | AdditionalTaintStep | +models +| 1 | Sink: azure.keyvault.keys.KeyClient!; Call.Argument[0,vault_url:]; request-forgery | +| 2 | Sink: azure.keyvault.secrets.SecretClient!; Call.Argument[0,vault_url:]; request-forgery | +| 3 | Sink: azure.storage.blob.ContainerClient!; Member[from_container_url].Argument[0,container_url:]; request-forgery | +| 4 | Sink: azure.storage.fileshare.ShareFileClient!; Member[from_file_url].Argument[0,file_url:]; request-forgery | +| 5 | Sink: azure; Member[storage].Member[blob].Member[download_blob_from_url].Argument[0,blob_url:]; request-forgery | nodes | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | full_partial_test.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | @@ -126,91 +244,91 @@ nodes | full_partial_test.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | full_partial_test.py:8:5:8:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | | full_partial_test.py:8:17:8:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:10:18:10:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:12:5:12:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:13:18:13:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:18:5:18:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:19:18:19:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:22:5:22:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:23:18:23:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:37:5:37:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:37:18:37:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:38:5:38:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | -| full_partial_test.py:38:17:38:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:41:5:41:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:42:18:42:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:44:5:44:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:45:18:45:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:47:5:47:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:48:18:48:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:50:5:50:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:11:18:11:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:13:5:13:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:15:18:15:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:20:5:20:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:22:18:22:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:25:5:25:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:27:18:27:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:41:5:41:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:41:18:41:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:42:5:42:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | +| full_partial_test.py:42:17:42:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:45:5:45:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:47:18:47:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:49:5:49:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:51:18:51:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:53:5:53:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:54:18:54:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:58:5:58:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | -| full_partial_test.py:58:17:58:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:55:18:55:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:57:5:57:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:59:18:59:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:62:18:62:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:64:5:64:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:65:18:65:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:67:5:67:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:68:18:68:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:71:5:71:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:71:18:71:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:72:5:72:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | -| full_partial_test.py:72:17:72:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:75:5:75:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:63:18:63:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:66:5:66:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:66:18:66:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:67:5:67:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | +| full_partial_test.py:67:17:67:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:70:5:70:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:72:18:72:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:74:5:74:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:76:18:76:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:78:5:78:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:79:18:79:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:81:5:81:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:82:18:82:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:86:5:86:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:86:18:86:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:88:5:88:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:80:18:80:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:83:5:83:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:83:18:83:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:84:5:84:13 | ControlFlowNode for query_val | semmle.label | ControlFlowNode for query_val | +| full_partial_test.py:84:17:84:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:87:5:87:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:92:5:92:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:92:18:92:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:94:5:94:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:95:18:95:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:98:5:98:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:98:18:98:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:100:5:100:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:101:18:101:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:104:5:104:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:104:18:104:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:106:5:106:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:107:18:107:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:110:5:110:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:110:18:110:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:115:5:115:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:116:18:116:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:119:5:119:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| full_partial_test.py:119:18:119:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| full_partial_test.py:121:5:121:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| full_partial_test.py:122:18:122:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_azure_client.py:7:19:7:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:10:5:10:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| test_azure_client.py:10:18:10:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:11:5:11:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | -| test_azure_client.py:11:19:11:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_azure_client.py:13:5:13:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:14:5:14:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:16:32:16:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:17:32:17:39 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:18:39:18:41 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:19:39:19:46 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:20:19:20:21 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:21:19:21:26 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:22:58:22:60 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:23:58:23:65 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_azure_client.py:26:18:26:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | -| test_azure_client.py:32:18:32:25 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | -| test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | -| test_http_client.