hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into tutorial/library-pack

Browse Source
This commit is contained in:
Aditya Sharad
2023-01-03 14:08:37 -08:00
committed by GitHub
parent d2ee8c08c0 c5138674a4
commit 9988c19a42
406 changed files with 26663 additions and 5387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/actions/cache-query-compilation/action.yml vendored
View File

@@ -23,20 +23,19 @@ runs:
run: | run: |
MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ") MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
- name: Restore read-only cache (PR) - name: Restore cache (PR)
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6 uses: actions/cache/restore@v3
with: with:
path: '**/.cache' path: '**/.cache'
read-only: true
key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }} key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
restore-keys: | restore-keys: |
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }} codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}- codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-
codeql-compile-${{ inputs.key }}-main- codeql-compile-${{ inputs.key }}-main-
- name: Fill cache (push) - name: Fill cache (only branch push)
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6 uses: actions/cache@v3
with: with:
path: '**/.cache' path: '**/.cache'
key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main

2
.github/workflows/close-stale.yml vendored
View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/stale@v6 - uses: actions/stale@v7
with: with:
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.' stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

4
cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.

32
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -72,7 +72,19 @@ newtype TInstructionTag =
AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or
ThisAddressTag() or ThisAddressTag() or
ThisLoadTag() or ThisLoadTag() or
StructuredBindingAccessTag() StructuredBindingAccessTag() or
// The next three cases handle generation of the constants -1, 0 and 1 for __except handling.
TryExceptGenerateNegativeOne() or
TryExceptGenerateZero() or
TryExceptGenerateOne() or
// The next three cases handle generation of comparisons for __except handling.
TryExceptCompareNegativeOne() or
TryExceptCompareZero() or
TryExceptCompareOne() or
// The next three cases handle generation of branching for __except handling.
TryExceptCompareNegativeOneBranch() or
TryExceptCompareZeroBranch() or
TryExceptCompareOneBranch()
class InstructionTag extends TInstructionTag { class InstructionTag extends TInstructionTag {
final string toString() { result = "Tag" } final string toString() { result = "Tag" }
@@ -224,4 +236,22 @@ string getInstructionTagId(TInstructionTag tag) {
tag = ThisLoadTag() and result = "ThisLoad" tag = ThisLoadTag() and result = "ThisLoad"
or or
tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess" tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess"
or
tag = TryExceptCompareNegativeOne() and result = "TryExceptCompareNegativeOne"
or
tag = TryExceptCompareZero() and result = "TryExceptCompareZero"
or
tag = TryExceptCompareOne() and result = "TryExceptCompareOne"
or
tag = TryExceptGenerateNegativeOne() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateZero() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateOne() and result = "TryExceptGenerateOne"
or
tag = TryExceptCompareNegativeOneBranch() and result = "TryExceptCompareNegativeOneBranch"
or
tag = TryExceptCompareZeroBranch() and result = "TryExceptCompareZeroBranch"
or
tag = TryExceptCompareOneBranch() and result = "TryExceptCompareOneBranch"
} }

1
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -675,6 +675,7 @@ newtype TTranslatedElement =
} or } or
// A statement // A statement
TTranslatedStmt(Stmt stmt) { translateStmt(stmt) } or TTranslatedStmt(Stmt stmt) { translateStmt(stmt) } or
TTranslatedMicrosoftTryExceptHandler(MicrosoftTryExceptStmt stmt) or
// A function // A function
TTranslatedFunction(Function func) { translateFunction(func) } or TTranslatedFunction(Function func) { translateFunction(func) } or
// A constructor init list // A constructor init list