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:91:5:91:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:93:18:93:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:95:5:95:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:97:18:97:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:101:5:101:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:101:18:101:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:103:5:103:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:105:18:105:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:108:5:108:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:108:18:108:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:110:5:110:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:112:18:112:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:115:5:115:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:115:18:115:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:117:5:117:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:119:18:119:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:122:5:122:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:122:18:122:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:124:5:124:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:126:18:126:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:129:5:129:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:129:18:129:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:134:5:134:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:136:18:136:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:139:5:139:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| full_partial_test.py:139:18:139:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| full_partial_test.py:141:5:141:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| full_partial_test.py:143:18:143:20 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_azure_client.py:6:19:6:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:9:5:9:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_azure_client.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:10:5:10:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_azure_client.py:10:19:10:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_azure_client.py:12:5:12:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:13:5:13:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:15:28:15:30 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:16:28:16:35 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:17:35:17:37 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:18:35:18:42 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:19:15:19:17 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:20:15:20:22 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:21:54:21:56 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:22:54:22:61 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_azure_client.py:24:37:24:39 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_azure_client.py:25:37:25:44 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_http_client.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_http_client.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:9:5:9:15 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | | test_http_client.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:10:5:10:15 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | @@ -218,36 +336,87 @@ nodes | test_http_client.py:11:5:11:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | | test_http_client.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | | test_http_client.py:13:27:13:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:14:25:14:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:19:25:19:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | -| test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | -| test_http_client.py:31:5:31:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| test_http_client.py:33:25:33:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| test_http_client.py:35:5:35:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | -| test_http_client.py:37:25:37:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| test_http_client.py:15:25:15:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:19:27:19:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | +| test_http_client.py:21:25:21:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:28:27:28:37 | ControlFlowNode for unsafe_host | semmle.label | ControlFlowNode for unsafe_host | +| test_http_client.py:34:25:34:35 | ControlFlowNode for unsafe_path | semmle.label | ControlFlowNode for unsafe_path | +| test_http_client.py:36:5:36:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| test_http_client.py:39:25:39:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| test_http_client.py:41:5:41:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| test_http_client.py:44:25:44:28 | ControlFlowNode for path | semmle.label | ControlFlowNode for path | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | +| test_path_validation.py:5:19:5:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:8:5:8:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_path_validation.py:8:18:8:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:9:5:9:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:9:19:9:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:10:5:10:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:11:5:11:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:14:32:14:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:16:32:16:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:19:32:19:39 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:21:32:21:39 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:24:5:24:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_path_validation.py:24:18:24:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:25:5:25:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:25:19:25:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:26:5:26:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:27:5:27:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:30:29:30:31 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:32:29:32:31 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:35:29:35:36 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:37:29:37:36 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:40:5:40:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_path_validation.py:40:18:40:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:41:5:41:15 | ControlFlowNode for user_input2 | semmle.label | ControlFlowNode for user_input2 | +| test_path_validation.py:41:19:41:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:42:5:42:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:43:5:43:12 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:46:39:46:41 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:48:39:48:41 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:51:39:51:46 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:53:39:53:46 | ControlFlowNode for full_url | semmle.label | ControlFlowNode for full_url | +| test_path_validation.py:57:5:57:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_path_validation.py:57:18:57:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_path_validation.py:61:5:61:7 