284
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -13,6 +13,222 @@ private import TranslatedInitialization
TranslatedStmt getTranslatedStmt(Stmt stmt) { result.getAst() = stmt } TranslatedStmt getTranslatedStmt(Stmt stmt) { result.getAst() = stmt }
TranslatedMicrosoftTryExceptHandler getTranslatedMicrosoftTryExceptHandler(
MicrosoftTryExceptStmt tryExcept
) {
result.getAst() = tryExcept.getExcept()
}
class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,
TTranslatedMicrosoftTryExceptHandler {
MicrosoftTryExceptStmt tryExcept;
TranslatedMicrosoftTryExceptHandler() { this = TTranslatedMicrosoftTryExceptHandler(tryExcept) }
final override string toString() { result = tryExcept.toString() }
final override Locatable getAst() { result = tryExcept.getExcept() }
override Instruction getFirstInstruction() { result = this.getChild(0).getFirstInstruction() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
// t1 = -1
tag = TryExceptGenerateNegativeOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareNegativeOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareNegativeOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 0
tag = TryExceptGenerateZero() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareZero() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareZeroBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 1
tag = TryExceptGenerateOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// unwind stack
tag = UnwindTag() and
opcode instanceof Opcode::Unwind and
resultType = getVoidType()
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = TryExceptCompareNegativeOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateNegativeOne())
)
or
tag = TryExceptCompareNegativeOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
tag = TryExceptCompareZero() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateZero())
)
or
tag = TryExceptCompareZeroBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareZero())
or
tag = TryExceptCompareOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateOne())
)
or
tag = TryExceptCompareOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareOne())
}
override string getInstructionConstantValue(InstructionTag tag) {
tag = TryExceptGenerateNegativeOne() and
result = "-1"
or
tag = TryExceptGenerateZero() and
result = "0"
or
tag = TryExceptGenerateOne() and
result = "1"
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
// Generate -1 -> Compare condition
tag = TryExceptGenerateNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
// Compare condition -> Branch
tag = TryExceptCompareNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOneBranch())
or
// Branch -> Unwind or Generate 0
tag = TryExceptCompareNegativeOneBranch() and
(
kind instanceof TrueEdge and
// TODO: This is not really correct. The semantics of `EXCEPTION_CONTINUE_EXECUTION` is that
// we should continue execution at the point where the exception occurred. But we don't have
// any instruction to model this behavior.
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateZero())
)
or
// Generate 0 -> Compare condition
tag = TryExceptGenerateZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZero())
or
// Compare condition -> Branch
tag = TryExceptCompareZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZeroBranch())
or
// Branch -> Unwind or Generate 1
tag = TryExceptCompareZeroBranch() and
(
kind instanceof TrueEdge and
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateOne())
)
or
// Generate 1 -> Compare condition
tag = TryExceptGenerateOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOne())
or
// Compare condition -> Branch
tag = TryExceptCompareOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOneBranch())
or
// Branch -> Handler (the condition value is always 0, -1 or 1, and we've checked for 0 or -1 already.)
tag = TryExceptCompareOneBranch() and
(
kind instanceof TrueEdge and
result = this.getTranslatedHandler().getFirstInstruction()
)
or
// Unwind -> Parent
tag = UnwindTag() and
kind instanceof GotoEdge and
result = this.getParent().getChildSuccessor(this)
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = this.getTranslatedCondition() and
result = this.getInstruction(TryExceptGenerateNegativeOne())
or
child = this.getTranslatedHandler() and
result = this.getParent().getChildSuccessor(this)
}
private TranslatedExpr getTranslatedCondition() {
result = getTranslatedExpr(tryExcept.getCondition())
}
private TranslatedStmt getTranslatedHandler() {
result = getTranslatedStmt(tryExcept.getExcept())
}
override TranslatedElement getChild(int id) {
id = 0 and
result = this.getTranslatedCondition()
or
id = 1 and
result = this.getTranslatedHandler()
}
final override Function getFunction() { result = tryExcept.getEnclosingFunction() }
}
abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt { abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
Stmt stmt; Stmt stmt;
@@ -249,15 +465,57 @@ class TranslatedUnreachableReturnStmt extends TranslatedReturnStmt {
} }
/** /**
* The IR translation of a C++ `try` statement. * A C/C++ `try` statement, or a `__try __except` or `__try __finally` statement.
*/
private class TryOrMicrosoftTryStmt extends Stmt {
TryOrMicrosoftTryStmt() {
this instanceof TryStmt or
this instanceof MicrosoftTryStmt
}
/** Gets the number of `catch block`s of this statement. */
int getNumberOfCatchClauses() {
result = this.(TryStmt).getNumberOfCatchClauses()
or
this instanceof MicrosoftTryExceptStmt and
result = 1
or
this instanceof MicrosoftTryFinallyStmt and
result = 0
}
/** Gets the `body` statement of this statement. */
Stmt getStmt() {
result = this.(TryStmt).getStmt()
or
result = this.(MicrosoftTryStmt).getStmt()
}
/** Gets the `i`th translated handler of this statement. */
TranslatedElement getTranslatedHandler(int index) {
result = getTranslatedStmt(this.(TryStmt).getChild(index + 1))
or
index = 0 and
result = getTranslatedMicrosoftTryExceptHandler(this)
}
/** Gets the `finally` statement (usually a BlockStmt), if any. */
Stmt getFinally() { result = this.(MicrosoftTryFinallyStmt).getFinally() }
}
/**
* The IR translation of a C++ `try` (or a `__try __except` or `__try __finally`) statement.
*/ */
class TranslatedTryStmt extends TranslatedStmt { class TranslatedTryStmt extends TranslatedStmt {
override TryStmt stmt; override TryOrMicrosoftTryStmt stmt;
override TranslatedElement getChild(int id) { override TranslatedElement getChild(int id) {
id = 0 and result = getBody() id = 0 and result = getBody()
or or
result = getHandler(id - 1) result = getHandler(id - 1)
or
id = stmt.getNumberOfCatchClauses() + 1 and
result = this.getFinally()
} }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -269,8 +527,20 @@ class TranslatedTryStmt extends TranslatedStmt {
override Instruction getFirstInstruction() { result = getBody().getFirstInstruction() } override Instruction getFirstInstruction() { result = getBody().getFirstInstruction() }
override Instruction getChildSuccessor(TranslatedElement child) { override Instruction getChildSuccessor(TranslatedElement child) {
// All children go to the successor of the `try`. // All non-finally children go to the successor of the `try` if
child = getAChild() and result = getParent().getChildSuccessor(this) // there is no finally block, but if there is a finally block
// then we go to that one.
child = [this.getBody(), this.getHandler(_)] and
(
not exists(this.getFinally()) and
result = this.getParent().getChildSuccessor(this)
or
result = this.getFinally().getFirstInstruction()
)
or
// And after the finally block we go to the successor of the `try`.
child = this.getFinally() and
result = this.getParent().getChildSuccessor(this)
} }
final Instruction getNextHandler(TranslatedHandler handler) { final Instruction getNextHandler(TranslatedHandler handler) {
@@ -290,9 +560,9 @@ class TranslatedTryStmt extends TranslatedStmt {
result = getHandler(0).getFirstInstruction() result = getHandler(0).getFirstInstruction()
} }
private TranslatedHandler getHandler(int index) { private TranslatedElement getHandler(int index) { result = stmt.getTranslatedHandler(index) }
result = getTranslatedStmt(stmt.getChild(index + 1))
} private TranslatedStmt getFinally() { result = getTranslatedStmt(stmt.getFinally()) }
private TranslatedStmt getBody() { result = getTranslatedStmt(stmt.getStmt()) } private TranslatedStmt getBody() { result = getTranslatedStmt(stmt.getStmt()) }
} }

2
cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
View File

@@ -92,7 +92,7 @@ private class ArgvSource extends LocalFlowSource {
exists(Function main, Parameter argv | exists(Function main, Parameter argv |
main.hasGlobalName("main") and main.hasGlobalName("main") and
main.getParameter(1) = argv and main.getParameter(1) = argv and
this.asExpr() = argv.getAnAccess() this.asParameter() = argv
) )
} }

20
cpp/ql/src/AlertSuppression.ql
View File

@@ -5,10 +5,18 @@
* @id cpp/alert-suppression * @id cpp/alert-suppression
*/ */
private import codeql.suppression.AlertSuppression as AS private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.cpp.Element private import semmle.code.cpp.Element
class SingleLineComment extends Comment { class AstNode extends Locatable {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class SingleLineComment extends Comment, AstNode {
private string text; private string text;
SingleLineComment() { SingleLineComment() {
@@ -26,14 +34,8 @@ class SingleLineComment extends Comment {
not text.matches("%\n%") not text.matches("%\n%")
} }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the text in this comment, excluding the leading //. */ /** Gets the text in this comment, excluding the leading //. */
string getText() { result = text } string getText() { result = text }
} }
import AS::Make<SingleLineComment> import AS::Make<AstNode, SingleLineComment>

2
cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
View File

@@ -91,8 +91,6 @@ class TaintedPathConfiguration extends TaintTracking::Configuration {
) )
} }
override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
override predicate isSanitizer(DataFlow::Node node) { override predicate isSanitizer(DataFlow::Node node) {
node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType
or or

4
cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

10
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
View File

@@ -1,11 +1,11 @@
edges edges
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... |
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath |
nodes nodes
| test.cpp:23:20:23:23 | argv | semmle.label | argv | | test.cpp:22:27:22:30 | argv | semmle.label | argv |
| test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... | | test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... |
| test.cpp:29:13:29:20 | filePath | semmle.label | filePath | | test.cpp:29:13:29:20 | filePath | semmle.label | filePath |
subpaths subpaths
#select #select
| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | | test.cpp:29:13:29:20 | (const char *)... | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | | test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |