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:64:32:64:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:66:32:66:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:69:32:69:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:71:32:71:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:74:32:74:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:76:32:76:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:79:32:79:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:81:32:81:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:85:32:85:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:87:32:87:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:90:32:90:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:92:32:92:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:95:32:95:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:97:32:97:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:100:32:100:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:102:32:102:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:105:32:105:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:107:32:107:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:110:32:110:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:112:32:112:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:115:32:115:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:117:32:117:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:120:32:120:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:122:32:122:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:125:32:125:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:127:32:127:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:130:32:130:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | +| test_path_validation.py:132:32:132:34 | ControlFlowNode for url | semmle.label | ControlFlowNode for url | | test_requests.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | test_requests.py:1:19:1:25 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_requests.py:6:5:6:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | -| test_requests.py:6:18:6:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | -| test_requests.py:8:18:8:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:7:5:7:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:7:18:7:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:9:18:9:27 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:14:5:14:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:14:18:14:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:17:17:17:26 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:20:5:20:14 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | +| test_requests.py:20:18:20:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request | +| test_requests.py:22:34:22:43 | ControlFlowNode for user_input | semmle.label | ControlFlowNode for user_input | subpaths -#select -| full_partial_test.py:68:5:68:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:68:18:68:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:89:5:89:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:89:18:89:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:95:5:95:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:95:18:95:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:101:5:101:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:101:18:101:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:107:5:107:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:107:18:107:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:116:5:116:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:116:18:116:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| full_partial_test.py:122:5:122:21 | ControlFlowNode for Attribute() | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | full_partial_test.py:122:18:122:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | full_partial_test.py:1:19:1:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:16:9:16:58 | ControlFlowNode for SecretClient() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:16:32:16:34 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:18:9:18:42 | ControlFlowNode for Attribute() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:18:39:18:41 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:20:9:20:34 | ControlFlowNode for KeyClient() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:20:19:20:21 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:22:9:22:84 | ControlFlowNode for Attribute() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:22:58:22:60 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_azure_client.py:25:5:30:5 | ControlFlowNode for download_blob_from_url() | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | test_azure_client.py:26:18:26:20 | ControlFlowNode for url | Part of the URL of this request depends on a $@. | test_azure_client.py:7:19:7:25 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:22:5:22:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:18:27:18:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:26:5:26:31 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:25:27:25:37 | ControlFlowNode for unsafe_host | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:29:5:29:36 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:29:25:29:35 | ControlFlowNode for unsafe_path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:33:5:33:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:33:25:33:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | -| test_http_client.py:37:5:37:29 | ControlFlowNode for Attribute() | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | test_http_client.py:37:25:37:28 | ControlFlowNode for path | Part of the URL of this request depends on a $@. | test_http_client.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value | diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.qlref b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.qlref index 88de9285e5e..1161c990e22 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.qlref +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.qlref @@ -1 +1,4 @@ -Security/CWE-918/PartialServerSideRequestForgery.ql +query: Security/CWE-918/PartialServerSideRequestForgery.ql +postprocess: +- utils/test/InlineExpectationsTestQuery.ql +- utils/test/PrettyPrintModels.ql \ No newline at end of file diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py index 95ff9d64944..7b7d067b611 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/full_partial_test.py @@ -1,4 +1,4 @@ -from flask import request +from flask import request # $ Source import requests import re @@ -7,20 +7,24 @@ def full_ssrf(): user_input = request.args['untrusted_input'] query_val = request.args['query_val'] - requests.get(user_input) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(user_input) # $ Alert[py/full-ssrf] url = "https://" + user_input - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] # although the path `/foo` is added here, this can be circumvented such that the # final URL is `https://evil.com/#/foo" -- since the fragment (#) is not sent to the # server. url = "https://" + user_input + "/foo" - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] # this might seem like a dummy test, but it serves to check how our sanitizers work. url = "https://" + user_input + "/foo?key=" + query_val - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] # taint-steps are added as `fromNode -> toNode`, but when adding a sanitizer it's # currently only possible to so on either `fromNode` or `toNode` (either all edges in @@ -39,19 +43,24 @@ def full_ssrf_format(): # using .format url = "https://{}".format(user_input) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://{}/foo".format(user_input) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://{}/foo?key={}".format(user_input, query_val) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://{x}".format(x=user_input) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://{1}".format(0, user_input) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] def full_ssrf_percent_format(): user_input = request.args['untrusted_input'] @@ -59,13 +68,16 @@ def full_ssrf_percent_format(): # using %-formatting url = "https://%s" % user_input - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://%s/foo" % user_input - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = "https://%s/foo/key=%s" % (user_input, query_val) - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full