345
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -14822,3 +14822,348 @@ struct_init.cpp:
# 41| Type = [PointerType] Info * # 41| Type = [PointerType] Info *
# 41| ValueCategory = prvalue # 41| ValueCategory = prvalue
# 42| getStmt(2): [ReturnStmt] return ... # 42| getStmt(2): [ReturnStmt] return ...
try_except.c:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
try_except.cpp:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f_cpp()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g_cpp()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h_cpp(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 35| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 35| Conversion = [BoolConversion] conversion to bool
# 35| Type = [BoolType] bool
# 35| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
# 44| [TopLevelFunction] void throw_cpp(int)
# 44| <params>:
# 44| getParameter(0): [Parameter] b
# 44| Type = [IntType] int
# 44| getEntryPoint(): [BlockStmt] { ... }
# 45| getStmt(0): [DeclStmt] declaration
# 45| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 45| Type = [IntType] int
# 45| getVariable().getInitializer(): [Initializer] initializer for x
# 45| getExpr(): [Literal] 0
# 45| Type = [IntType] int
# 45| Value = [Literal] 0
# 45| ValueCategory = prvalue
# 46| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 46| getStmt(): [BlockStmt] { ... }
# 47| getStmt(0): [IfStmt] if (...) ...
# 47| getCondition(): [VariableAccess] b
# 47| Type = [IntType] int
# 47| ValueCategory = prvalue(load)
# 47| getThen(): [BlockStmt] { ... }
# 48| getStmt(0): [ExprStmt] ExprStmt
# 48| getExpr(): [ThrowExpr] throw ...
# 48| Type = [IntType] int
# 48| ValueCategory = prvalue
# 48| getExpr(): [Literal] 1
# 48| Type = [IntType] int
# 48| Value = [Literal] 1
# 48| ValueCategory = prvalue
# 47| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 47| Conversion = [BoolConversion] conversion to bool
# 47| Type = [BoolType] bool
# 47| ValueCategory = prvalue
# 51| getCondition(): [Literal] 1
# 51| Type = [IntType] int
# 51| Value = [Literal] 1
# 51| ValueCategory = prvalue
# 51| getExcept(): [BlockStmt] { ... }
# 52| getStmt(0): [ExprStmt] ExprStmt
# 52| getExpr(): [FunctionCall] call to sink
# 52| Type = [VoidType] void
# 52| ValueCategory = prvalue
# 52| getArgument(0): [VariableAccess] x
# 52| Type = [IntType] int
# 52| ValueCategory = prvalue(load)
# 54| getStmt(2): [ReturnStmt] return ...

159
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -9140,3 +9140,162 @@
| struct_init.cpp:41:21:41:32 | ChiTotal | total:m41_7 | | struct_init.cpp:41:21:41:32 | ChiTotal | total:m41_7 |
| struct_init.cpp:41:21:41:32 | SideEffect | ~m41_7 | | struct_init.cpp:41:21:41:32 | SideEffect | ~m41_7 |
| struct_init.cpp:41:21:41:32 | Unary | r41_3 | | struct_init.cpp:41:21:41:32 | Unary | r41_3 |
| try_except.c:6:6:6:6 | ChiPartial | partial:m6_3 |
| try_except.c:6:6:6:6 | ChiTotal | total:m6_2 |
| try_except.c:6:6:6:6 | SideEffect | ~m11_5 |
| try_except.c:7:7:7:7 | Address | &:r7_1 |
| try_except.c:7:10:7:10 | Address | &:r7_3 |
| try_except.c:7:13:7:14 | StoreValue | r7_4 |
| try_except.c:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.c:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.c:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.c:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.c:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.c:10:5:10:5 | Address | &:r10_3 |
| try_except.c:10:9:10:9 | Address | &:r10_1 |
| try_except.c:10:9:10:9 | Load | m7_5 |
| try_except.c:10:9:10:9 | StoreValue | r10_2 |
| try_except.c:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.c:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.c:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.c:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.c:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.c:18:6:18:6 | ChiPartial | partial:m18_3 |
| try_except.c:18:6:18:6 | ChiTotal | total:m18_2 |
| try_except.c:18:6:18:6 | SideEffect | ~m26_6 |
| try_except.c:19:7:19:7 | Address | &:r19_1 |
| try_except.c:19:10:19:10 | Address | &:r19_3 |
| try_except.c:19:13:19:14 | StoreValue | r19_4 |
| try_except.c:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.c:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.c:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.c:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.c:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.c:22:5:22:5 | Address | &:r22_3 |
| try_except.c:22:9:22:9 | Address | &:r22_1 |
| try_except.c:22:9:22:9 | Load | m19_5 |
| try_except.c:22:9:22:9 | StoreValue | r22_2 |
| try_except.c:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.c:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.c:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.c:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.c:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.c:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.c:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.c:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.c:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.c:26:10:26:10 | Address | &:r26_2 |
| try_except.c:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.c:26:10:26:10 | Load | m22_4 |
| try_except.c:32:6:32:6 | ChiPartial | partial:m32_3 |
| try_except.c:32:6:32:6 | ChiTotal | total:m32_2 |
| try_except.c:32:6:32:6 | SideEffect | ~m42_1 |
| try_except.c:32:12:32:12 | Address | &:r32_5 |
| try_except.c:33:7:33:7 | Address | &:r33_1 |
| try_except.c:33:10:33:11 | StoreValue | r33_2 |
| try_except.c:35:13:35:13 | Address | &:r35_1 |
| try_except.c:35:13:35:13 | Condition | r35_2 |
| try_except.c:35:13:35:13 | Load | m32_6 |
| try_except.c:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.c:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.c:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.c:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:6:6:6:10 | ChiPartial | partial:m6_3 |
| try_except.cpp:6:6:6:10 | ChiTotal | total:m6_2 |
| try_except.cpp:6:6:6:10 | SideEffect | ~m11_5 |
| try_except.cpp:7:7:7:7 | Address | &:r7_1 |
| try_except.cpp:7:10:7:10 | Address | &:r7_3 |
| try_except.cpp:7:13:7:14 | StoreValue | r7_4 |
| try_except.cpp:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.cpp:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.cpp:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.cpp:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.cpp:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.cpp:10:5:10:5 | Address | &:r10_3 |
| try_except.cpp:10:9:10:9 | Address | &:r10_1 |
| try_except.cpp:10:9:10:9 | Load | m7_5 |
| try_except.cpp:10:9:10:9 | StoreValue | r10_2 |
| try_except.cpp:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.cpp:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.cpp:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.cpp:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.cpp:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.cpp:18:6:18:10 | ChiPartial | partial:m18_3 |
| try_except.cpp:18:6:18:10 | ChiTotal | total:m18_2 |
| try_except.cpp:18:6:18:10 | SideEffect | ~m26_6 |
| try_except.cpp:19:7:19:7 | Address | &:r19_1 |
| try_except.cpp:19:10:19:10 | Address | &:r19_3 |
| try_except.cpp:19:13:19:14 | StoreValue | r19_4 |
| try_except.cpp:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.cpp:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.cpp:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.cpp:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.cpp:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.cpp:22:5:22:5 | Address | &:r22_3 |
| try_except.cpp:22:9:22:9 | Address | &:r22_1 |
| try_except.cpp:22:9:22:9 | Load | m19_5 |
| try_except.cpp:22:9:22:9 | StoreValue | r22_2 |
| try_except.cpp:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.cpp:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.cpp:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.cpp:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.cpp:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.cpp:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.cpp:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.cpp:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.cpp:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.cpp:26:10:26:10 | Address | &:r26_2 |
| try_except.cpp:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.cpp:26:10:26:10 | Load | m22_4 |
| try_except.cpp:32:6:32:10 | ChiPartial | partial:m32_3 |
| try_except.cpp:32:6:32:10 | ChiTotal | total:m32_2 |
| try_except.cpp:32:6:32:10 | SideEffect | ~m42_1 |
| try_except.cpp:32:16:32:16 | Address | &:r32_5 |
| try_except.cpp:33:7:33:7 | Address | &:r33_1 |
| try_except.cpp:33:10:33:11 | StoreValue | r33_2 |
| try_except.cpp:35:13:35:13 | Address | &:r35_1 |
| try_except.cpp:35:13:35:13 | Condition | r35_4 |
| try_except.cpp:35:13:35:13 | Left | r35_2 |
| try_except.cpp:35:13:35:13 | Load | m32_6 |
| try_except.cpp:35:13:35:13 | Right | r35_3 |
| try_except.cpp:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.cpp:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.cpp:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.cpp:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:44:6:44:14 | ChiPartial | partial:m44_3 |
| try_except.cpp:44:6:44:14 | ChiTotal | total:m44_2 |
| try_except.cpp:44:6:44:14 | SideEffect | ~m54_1 |
| try_except.cpp:44:20:44:20 | Address | &:r44_5 |
| try_except.cpp:45:7:45:7 | Address | &:r45_1 |
| try_except.cpp:45:10:45:11 | StoreValue | r45_2 |
| try_except.cpp:47:13:47:13 | Address | &:r47_1 |
| try_except.cpp:47:13:47:13 | Condition | r47_4 |
| try_except.cpp:47:13:47:13 | Left | r47_2 |
| try_except.cpp:47:13:47:13 | Load | m44_6 |
| try_except.cpp:47:13:47:13 | Right | r47_3 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Load | m48_3 |
| try_except.cpp:48:19:48:19 | StoreValue | r48_2 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:18:53:5 | Condition | r51_2 |
| try_except.cpp:51:18:53:5 | Condition | r51_5 |
| try_except.cpp:51:18:53:5 | Condition | r51_9 |
| try_except.cpp:51:18:53:5 | Right | r51_1 |
| try_except.cpp:51:18:53:5 | Right | r51_4 |
| try_except.cpp:51:18:53:5 | Right | r51_8 |
| try_except.cpp:52:9:52:12 | CallTarget | func:r52_1 |
| try_except.cpp:52:9:52:12 | ChiPartial | partial:m52_5 |
| try_except.cpp:52:9:52:12 | ChiTotal | total:m44_4 |
| try_except.cpp:52:9:52:12 | SideEffect | ~m44_4 |
| try_except.cpp:52:14:52:14 | Address | &:r52_2 |
| try_except.cpp:52:14:52:14 | Arg(0) | 0:r52_3 |
| try_except.cpp:52:14:52:14 | Load | m45_3 |
| try_except.cpp:54:1:54:1 | Phi | from 0:~m44_4 |
| try_except.cpp:54:1:54:1 | Phi | from 5:~m52_6 |

8
cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
View File

@@ -19,6 +19,14 @@ useNotDominatedByDefinition
| ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | | ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
| ir.cpp:1751:51:1751:51 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | | ir.cpp:1751:51:1751:51 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| ir.cpp:1752:48:1752:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | | ir.cpp:1752:48:1752:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
switchInstructionWithoutDefaultEdge switchInstructionWithoutDefaultEdge
notMarkedAsConflated notMarkedAsConflated
wronglyMarkedAsConflated wronglyMarkedAsConflated

387
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -10410,3 +10410,390 @@ struct_init.cpp:
# 36| v36_9(void) = ReturnVoid : # 36| v36_9(void) = ReturnVoid :
# 36| v36_10(void) = AliasedUse : ~m? # 36| v36_10(void) = AliasedUse : ~m?
# 36| v36_11(void) = ExitFunction : # 36| v36_11(void) = ExitFunction :
try_except.c:
# 6| void f()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| v35_3(void) = ConditionalBranch : r35_2
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
try_except.cpp:
# 6| void f_cpp()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g_cpp()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h_cpp(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| r35_3(int) = Constant[0] :
# 35| r35_4(bool) = CompareNE : r35_2, r35_3
# 35| v35_5(void) = ConditionalBranch : r35_4
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
# 44| void throw_cpp(int)
# 44| Block 0
# 44| v44_1(void) = EnterFunction :
# 44| mu44_2(unknown) = AliasedDefinition :
# 44| mu44_3(unknown) = InitializeNonLocal :
# 44| r44_4(glval<int>) = VariableAddress[b] :
# 44| mu44_5(int) = InitializeParameter[b] : &:r44_4
# 45| r45_1(glval<int>) = VariableAddress[x] :
# 45| r45_2(int) = Constant[0] :
# 45| mu45_3(int) = Store[x] : &:r45_1, r45_2
# 47| r47_1(glval<int>) = VariableAddress[b] :
# 47| r47_2(int) = Load[b] : &:r47_1, ~m?
# 47| r47_3(int) = Constant[0] :
# 47| r47_4(bool) = CompareNE : r47_2, r47_3
# 47| v47_5(void) = ConditionalBranch : r47_4
#-----| False -> Block 9
#-----| True -> Block 3
# 44| Block 1
# 44| v44_6(void) = AliasedUse : ~m?
# 44| v44_7(void) = ExitFunction :
# 44| Block 2
# 44| v44_8(void) = Unwind :
#-----| Goto -> Block 1
# 48| Block 3
# 48| r48_1(glval<int>) = VariableAddress[#throw48:13] :
# 48| r48_2(int) = Constant[1] :
# 48| mu48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, ~m?
#-----| Exception -> Block 7
# 51| Block 4
# 51| r51_1(int) = Constant[0] :
# 51| r51_2(bool) = CompareEQ : r51_8, r51_1
# 51| v51_3(void) = ConditionalBranch : r51_2
#-----| False -> Block 5
#-----| True -> Block 6
# 51| Block 5
# 51| r51_4(int) = Constant[1] :
# 51| r51_5(bool) = CompareEQ : r51_8, r51_4
# 51| v51_6(void) = ConditionalBranch : r51_5
#-----| True -> Block 8
# 51| Block 6
# 51| v51_7(void) = Unwind :
#-----| Goto -> Block 9
# 51| Block 7
# 51| r51_8(int) = Constant[1] :
# 51| r51_9(int) = Constant[-1] :
# 51| r51_10(bool) = CompareEQ : r51_8, r51_9
# 51| v51_11(void) = ConditionalBranch : r51_10
#-----| False -> Block 4
#-----| True -> Block 6
# 52| Block 8
# 52| r52_1(glval<unknown>) = FunctionAddress[sink] :
# 52| r52_2(glval<int>) = VariableAddress[x] :
# 52| r52_3(int) = Load[x] : &:r52_2, ~m?
# 52| v52_4(void) = Call[sink] : func:r52_1, 0:r52_3
# 52| mu52_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 9
# 54| Block 9
# 54| v54_1(void) = NoOp :
# 44| v44_9(void) = ReturnVoid :
#-----| Goto -> Block 1