and partial control + requests.get(url) # $ Alert[py/partial-ssrf] $ MISSING: Alert[py/full-ssrf] def full_ssrf_f_strings(): user_input = request.args['untrusted_input'] @@ -73,38 +85,45 @@ def full_ssrf_f_strings(): # using f-strings url = f"https://{user_input}" - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = f"https://{user_input}/foo" - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] url = f"https://{user_input}/foo?key={query_val}" - requests.get(url) # NOT OK -- user has full control + # NOT OK -- user has full control + requests.get(url) # $ Alert[py/full-ssrf] def partial_ssrf_1(): user_input = request.args['untrusted_input'] url = "https://example.com/foo?" + user_input - requests.get(url) # NOT OK -- user controls query parameters + # NOT OK -- user controls query parameters + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_2(): user_input = request.args['untrusted_input'] url = "https://example.com/" + user_input - requests.get(url) # NOT OK -- user controls path + # NOT OK -- user controls path + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_3(): user_input = request.args['untrusted_input'] url = "https://example.com/" + user_input - requests.get(url) # NOT OK -- user controls path + # NOT OK -- user controls path + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_4(): user_input = request.args['untrusted_input'] url = "https://example.com/foo#{}".format(user_input) - requests.get(url) # NOT OK -- user contollred fragment + # NOT OK -- user controlled fragment + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_5(): user_input = request.args['untrusted_input'] @@ -113,20 +132,22 @@ def partial_ssrf_5(): # controlled url = "https://example.com/foo#%s" % user_input - requests.get(url) # NOT OK -- user contollred fragment + # NOT OK -- user controlled fragment + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_6(): user_input = request.args['untrusted_input'] url = f"https://example.com/foo#{user_input}" - requests.get(url) # NOT OK -- user only controlled fragment + # NOT OK -- user only controlled fragment + requests.get(url) # $ Alert[py/partial-ssrf] def partial_ssrf_7(): user_input = request.args['untrusted_input'] if user_input.isalnum(): url = f"https://example.com/foo#{user_input}" - requests.get(url) # OK - user input can only contain alphanumerical characters + requests.get(url) # OK - user input can only contain alphanumerical characters if user_input.isalpha(): url = f"https://example.com/foo#{user_input}" @@ -154,7 +175,8 @@ def partial_ssrf_7(): if re.fullmatch(r'.*[a-zA-Z0-9]+.*', user_input): url = f"https://example.com/foo#{user_input}" - requests.get(url) # NOT OK, but NOT FOUND - user input can contain arbitrary characters + # NOT OK, but NOT FOUND - user input can contain arbitrary characters + requests.get(url) # $ MISSING: Alert[py/partial-ssrf] if re.match(r'^[a-zA-Z0-9]+$', user_input): @@ -163,7 +185,8 @@ def partial_ssrf_7(): if re.match(r'[a-zA-Z0-9]+', user_input): url = f"https://example.com/foo#{user_input}" - requests.get(url) # NOT OK, but NOT FOUND - user input can contain arbitrary character as a suffix. + # NOT OK, but NOT FOUND - user input can contain arbitrary character as a suffix. + requests.get(url) # $ MISSING: Alert[py/partial-ssrf] reg = re.compile(r'^[a-zA-Z0-9]+$') diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py index d8de2092a2e..ac4ff4d365e 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py @@ -3,8 +3,7 @@ from azure.storage.fileshare import ShareFileClient from azure.keyvault.keys import KeyClient from azure.storage.blob import ContainerClient from azure.storage.blob import download_blob_from_url - -from flask import request +from flask import request # $ Source def azure_sdk_test(credential, output_path): user_input = request.args['untrusted_input'] @@ -13,24 +12,14 @@ def azure_sdk_test(credential, output_path): url = f"https://example.com/foo#{user_input}" full_url = f"https://{user_input2}" # Testing Azure sink - c = SecretClient(vault_url=url, credential=credential)# NOT OK -- user only controlled fragment - c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control - c = ShareFileClient.from_file_url(url) # NOT OK -- user only controlled fragment - c = ShareFileClient.from_file_url(full_url) # NOT OK -- user has full control - c = KeyClient(url, credential)# NOT OK -- user only controlled fragment - c = KeyClient(full_url, credential) # NOT OK -- user has full control - c = ContainerClient.from_container_url(container_url=url, credential=credential) # NOT OK -- user only controlled fragment - c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # NOT OK -- user has full control + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + SecretClient(vault_url=full_url, credential=credential) # $ Alert[py/full-ssrf] + ShareFileClient.from_file_url(url) # $ Alert[py/partial-ssrf] + ShareFileClient.from_file_url(full_url) # $ Alert[py/full-ssrf] + KeyClient(url, credential) # $ Alert[py/partial-ssrf] + KeyClient(full_url, credential) # $ Alert[py/full-ssrf] + ContainerClient.from_container_url(container_url=url, credential=credential) # $ Alert[py/partial-ssrf] + ContainerClient.from_container_url(container_url=full_url, credential=credential) # $ Alert[py/full-ssrf] - download_blob_from_url( - blob_url=url, # NOT OK -- user only controlled fragment - output=output_path, - credential=credential, - overwrite=True - ) - download_blob_from_url( - blob_url=full_url, # NOT OK -- user has full control - output=output_path, - credential=credential, - overwrite=True - ) + download_blob_from_url(blob_url=url, output=output_path, credential=credential, overwrite=True ) # $ Alert[py/partial-ssrf] + download_blob_from_url(blob_url=full_url, output=output_path, credential=credential, overwrite=True) # $ Alert[py/full-ssrf] diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_http_client.py b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_http_client.py index c833907d843..da812eb6c54 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_http_client.py +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_http_client.py @@ -1,5 +1,5 @@ -from flask import Flask, request - +from flask import request # $ Source +from flask import Flask from http.client import HTTPConnection app = Flask(__name__) @@ -10,28 +10,35 @@ def ssrf_test(): unsafe_path = request.args["path"] user_input = request.args['untrusted_input'] - conn = HTTPConnection(unsafe_host) - conn.request("GET", unsafe_path) # NOT OK -- user has full control + conn = HTTPConnection(unsafe_host) # $ Sink[py/full-ssrf] + # NOT OK -- user has full control + conn.request("GET", unsafe_path) # $ Alert[py/full-ssrf] - # Full SSRF variant, where there is ALSO made a request with fixed URL on the same + # Full SSRF variant, where there is also a request with fixed URL on the same # connection later on. This should not change anything on the overall SSRF alerts. - conn = HTTPConnection(unsafe_host) - conn.request("GET", unsafe_path) # NOT OK -- user has full control + conn = HTTPConnection(unsafe_host) # $ Sink + # NOT OK -- user has full control + conn.request("GET", unsafe_path) # $ Alert[py/full-ssrf] # partial SSRF on SAME connection - conn.request("GET", "/foo") # NOT OK -- user has control of host + # NOT OK -- user has control of host + conn.request("GET", "/foo") # $ Alert[py/partial-ssrf] # the rest are partial SSRF - conn = HTTPConnection(unsafe_host) - conn.request("GET", "/foo") # NOT OK -- user controlled domain + conn = HTTPConnection(unsafe_host) # $ Sink[py/partial-ssrf] + # NOT OK -- user controlled domain + conn.request("GET", "/foo") # $ Alert[py/partial-ssrf] conn = HTTPConnection("example.com") - conn.request("GET", unsafe_path) # NOT OK -- user controlled path + # NOT OK -- user controlled path + conn.request("GET", unsafe_path) # $ Alert[py/partial-ssrf] path = "foo?" + user_input conn = HTTPConnection("example.com") - conn.request("GET", path) # NOT OK -- user controlled query parameters + # NOT OK -- user controlled query parameters + conn.request("GET", path) # $ Alert[py/partial-ssrf] path = "foo#" + user_input conn = HTTPConnection("example.com") - conn.request("GET", path) # NOT OK -- user controlled fragment + # NOT OK -- user controlled fragment + conn.request("GET", path) # $ Alert[py/partial-ssrf] \ No newline at end of file diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py new file mode 100644 index 00000000000..ce5a6d33833 --- /dev/null +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py @@ -0,0 +1,132 @@ +from azure.keyvault.secrets import SecretClient +from azure.storage.fileshare import ShareFileClient +from azure.keyvault.keys import KeyClient +from AntiSSRF import URIValidator +from flask import request # $ Source + +def urivalidator_path_in_domain_validation(credential, trusted_domain): + user_input = request.args['untrusted_input'] + user_input2 = request.args['untrusted_input2'] + url = f"https://example.com/foo#{user_input}" + full_url = f"https://{user_input2}" + + if URIValidator.in_domain(url, trusted_domain): + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(full_url, trusted_domain): + SecretClient(vault_url=full_url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=full_url, credential=credential) # $ Alert[py/full-ssrf] + +def urivalidator_path_in_azure_keyvault_domain_validation(credential): + user_input = request.args['untrusted_input'] + user_input2 = request.args['untrusted_input2'] + url = f"https://example.com/foo#{user_input}" + full_url = f"https://{user_input2}" + + if URIValidator.in_azure_keyvault_domain(url): + KeyClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + KeyClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_azure_keyvault_domain(full_url): + KeyClient(vault_url=full_url, credential=credential) # $ Alert[py/partial-ssrf] + else: + KeyClient(vault_url=full_url, credential=credential) # $ Alert[py/full-ssrf] + +def urivalidator_path_in_azure_storage_domain_validation(credential): + user_input = request.args['untrusted_input'] + user_input2 = request.args['untrusted_input2'] + url = f"https://example.com/foo#{user_input}" + full_url = f"https://{user_input2}" + + if URIValidator.in_azure_storage_domain(url): + ShareFileClient.from_file_url(url) # $ Alert[py/partial-ssrf] + else: + ShareFileClient.from_file_url(url) # $ Alert[py/partial-ssrf] + + if URIValidator.in_azure_storage_domain(full_url): + ShareFileClient.from_file_url(full_url) # $ Alert[py/partial-ssrf] + else: + ShareFileClient.from_file_url(full_url) # $ Alert[py/full-ssrf] + + +def complex_urivalidator_checks(credential, trusted_domain): + user_input = request.args['untrusted_input'] + # Focus on in_domain only here for simplicity + # It is assumed that the logic underlying path checking would apply + # similarly to other validator methods. + url = f"https://{user_input}" + + if not URIValidator.in_domain(url, trusted_domain): + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(url, trusted_domain) and trusted_domain == "example.com": + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + + if not (URIValidator.in_domain(url, trusted_domain) and trusted_domain == "example.com"): + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if not not not URIValidator.in_domain(url, trusted_domain): + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + + if URIValidator.in_domain(url, trusted_domain) == True: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + + if URIValidator.in_domain(url, trusted_domain) == False: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(url, trusted_domain) != True: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(url, trusted_domain) != False: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + + if URIValidator.in_domain(url, trusted_domain) is True: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + + if URIValidator.in_domain(url, trusted_domain) is False: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(url, trusted_domain) is not True: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if URIValidator.in_domain(url, trusted_domain) is not False: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + + if not URIValidator.in_domain(url, trusted_domain) is True: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + + if not URIValidator.in_domain(url, trusted_domain) is False: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/partial-ssrf] + else: + SecretClient(vault_url=url, credential=credential) # $ Alert[py/full-ssrf] \ No newline at end of file diff --git a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_requests.py b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_requests.py index 443f5c3b81f..6489096c969 100644 --- a/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_requests.py +++ b/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_requests.py @@ -1,11 +1,51 @@ -from flask import request +from flask import request # $ Source[py/full-ssrf] +from AntiSSRF import AntiSSRFPolicy import requests -def ssrf_test(): +def ssrf_test1(): user_input = request.args['untrusted_input'] - - requests.get(user_input) # NOT OK -- user has full control - + # NOT OK -- user has full control + requests.get(user_input) # $ Alert[py/full-ssrf] # since `requests`` always uses complete URLs, it's not interesting to test more of # the framework directly. See `full_partial_test.py` for different ways to do SSRF. + +def ssrf_test2(): + user_input = request.args['untrusted_input'] + # NOT OK -- user has full control + session = requests.Session() + session.get(user_input) # $ Alert[py/full-ssrf] + +def ssrf_test3(): + user_input = request.args['untrusted_input'] + # NOT OK -- user has full control + requests.request('', user_input) # $ Alert[py/full-ssrf] + +def ssrf_test_with_policy1(): + user_input = request.args['untrusted_input'] + policy = AntiSSRFPolicy() + session = policy.get_antissrf_session() + # OK -- dangerous user input is filtered by AntiSSRFPolicy + session.get(user_input) + +def ssrf_test_with_policy2(): + user_input = request.args['untrusted_input'] + policy = AntiSSRFPolicy() + session = policy.get_antissrf_session() + # overwriting the HTTPAdapter to default requests adapter + # this makes the session unsafe again + session.mount("http://", requests.adapters.HTTPAdapter()) + # NOT OK -- dangerous user input is no longer filtered by AntiSSRFPolicy + # TODO: not currently a scenario we detect. + session.get(user_input) # $ MISSING: Alert[py/full-ssrf] + +def ssrf_test_with_policy3(adapter): + user_input = request.args['untrusted_input'] + policy = AntiSSRFPolicy() + session = policy.get_antissrf_session() + # overwriting the HTTPAdapter to a custom requests adapter + # this could make the session unsafe again + session.mount("http://", adapter) + # NOT OK -- dangerous user input is no longer filtered by AntiSSRFPolicy + # TODO: not currently a scenario we detect. + session.get(user_input) # $ MISSING: Alert[py/full-ssrf] \ No newline at end of file diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 408f2f3144f..063e5f16211 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.10 + +No user-facing changes. + ## 5.1.9 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/5.1.10.md b/ruby/ql/lib/change-notes/released/5.1.10.md new file mode 100644 index 00000000000..f22ccf3e6e9 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.10.md @@ -0,0 +1,3 @@ +## 5.1.10 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index f9bf2605261..9198af0dd6c 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.9 +lastReleaseVersion: 5.1.10 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 824d21e1331..1d14ca0e3d2 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.10-dev +version: 5.1.11-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index fd5b24f166e..247072967e7 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.7 + +No user-facing changes. + ## 1.5.6 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.5.7.md b/ruby/ql/src/change-notes/released/1.5.7.md new file mode 100644 index 00000000000..c60c55034a6 