42
cpp/ql/test/library-tests/ir/ir/try_except.c Normal file
View File

@@ -0,0 +1,42 @@
// semmle-extractor-options: --microsoft
void ProbeFunction();
void sink();
void f() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}

54
cpp/ql/test/library-tests/ir/ir/try_except.cpp Normal file
View File

@@ -0,0 +1,54 @@
// semmle-extractor-options: --microsoft
void ProbeFunction(...);
void sink(...);
void f_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h_cpp(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}
void throw_cpp(int b) {
int x = 0;
__try {
if (b) {
throw 1;
}
}
__except (1) {
sink(x);
}
}

6
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) | | condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) | | condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() | | misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) | | ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:11:12:11:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) | | ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:28:12:28:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) | | stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) | | vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | Chi: vla_typedef | Instruction 'Chi: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() | | vla.c:11:6:11:16 | Chi: vla_typedef | Instruction 'Chi: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

22
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -2316,12 +2316,34 @@ postWithInFlow
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. | | ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. | | ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:34:1:34:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ms_assume.cpp:34:1:34:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:7:13:7:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:14:13:14:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:17:13:17:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:11:7:11:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:11:7:11:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:16:13:16:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:28:7:28:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:28:7:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:33:13:33:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:48:5:48:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. | | ms_try_mix.cpp:48:5:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:51:5:51:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | Call [post update] | PostUpdateNode should not be the target of local flow. | | newexpr.cpp:8:2:8:20 | Call [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. | | newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. | | newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |

22
cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
View File

@@ -31,26 +31,8 @@ instructionWithoutSuccessor
| misc.c:174:17:174:22 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() | | misc.c:174:17:174:22 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:30:174:35 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() | | misc.c:174:30:174:35 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:55:174:60 | Store: (char ****)... | Instruction 'Store: (char ****)...' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() | | misc.c:174:55:174:60 | Store: (char ****)... | Instruction 'Store: (char ****)...' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:7:13:7:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Load: j | Instruction 'Load: j' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:10:13:10:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:14:13:14:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:17:13:17:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Sub: ... - ... | Instruction 'Sub: ... - ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:20:9:20:13 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:16:13:16:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:18:16:18:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:20:15:20:39 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:21:16:21:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) | | ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:35:16:35:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:38:16:38:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() | | ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:53:13:54:3 | NoOp: { ... } | Instruction 'NoOp: { ... }' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) | | stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_expr.cpp:29:11:32:11 | CopyValue: (statement expression) | Instruction 'CopyValue: (statement expression)' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) | | stmt_expr.cpp:29:11:32:11 | CopyValue: (statement expression) | Instruction 'CopyValue: (statement expression)' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_in_type.cpp:5:53:5:53 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | stmt_in_type.cpp:2:6:2:12 | void cpp_fun() | void cpp_fun() | | stmt_in_type.cpp:5:53:5:53 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | stmt_in_type.cpp:2:6:2:12 | void cpp_fun() | void cpp_fun() |
@@ -135,6 +117,10 @@ backEdgeCountMismatch
useNotDominatedByDefinition useNotDominatedByDefinition
| VacuousDestructorCall.cpp:2:29:2:29 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) | | VacuousDestructorCall.cpp:2:29:2:29 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| misc.c:219:47:219:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | misc.c:219:5:219:26 | int assign_designated_init(someStruct*) | int assign_designated_init(someStruct*) | | misc.c:219:47:219:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | misc.c:219:5:219:26 | int assign_designated_init(someStruct*) | int assign_designated_init(someStruct*) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| static_init_templates.cpp:15:1:15:18 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | static_init_templates.cpp:15:1:15:18 | void MyClass::MyClass() | void MyClass::MyClass() | | static_init_templates.cpp:15:1:15:18 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | static_init_templates.cpp:15:1:15:18 | void MyClass::MyClass() | void MyClass::MyClass() |
| try_catch.cpp:21:9:21:9 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) | | try_catch.cpp:21:9:21:9 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) |
| vla.c:3:27:3:30 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) | | vla.c:3:27:3:30 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |

6
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) | | condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) | | condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() | | misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) | | ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) | | ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) | | stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) | | vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | InitializeNonLocal: vla_typedef | Instruction 'InitializeNonLocal: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() | | vla.c:11:6:11:16 | InitializeNonLocal: vla_typedef | Instruction 'InitializeNonLocal: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

64
cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,58 +1,122 @@
| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range | | tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range | | tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:3:0:3:0 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range | | tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:4:0:4:0 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range | | tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:5:0:5:0 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range | | tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:6:0:6:0 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range | | tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:7:0:7:0 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range | | tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:8:0:8:0 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range | | tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:9:0:9:0 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range | | tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:10:0:10:0 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range | | tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:11:0:11:0 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range | | tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:12:0:12:0 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range | | tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:13:0:13:0 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range | | tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:15:0:15:0 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range | | tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:16:0:16:0 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range | | tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:17:0:17:0 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range | | tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:20:0:20:0 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range | | tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:21:0:21:0 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range | | tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:23:0:23:0 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range | | tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:25:0:25:0 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range | | tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:26:0:26:0 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range | | tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:27:0:27:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range | | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:28:0:28:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range | | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:28:0:28:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range | | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:29:0:29:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range | | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:29:0:29:0 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range | | tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:30:0:30:0 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range | | tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:31:0:31:0 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range | | tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:37:0:37:0 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range | | tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:38:0:38:0 | suppression range |
| tst.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:39:0:39:0 | suppression range |
| tst.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:40:0:40:0 | suppression range |
| tst.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.c:41:0:41:0 | suppression range |
| tst.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:42:0:42:0 | suppression range |
| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range | | tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range | | tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:3:0:3:0 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range | | tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:4:0:4:0 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range | | tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:5:0:5:0 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range | | tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:6:0:6:0 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range | | tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:7:0:7:0 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range | | tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:8:0:8:0 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range | | tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:9:0:9:0 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range | | tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:10:0:10:0 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range | | tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:11:0:11:0 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range | | tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:12:0:12:0 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range | | tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:13:0:13:0 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range | | tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:15:0:15:0 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range | | tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:16:0:16:0 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range | | tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:17:0:17:0 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range | | tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:20:0:20:0 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range | | tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:21:0:21:0 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range | | tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:23:0:23:0 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range | | tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:25:0:25:0 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range | | tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:26:0:26:0 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range | | tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:27:0:27:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range | | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range | | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range | | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range | | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range | | tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:30:0:30:0 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range | | tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:31:0:31:0 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range | | tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:37:0:37:0 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range | | tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:38:0:38:0 | suppression range |
| tstWindows.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:39:0:39:0 | suppression range |
| tstWindows.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:40:0:40:0 | suppression range |
| tstWindows.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.c:41:0:41:0 | suppression range |
| tstWindows.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:42:0:42:0 | suppression range |