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.5.7.md @@ -0,0 +1,3 @@ +## 1.5.7 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 9a0b3c9461b..227ac5febef 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.6 +lastReleaseVersion: 1.5.7 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 63d59fd0faa..b027389bc63 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.7-dev +version: 1.5.8-dev groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index b913efd02f0..3887b67b4df 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 ### Minor Analysis Improvements diff --git a/rust/ql/lib/change-notes/released/0.2.6.md b/rust/ql/lib/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 432608f6f9d..76c15485bb9 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -107,7 +107,7 @@ class SuccessorKind extends TSuccessorKind { } pragma[nomagic] -private ItemNode getAChildSuccessor(ItemNode item, string name, SuccessorKind kind) { +private ItemNode getAChildSuccessor0(ItemNode item, string name, SuccessorKind kind) { item = result.getImmediateParent() and name = result.getName() and // Associated items in `impl` and `trait` blocks are handled elsewhere @@ -116,7 +116,7 @@ private ItemNode getAChildSuccessor(ItemNode item, string name, SuccessorKind ki if result instanceof TypeParam then kind.isInternal() else - if result.isPublic() + if result.isPublic() or item instanceof SourceFile then kind.isBoth() else kind.isInternal() or @@ -130,6 +130,41 @@ private ItemNode getAChildSuccessor(ItemNode item, string name, SuccessorKind ki result = item } +pragma[nomagic] +private NamedItemNode getANamedNonModuleChildSuccessor( + ItemNode item, string name, Namespace ns, int startline, int startcolumn, int endline, + int endcolumn +) { + result.getLocation().hasLocationInfo(_, startline, startcolumn, endline, endcolumn) and + result = getAChildSuccessor0(item, name, _) and + ns = result.getNamespace() and + not result instanceof ModuleItemNode +} + +pragma[nomagic] +private ItemNode getAChildSuccessor(ItemNode item, string name, SuccessorKind kind) { + result = getAChildSuccessor0(item, name, kind) and + // In valid Rust code, there cannot be multiple children with the same name and namespace, + // but to safeguard against combinatorial explosions in invalid code, we always pick the + // last child, except for modules, where we take the union. + ( + not result instanceof NamedItemNode + or + result instanceof ModuleItemNode + or + exists(Namespace ns | + result = + max(NamedItemNode i, int startline, int startcolumn, int endline, int endcolumn | + i = + getANamedNonModuleChildSuccessor(item, name, ns, startline, startcolumn, endline, + endcolumn) + | + i order by startline, startcolumn, endline, endcolumn + ) + ) + ) +} + private module UseOption = Option; private class UseOption = UseOption::Option; @@ -288,10 +323,6 @@ abstract class ItemNode extends Locatable { cached ItemNode getASuccessor(string name, SuccessorKind kind, UseOption useOpt) { Stages::PathResolutionStage::ref() and - sourceFileEdge(this, name, result) and - kind.isBoth() and - useOpt.isNone() - or result = getAChildSuccessor(this, name, kind) and useOpt.isNone() or @@ -471,6 +502,8 @@ abstract class ItemNode extends Locatable { Location getLocation() { result = super.getLocation() } } +abstract class NamedItemNode extends ItemNode { } + abstract class TypeItemNode extends ItemNode { } /** A module or a source file. */ @@ -509,7 +542,7 @@ private class SourceFileItemNode extends ModuleLikeNode instanceof SourceFile { override string getCanonicalPath(Crate c) { none() } } -class CrateItemNode extends ItemNode instanceof Crate { +class CrateItemNode extends NamedItemNode instanceof Crate { /** * Gets the source file that defines this crate. */ @@ -565,7 +598,7 @@ class CrateItemNode extends ItemNode instanceof Crate { override string getCanonicalPath(Crate c) { c = this and result = Crate.super.getName() } } -class ExternCrateItemNode extends ItemNode instanceof ExternCrate { +class ExternCrateItemNode extends NamedItemNode instanceof ExternCrate { override string getName() { result = super.getRename().getName().getText() or @@ -573,7 +606,7 @@ class ExternCrateItemNode extends ItemNode instanceof ExternCrate { result = super.getIdentifier().getText() } - override Namespace getNamespace() { none() } + override Namespace getNamespace() { result.isType() } override Visibility getVisibility() { result = ExternCrate.super.getVisibility() } @@ -587,7 +620,7 @@ class ExternCrateItemNode extends ItemNode instanceof ExternCrate { } /** An item that can occur in a trait or an `impl` block. */ -abstract private class AssocItemNode extends ItemNode instanceof AssocItem { +abstract private class AssocItemNode extends NamedItemNode instanceof AssocItem { /** Holds if this associated item has an implementation. */ abstract predicate hasImplementation(); @@ -626,7 +659,7 @@ private class ConstItemNode extends AssocItemNode instanceof Const { override TypeParam getTypeParam(int i) { none() } } -private class TypeItemTypeItemNode extends TypeItemNode instanceof TypeItem { +private class TypeItemTypeItemNode extends NamedItemNode, TypeItemNode instanceof TypeItem { override string getName() { result = TypeItem.super.getName().getText() } override Namespace getNamespace() { result.isType() } @@ -659,7 +692,7 @@ private class TypeItemTypeItemNode extends TypeItemNode instanceof TypeItem { } /** An item that can be referenced with arguments. */ -abstract class ParameterizableItemNode extends ItemNode { +abstract class ParameterizableItemNode extends NamedItemNode { /** Gets the arity this item. */ abstract int getArity(); } @@ -911,7 +944,7 @@ private class ImplTraitTypeReprItemNodeImpl extends ImplTraitTypeReprItemNode { ItemNode resolveABoundCand() { result = resolvePathCand(this.getABoundPath()) } } -private class ModuleItemNode extends ModuleLikeNode instanceof Module { +private class ModuleItemNode extends NamedItemNode, ModuleLikeNode instanceof Module { override string getName() { result = Module.super.getName().getText() } override Namespace getNamespace() { result.isType() } @@ -929,7 +962,7 @@ private class ModuleItemNode extends ModuleLikeNode instanceof Module { ( exists(SourceFile f | fileImport(this, f) and - sourceFileEdge(f, _, child) + child = getAChildSuccessor(f, _, _) ) or this = child.getImmediateParent() @@ -1001,7 +1034,7 @@ private class StructItemNode extends TypeItemTypeItemNode, ParameterizableItemNo } } -final class TraitItemNode extends ImplOrTraitItemNode, TypeItemNode instanceof Trait { +final class TraitItemNode extends ImplOrTraitItemNode, NamedItemNode, TypeItemNode instanceof Trait { pragma[nomagic] Path getABoundPath() { result = super.getATypeBound().getTypeRepr().(PathTypeRepr).getPath() } @@ -1126,7 +1159,7 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr { pragma[nomagic] private Path getWherePredPath(WherePred wp) { result = wp.getTypeRepr().(PathTypeRepr).getPath() } -final class TypeParamItemNode extends TypeItemNode instanceof TypeParam { +final class TypeParamItemNode extends NamedItemNode, TypeItemNode instanceof TypeParam { /** Gets a where predicate for this type parameter, if any */ pragma[nomagic] private WherePred getAWherePred() { @@ -1214,7 +1247,7 @@ final private class TypeParamItemNodeImpl extends TypeParamItemNode instanceof T ItemNode resolveABoundCand() { result = resolvePathCand(this.getABoundPathCand()) } } -abstract private class MacroItemNode extends ItemNode { +abstract private class MacroItemNode extends NamedItemNode { override Namespace getNamespace() { result.isMacro() } override TypeParam getTypeParam(int i) { none() } @@ -1256,12 +1289,6 @@ private class MacroDefItemNode extends MacroItemNode instanceof MacroDef { override Attr getAnAttr() { result = MacroDef.super.getAnAttr() } } -/** Holds if `item` has the name `name` and is a top-level item inside `f`. */ -private predicate sourceFileEdge(SourceFile f, string name, ItemNode item) { - item = f.(ItemNode).getADescendant() and - name = item.getName() -} - /** Holds if `f` is available as `mod name;` inside `folder`. */ pragma[nomagic] private predicate fileModule(SourceFile f, string name, Folder folder) { diff --git a/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll b/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll index aeb186c0cdc..74d8385bdf2 100644 --- a/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll +++ b/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll @@ -419,14 +419,21 @@ module ArgsAreInstantiationsOf { private module ArgIsInstantiationOfToIndex = ArgIsInstantiationOf; + pragma[nomagic] + private predicate argIsInstantiationOf( + Input::Call call, FunctionPosition pos, ImplOrTraitItemNode i, Function f, int rnk + ) { + ArgIsInstantiationOfToIndex::argIsInstantiationOf(MkCallAndPos(call, pos), i, _) and + toCheckRanked(i, f, _, pos, rnk) + } + pragma[nomagic] private predicate argsAreInstantiationsOfToIndex( Input::Call call, ImplOrTraitItemNode i, Function f, int rnk ) { exists(FunctionPosition pos | - ArgIsInstantiationOfToIndex::argIsInstantiationOf(MkCallAndPos(call, pos), i, _) and - call.hasTargetCand(i, f) and - toCheckRanked(i, f, _, pos, rnk) + argIsInstantiationOf(call, pos, i, f, rnk) and + call.hasTargetCand(i, f) | rnk = 0 or diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index d87089914d3..f7428ef1087 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.6-dev +version: 0.2.7-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index fe96ab5baad..72f10e760fc 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.27 + +No user-facing changes. + ## 0.1.26 No user-facing changes. diff --git a/rust/ql/src/change-notes/2026-02-18-database-quality.md b/rust/ql/src/change-notes/2026-02-18-database-quality.md new file mode 100644 index 00000000000..ef2f1b3139c --- /dev/null +++ b/rust/ql/src/change-notes/2026-02-18-database-quality.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The macro resolution metric has been removed from `rust/diagnostic/database-quality`. This metric was found to be an unreliable indicator of database quality in many cases, leading to false alarms on the tool status page. diff --git a/rust/ql/src/change-notes/released/0.1.27.md b/rust/ql/src/change-notes/released/0.1.27.md new file mode 100644 index 00000000000..3e409381bd9 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.27.md @@ -0,0 +1,3 @@ +## 0.1.27 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index e2396c0532f..35535ba43d5 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.26 +lastReleaseVersion: 0.1.27 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 850f67e18a8..21011bd93d5 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.27-dev +version: 0.1.28-dev groups: - rust - queries diff --git a/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql b/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql index 02933b3bd5f..9cd244c8c5d 100644 --- a/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql +++ b/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql @@ -12,8 +12,6 @@ import codeql.util.Unit private predicate diagnostic(string msg, float value, float threshold) { CallTargetStatsReport::percentageOfOk(msg, value) and threshold = 50 or - MacroCallTargetStatsReport::percentageOfOk(msg, value) and threshold = 50 - or ExprTypeStatsReport::percentageOfOk(msg, value) and threshold = 20 } diff --git a/rust/ql/test/library-tests/path-resolution/invalid/main.rs b/rust/ql/test/library-tests/path-resolution/invalid/main.rs new file mode 100644 index 00000000000..b58fcb2d934 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/invalid/main.rs @@ -0,0 +1,6 @@ +// The code in this file is not valid Rust code + +struct A; // A1 +struct A; // A2 + +fn f(x: A) {} // $ item=A2 (the latter occurence takes precedence) diff --git a/rust/ql/test/library-tests/path-resolution/invalid/options.yml b/rust/ql/test/library-tests/path-resolution/invalid/options.yml new file mode 100644 index 00000000000..cf148dd35f8 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/invalid/options.yml @@ -0,0 +1 @@ +qltest_cargo_check: false diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 153d80db4cc..e85bb7876da 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -51,6 +51,7 @@ mod | my/nested.rs:1:1:17:1 | mod nested1 | | my/nested.rs:2:5:11:5 | mod nested2 | resolvePath +| invalid/main.rs:6:9:6:9 | A | invalid/main.rs:3:11:4:9 | struct A | | main.rs:4:8:4:9 | my | main.rs:1:1:1:7 | mod my | | main.rs:4:14:4:17 | self | main.rs:1:1:1:7 | mod my | | main.rs:6:5:6:6 | my | main.rs:1:1:1:7 | mod my | diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index 29dba07c365..933fc5e7cd9 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.16 + +No user-facing changes. + ## 0.0.15 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.16.md b/shared/concepts/change-notes/released/0.0.16.md new file mode 100644 index 00000000000..62b5521ea01 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.16.md @@ -0,0 +1,3 @@ +## 0.0.16 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index dff35216fc6..a49f7be4cff 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.15 +lastReleaseVersion: 0.0.16 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 4cfa6918d19..240ee962cfd 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.16-dev +version: 0.0.17-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 1fd69b562a6..88666b4ad28 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.26 + +No user-facing changes. + ## 2.0.25 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.26.md b/shared/controlflow/change-notes/released/2.0.26.md new file mode 100644 index 00000000000..9b1fe95f577 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.26.md @@ -0,0 +1,3 @@ +## 2.0.26 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index f54d8620118..63d57bef481 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.25 +lastReleaseVersion: 2.0.26 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 5ed22593368..6ae58a799e6 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.26-dev +version: 2.0.27-dev groups: shared library: true dependencies: diff --git a/shared/cpp/BUILD.bazel b/shared/cpp/BUILD.bazel index 5debed90086..f78c4ede92f 100644 --- a/shared/cpp/BUILD.bazel +++ b/shared/cpp/BUILD.bazel @@ -1,3 +1,5 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + cc_library( name = "extractor_shared", srcs = glob(["*.cpp"]), diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 49857928ffe..f9d35bda41d 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.26 + +No user-facing changes. + ## 2.0.25 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.26.md b/shared/dataflow/change-notes/released/2.0.26.md new file mode 100644 index 00000000000..9b1fe95f577 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.26.md @@ -0,0 +1,3 @@ +## 2.0.26 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index f54d8620118..63d57bef481 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.25 +lastReleaseVersion: 2.0.26 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index de23fe3e38b..d16d8379bbb 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.26-dev +version: 2.0.27-dev groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index bc1ee96895c..7fe382ef31d 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.42.md b/shared/mad/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index e1b46e5427c..9adf5d48ad5 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index d5252bfc0c4..7ac497bdb32 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.20 + +No user-facing changes. + ## 0.0.19 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.20.md b/shared/quantum/change-notes/released/0.0.20.md new file mode 100644 index 00000000000..98daf20a59a --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.20.md @@ -0,0 +1,3 @@ +## 0.0.20 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index f406319f372..d2e86745bca 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.19 +lastReleaseVersion: 0.0.20 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index d3129461a49..91774b4db2d 