9
cpp/ql/test/query-tests/AlertSuppression/tst.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/ */
/* lgtm[@tag:nullness,js/invocation-of-non-function] */ /* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */ /* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

9
cpp/ql/test/query-tests/AlertSuppression/tstWindows.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/ */
/* lgtm[@tag:nullness,js/invocation-of-non-function] */ /* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */ /* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

11
cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -1,12 +1,11 @@
edges edges
| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection |
| test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection | | test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection |
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection |
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection |
nodes nodes
| test.c:9:23:9:26 | argv | semmle.label | argv | | test.c:8:27:8:30 | argv | semmle.label | argv |
| test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection | | test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
| test.c:31:22:31:25 | argv | semmle.label | argv |
| test.c:32:11:32:18 | fileName indirection | semmle.label | fileName indirection | | test.c:32:11:32:18 | fileName indirection | semmle.label | fileName indirection |
| test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument | | test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
| test.c:38:11:38:18 | fileName indirection | semmle.label | fileName indirection | | test.c:38:11:38:18 | fileName indirection | semmle.label | fileName indirection |
@@ -14,7 +13,7 @@ nodes
| test.c:44:11:44:18 | fileName indirection | semmle.label | fileName indirection | | test.c:44:11:44:18 | fileName indirection | semmle.label | fileName indirection |
subpaths subpaths
#select #select
| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (a command-line argument) | | test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv | user input (a command-line argument) | | test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) | | test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) | | test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |

6
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -1,5 +1,5 @@
edges edges
| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection | | test.cpp:15:27:15:30 | argv | test.cpp:22:45:22:52 | userName indirection |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection | | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument | | test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection | | test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
@@ -74,7 +74,7 @@ edges
| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument | | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument | | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
nodes nodes
| test.cpp:16:20:16:23 | argv | semmle.label | argv | | test.cpp:15:27:15:30 | argv | semmle.label | argv |
| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument | | test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection | | test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
| test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection | | test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
@@ -161,7 +161,7 @@ subpaths
| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] | | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] | | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
#select #select
| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument | | test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument | | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument | | test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument | | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |

15
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
View File

@@ -1,5 +1,10 @@
edges edges
| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | | main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | *argv |
| overflowdestination.cpp:23:45:23:48 | *argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... |
| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection |
| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | (const void *)... | | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | (const void *)... |
@@ -17,7 +22,11 @@ edges
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src | | overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src |
nodes nodes
| overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv | | main.cpp:6:27:6:30 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | *argv | semmle.label | *argv |
| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv |
| overflowdestination.cpp:30:17:30:20 | (const char *)... | semmle.label | (const char *)... | | overflowdestination.cpp:30:17:30:20 | (const char *)... | semmle.label | (const char *)... |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument | | overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:46:15:46:17 | (const void *)... | semmle.label | (const void *)... | | overflowdestination.cpp:46:15:46:17 | (const void *)... | semmle.label | (const void *)... |
@@ -37,7 +46,7 @@ nodes
subpaths subpaths
| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | | overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
#select #select
| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |

12
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp Normal file
View File

@@ -0,0 +1,12 @@
int overflowdesination_main(int argc, char **argv);
int test_buffer_overrun_main(int argc, char **argv);
int tests_restrict_main(int argc, char **argv);
int tests_main(int argc, char **argv);
int main(int argc, char **argv) {
overflowdesination_main(argc, argv);
test_buffer_overrun_main(argc, argv);
tests_restrict_main(argc, argv);
tests_main(argc, argv);
return 0;
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp
View File

@@ -20,7 +20,7 @@ inline size_t min(size_t a, size_t b) {
} }
} }
int main(int argc, char* argv[]) { int overflowdesination_main(int argc, char* argv[]) {
char param[20]; char param[20];
char *arg1; char *arg1;

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp
View File

@@ -29,7 +29,7 @@ void test_buffer_overrun_in_while_loop_using_array_indexing()
} }
} }
int main(int argc, char *argv[]) int test_buffer_overrun_main(int argc, char *argv[])
{ {
test_buffer_overrun_in_for_loop(); test_buffer_overrun_in_for_loop();
test_buffer_overrun_in_while_loop_using_pointer_arithmetic(); test_buffer_overrun_in_while_loop_using_pointer_arithmetic();

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -603,7 +603,7 @@ void test22(bool b, const char* source) {
memcpy(dest, source, n); // GOOD memcpy(dest, source, n); // GOOD
} }
int main(int argc, char *argv[]) int tests_main(int argc, char *argv[])
{ {
long long arr17[19]; long long arr17[19];

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c
View File

@@ -12,7 +12,7 @@ void test1()
memcpy(largebuf, smallbuf, 2); // BAD: source over-read memcpy(largebuf, smallbuf, 2); // BAD: source over-read
} }
int main(int argc, char *argv[]) int tests_restrict_main(int argc, char *argv[])
{ {
test1(); test1();

14
cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
View File

@@ -1,7 +1,7 @@
edges edges
| test1.c:8:16:8:19 | argv | test1.c:9:9:9:9 | i | | test1.c:7:26:7:29 | argv | test1.c:9:9:9:9 | i |
| test1.c:8:16:8:19 | argv | test1.c:11:9:11:9 | i | | test1.c:7:26:7:29 | argv | test1.c:11:9:11:9 | i |
| test1.c:8:16:8:19 | argv | test1.c:13:9:13:9 | i | | test1.c:7:26:7:29 | argv | test1.c:13:9:13:9 | i |
| test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i | | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i |
| test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i | | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i |
| test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i | | test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i |
@@ -9,7 +9,7 @@ edges
| test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i | | test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i |
| test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j | | test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j |
nodes nodes
| test1.c:8:16:8:19 | argv | semmle.label | argv | | test1.c:7:26:7:29 | argv | semmle.label | argv |
| test1.c:9:9:9:9 | i | semmle.label | i | | test1.c:9:9:9:9 | i | semmle.label | i |
| test1.c:11:9:11:9 | i | semmle.label | i | | test1.c:11:9:11:9 | i | semmle.label | i |
| test1.c:13:9:13:9 | i | semmle.label | i | | test1.c:13:9:13:9 | i | semmle.label | i |
@@ -21,6 +21,6 @@ nodes
| test1.c:53:15:53:15 | j | semmle.label | j | | test1.c:53:15:53:15 | j | semmle.label | j |
subpaths subpaths
#select #select
| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | | test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | | test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | | test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |

26
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
View File

@@ -1,10 +1,10 @@
edges edges
| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
| test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
| test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... |
| test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
@@ -26,7 +26,7 @@ edges
| test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... | | test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... |
| test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... | | test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
nodes nodes
| test.cpp:40:21:40:24 | argv | semmle.label | argv | | test.cpp:39:27:39:30 | argv | semmle.label | argv |
| test.cpp:43:38:43:44 | tainted | semmle.label | tainted | | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
| test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... | | test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... |
| test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... | | test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... |
@@ -60,12 +60,12 @@ nodes
| test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... | | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
subpaths subpaths
#select #select
| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | | test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) | | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) | | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) | | test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |

6
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
View File

@@ -1,10 +1,10 @@
edges edges
| test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input |
nodes nodes
| test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets | | test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets |
| test.cpp:54:17:54:20 | argv | semmle.label | argv | | test.cpp:53:27:53:30 | argv | semmle.label | argv |
| test.cpp:58:25:58:29 | input | semmle.label | input | | test.cpp:58:25:58:29 | input | semmle.label | input |
subpaths subpaths
#select #select
| test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) | | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv | user input (a command-line argument) | | test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) |

6
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated. * Holds if the neutral is auto generated.
*/ */
predicate isAutoGenerated() { neutralElement(this, true) } predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
} }
} }

12
csharp/ql/src/AlertSuppression.ql
View File

@@ -5,9 +5,17 @@
* @id cs/alert-suppression * @id cs/alert-suppression
*/ */
private import codeql.suppression.AlertSuppression as AS private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.csharp.Comments private import semmle.code.csharp.Comments
class AstNode extends Element {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class SingleLineComment extends CommentLine { class SingleLineComment extends CommentLine {
SingleLineComment() { SingleLineComment() {
// Must be either `// ...` or `/* ... */` on a single line. // Must be either `// ...` or `/* ... */` on a single line.
@@ -21,4 +29,4 @@ class SingleLineComment extends CommentLine {
} }
} }
import AS::Make<SingleLineComment> import AS::Make<AstNode, SingleLineComment>

4
csharp/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.cs
View File

@@ -26,3 +26,11 @@ class Dead { } // lgtm
// LGTM[cs/unused-reftype] // LGTM[cs/unused-reftype]
// lgtm[cs/unused-reftype] and lgtm[cs/unused-field] // lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
// lgtm[cs/unused-reftype]; lgtm // lgtm[cs/unused-reftype]; lgtm
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End { } // codeql[js/debugger-statement]

60
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,54 +1,114 @@
| AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range | | AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range | | AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:3:0:3:0 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range | | AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:4:0:4:0 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range | | AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:5:0:5:0 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range | | AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:6:0:6:0 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range | | AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:7:0:7:0 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range | | AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:8:0:8:0 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range | | AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:9:0:9:0 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range | | AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:10:0:10:0 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range | | AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:11:0:11:0 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range | | AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:12:0:12:0 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range | | AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:13:0:13:0 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range | | AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:15:0:15:0 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range | | AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:16:0:16:0 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range | | AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:17:0:17:0 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range | | AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:20:0:20:0 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range | | AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:21:0:21:0 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range | | AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:23:0:23:0 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range | | AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:25:0:25:0 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range | | AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:26:0:26:0 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range | | AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:27:0:27:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range | | AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range | | AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range | | AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range | | AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:29:1:29:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:30:0:30:0 | suppression range |
| AlertSuppression.cs:30:1:30:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:31:0:31:0 | suppression range |
| AlertSuppression.cs:31:1:31:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppression.cs:32:0:32:0 | suppression range |
| AlertSuppression.cs:32:1:32:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:33:0:33:0 | suppression range |
| AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range | | AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range | | AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:3:0:3:0 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range | | AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:4:0:4:0 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range | | AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:5:0:5:0 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range | | AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:6:0:6:0 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range | | AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:7:0:7:0 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range | | AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:8:0:8:0 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range | | AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:9:0:9:0 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range | | AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:10:0:10:0 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range | | AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:11:0:11:0 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range | | AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:12:0:12:0 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range | | AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:13:0:13:0 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range | | AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:0:15:0 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range | | AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:16:0:16:0 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range | | AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:17:0:17:0 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range | | AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:20:0:20:0 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range | | AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:21:0:21:0 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range | | AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:23:0:23:0 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range | | AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:25:0:25:0 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range | | AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:26:0:26:0 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range | | AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:27:0:27:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range | | AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range | | AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range | | AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range | | AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range | | AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:30:0:30:0 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range | | AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:31:0:31:0 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range | | AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:36:0:36:0 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range | | AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:37:0:37:0 | suppression range |
| AlertSuppressionWindows.cs:37:1:37:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:38:0:38:0 | suppression range |
| AlertSuppressionWindows.cs:38:1:38:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:39:0:39:0 | suppression range |
| AlertSuppressionWindows.cs:39:1:39:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:40:0:40:0 | suppression range |
| AlertSuppressionWindows.cs:40:1:40:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:41:0:41:0 | suppression range |

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppressionWindows.cs
View File

@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
*/ */
/* lgtm[@tag:nullness,cs/unused-reftype] */ /* lgtm[@tag:nullness,cs/unused-reftype] */
/* lgtm[@tag:nullness] */ /* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End2 { } // codeql[js/debugger-statement]