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.20-dev +version: 0.0.21-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 3dde8baa4b0..56497c3d31e 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.42.md b/shared/rangeanalysis/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index be9c067d84e..a5e5998c4a7 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 2e3dacffd92..48478854251 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.42.md b/shared/regex/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 93baefe6d78..2dd53258318 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 62c6ce297f9..49bac05febb 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.18 + +No user-facing changes. + ## 2.0.17 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.18.md b/shared/ssa/change-notes/released/2.0.18.md new file mode 100644 index 00000000000..11e398dac31 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.18.md @@ -0,0 +1,3 @@ +## 2.0.18 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index a5f7c15c020..16342205c73 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.17 +lastReleaseVersion: 2.0.18 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index d5e6d266097..5e567790cfe 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.18-dev +version: 2.0.19-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index d0c8171cdf6..e91058f491a 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.42.md b/shared/threat-models/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 0ed1decf1d0..65539cd3c1b 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.42-dev +version: 1.0.43-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 83380772573..4ecb5dcd241 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.42.md b/shared/tutorial/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 1e937c1f860..d632d0426b4 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index caecb313a31..176ba027afe 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.42.md b/shared/typeflow/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index f40dd352f6e..19f16908768 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 356c331b5df..4d23ebe8abb 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.23 + +No user-facing changes. + ## 0.0.22 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.23.md b/shared/typeinference/change-notes/released/0.0.23.md new file mode 100644 index 00000000000..e89a1284bb8 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.23.md @@ -0,0 +1,3 @@ +## 0.0.23 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index 11aaa2243f5..cc2195603d8 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.22 +lastReleaseVersion: 0.0.23 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 927036035b5..cd15cfac986 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.23-dev +version: 0.0.24-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 8504089f872..d5ca15b5be7 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.26 + +No user-facing changes. + ## 2.0.25 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.26.md b/shared/typetracking/change-notes/released/2.0.26.md new file mode 100644 index 00000000000..9b1fe95f577 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.26.md @@ -0,0 +1,3 @@ +## 2.0.26 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index f54d8620118..63d57bef481 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.25 +lastReleaseVersion: 2.0.26 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index fcaed606ded..41e4b42ff3b 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.26-dev +version: 2.0.27-dev groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index cfbec562b14..9e886726714 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.42.md b/shared/typos/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index de131d17f6b..cf3df223c88 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 904aa45e034..de6fbcff12f 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.29 + +No user-facing changes. + ## 2.0.28 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.29.md b/shared/util/change-notes/released/2.0.29.md new file mode 100644 index 00000000000..c8e5d5c3d05 --- /dev/null +++ b/shared/util/change-notes/released/2.0.29.md @@ -0,0 +1,3 @@ +## 2.0.29 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index ec5bd6ba369..1425cb159e4 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.28 +lastReleaseVersion: 2.0.29 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index def146658c0..18d1315e0da 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.29-dev +version: 2.0.30-dev groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 7a85ea45c7b..c642973980d 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.42.md b/shared/xml/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index d12cff34fbe..63b5786ba44 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 78b636e0288..b2c9cee85a6 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.42 + +No user-facing changes. + ## 1.0.41 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.42.md b/shared/yaml/change-notes/released/1.0.42.md new file mode 100644 index 00000000000..821c38854a2 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.42.md @@ -0,0 +1,3 @@ +## 1.0.42 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index d496eab6eb9..53e8667626a 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.41 +lastReleaseVersion: 1.0.42 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 5ba88d4abdb..1ecff982de7 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.42-dev +version: 1.0.43-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/logging/BUILD.bazel b/swift/logging/BUILD.bazel index 1d6192b3c13..e72a7071d06 100644 --- a/swift/logging/BUILD.bazel +++ b/swift/logging/BUILD.bazel @@ -1,3 +1,5 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + cc_library( name = "logging", srcs = glob(["*.cpp"]), diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index f4fe2159e07..65446a02bf3 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 6.2.2 + +No user-facing changes. + ## 6.2.1 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/released/6.2.2.md b/swift/ql/lib/change-notes/released/6.2.2.md new file mode 100644 index 00000000000..769c4987cc0 --- /dev/null +++ b/swift/ql/lib/change-notes/released/6.2.2.md @@ -0,0 +1,3 @@ +## 6.2.2 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 8e36085279d..0d8f9cf7547 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.2.1 +lastReleaseVersion: 6.2.2 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 157e1334212..da06170849b 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.2.2-dev +version: 6.2.3-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index bf6367cf668..0b3d34fc0f5 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.16 + +No user-facing changes. + ## 1.2.15 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.16.md b/swift/ql/src/change-notes/released/1.2.16.md new file mode 100644 index 00000000000..2cba5480d4e --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.16.md @@ -0,0 +1,3 @@ +## 1.2.16 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index df8980e5dd2..11aa69f2d7a 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.15 +lastReleaseVersion: 1.2.16 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index bdac35f35b2..58dd667f57b 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.16-dev +version: 1.2.17-dev groups: - swift - queries diff --git a/swift/rules.bzl b/swift/rules.bzl index cb16ca4382a..d479f6bff11 100644 --- a/swift/rules.bzl +++ b/swift/rules.bzl @@ -1,3 +1,4 @@ +load("@rules_cc//cc:defs.bzl", "CcInfo", "cc_binary", "cc_library") load("//misc/bazel:os.bzl", "os_select") # TODO: make a shared library with the internal repos for transitions @@ -124,7 +125,7 @@ def _wrap_cc(rule, kwargs): ) def swift_cc_binary(**kwargs): - _wrap_cc(native.cc_binary, kwargs) + _wrap_cc(cc_binary, kwargs) def swift_cc_library(**kwargs): - _wrap_cc(native.cc_library, kwargs) + _wrap_cc(cc_library, kwargs)