6
docs/codeql/codeql-language-guides/annotations-in-java.rst
View File

@@ -185,7 +185,7 @@ For more information about the class ``Call``, see ":doc:`Navigating the call gr
Improvements Improvements
~~~~~~~~~~~~ ~~~~~~~~~~~~
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecated")``. The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecation")``.
For instance, consider this slightly updated example: For instance, consider this slightly updated example:
@@ -198,7 +198,7 @@ For instance, consider this slightly updated example:
m(); m();
} }
@SuppressWarnings("deprecated") @SuppressWarnings("deprecation")
void r() { void r() {
m(); m();
} }
@@ -206,7 +206,7 @@ For instance, consider this slightly updated example:
Here, the programmer has explicitly suppressed warnings about deprecated calls in ``A.r``, so our query should not flag the call to ``A.m`` any more. Here, the programmer has explicitly suppressed warnings about deprecated calls in ``A.r``, so our query should not flag the call to ``A.m`` any more.
To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecated`` occurs among the list of warnings to suppress: To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecation`` occurs among the list of warnings to suppress:
.. code-block:: ql .. code-block:: ql

2
go/CONTRIBUTING.md
View File

@@ -44,7 +44,7 @@ Follow the steps below to help other users understand what your query does, and
4. **Make sure the `select` statement is compatible with the query type** 4. **Make sure the `select` statement is compatible with the query type**
The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and Visual Studio Code. The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in query results.
For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com. For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com.
5. **Write a query help file** 5. **Write a query help file**

7
go/Makefile
View File

@@ -1,4 +1,4 @@
all: extractor ql/lib/go.dbscheme install-deps all: extractor ql/lib/go.dbscheme
ifeq ($(OS),Windows_NT) ifeq ($(OS),Windows_NT)
EXE = .exe EXE = .exe
@@ -36,9 +36,6 @@ autoformat:
check-formatting: check-formatting:
test -z "$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l)" test -z "$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l)"
install-deps:
bash scripts/install-deps.sh $(CODEQL_LOCK_MODE)
ifeq ($(QHELP_OUT_DIR),) ifeq ($(QHELP_OUT_DIR),)
# If not otherwise specified, compile qhelp to markdown in place # If not otherwise specified, compile qhelp to markdown in place
QHELP_OUT_DIR := ql/src QHELP_OUT_DIR := ql/src
@@ -75,7 +72,7 @@ tools-win64: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES)))
$(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))): $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))):
env GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(@F)) env GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(@F))
.PHONY: extractor-common extractor extractor-full install-deps .PHONY: extractor-common extractor extractor-full
extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \ extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \
tools/tokenizer.jar $(CODEQL_TOOLS) tools/tokenizer.jar $(CODEQL_TOOLS)
rm -rf $(EXTRACTOR_PACK_OUT) rm -rf $(EXTRACTOR_PACK_OUT)

29
go/README.md
View File

@@ -1,8 +1,7 @@
# Go analysis support for CodeQL # Go analysis support for CodeQL
This open-source repository contains the extractor, CodeQL libraries, and queries that power Go This sub-folder contains the extractor, CodeQL libraries, and queries that power Go
support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) support for CodeQL.
makes available to its customers worldwide.
It contains two major components: It contains two major components:
- an extractor, itself written in Go, that parses Go source code and converts it into a database - an extractor, itself written in Go, that parses Go source code and converts it into a database
@@ -10,35 +9,13 @@ It contains two major components:
- static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be
used to analyze such a database to find coding mistakes or security vulnerabilities. used to analyze such a database to find coding mistakes or security vulnerabilities.
The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.
For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL
repository](https://github.com/github/codeql).
## Installation
Clone this repository.
Run `scripts/install-deps.sh`. This will ensure that the necessary external CodeQL packs are
downloaded to your machine. You will need to re-run this script whenever you pull new commits from
the repo.
If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS
Code workspace.
## Usage ## Usage
To analyze a Go codebase, either use the [CodeQL command-line To analyze a Go codebase, either use the [CodeQL command-line
interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or
download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the download a pre-built database from [GitHub.com](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#downloading-databases-from-github-com). You can then run any of the
queries contained in this repository either on the command line or using the VS Code extension. queries contained in this repository either on the command line or using the VS Code extension.
Note that the [lgtm.com](https://github.com/github/codeql/tree/lgtm.com) branch of this
repository corresponds to the version of the queries that is currently deployed on LGTM.com.
The [main](https://github.com/github/codeql/tree/main) branch may contain changes that
have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before
running queries on them.
## Contributions ## Contributions
Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our

6
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated. * Holds if the neutral is auto generated.
*/ */
predicate isAutoGenerated() { neutralElement(this, true) } predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
} }
} }

4
go/ql/src/AlertSuppression.ql
View File

@@ -5,7 +5,7 @@
* @id go/alert-suppression * @id go/alert-suppression
*/ */
private import codeql.suppression.AlertSuppression as AS private import codeql.util.suppression.AlertSuppression as AS
private import semmle.go.Comments as G private import semmle.go.Comments as G
class SingleLineComment extends G::Comment { class SingleLineComment extends G::Comment {
@@ -15,4 +15,4 @@ class SingleLineComment extends G::Comment {
} }
} }
import AS::Make<SingleLineComment> import AS::Make<G::Locatable, SingleLineComment>

4
go/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

8
go/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -29,6 +29,10 @@
| tst.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tst.go:37:1:37:42 | suppression range | | tst.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tst.go:37:1:37:42 | suppression range |
| tst.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tst.go:43:1:43:56 | suppression range | | tst.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tst.go:43:1:43:56 | suppression range |
| tst.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.go:44:1:44:32 | suppression range | | tst.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.go:44:1:44:32 | suppression range |
| tst.go:45:2:45:33 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:46:0:46:0 | suppression range |
| tst.go:47:2:47:33 | comment | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:48:0:48:0 | suppression range |
| tst.go:49:2:49:70 | comment | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.go:50:0:50:0 | suppression range |
| tst.go:51:2:51:36 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:52:0:52:0 | suppression range |
| tstWindows.go:7:8:7:14 | comment | lgtm | lgtm | tstWindows.go:7:1:7:14 | suppression range | | tstWindows.go:7:8:7:14 | comment | lgtm | lgtm | tstWindows.go:7:1:7:14 | suppression range |
| tstWindows.go:8:8:8:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:8:1:8:39 | suppression range | | tstWindows.go:8:8:8:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:8:1:8:39 | suppression range |
| tstWindows.go:9:8:9:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:9:1:9:39 | suppression range | | tstWindows.go:9:8:9:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:9:1:9:39 | suppression range |
@@ -59,3 +63,7 @@
| tstWindows.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:37:1:37:42 | suppression range | | tstWindows.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:37:1:37:42 | suppression range |
| tstWindows.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tstWindows.go:43:1:43:56 | suppression range | | tstWindows.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tstWindows.go:43:1:43:56 | suppression range |
| tstWindows.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.go:44:1:44:32 | suppression range | | tstWindows.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.go:44:1:44:32 | suppression range |
| tstWindows.go:45:2:45:33 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:46:0:46:0 | suppression range |
| tstWindows.go:47:2:47:33 | comment | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:48:0:48:0 | suppression range |
| tstWindows.go:49:2:49:70 | comment | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.go:50:0:50:0 | suppression range |
| tstWindows.go:51:2:51:36 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:52:0:52:0 | suppression range |

12
go/ql/test/query-tests/AlertSuppression/tst.go
View File

@@ -42,4 +42,16 @@ func main() {
*/ */
x = x /* lgtm[@tag:nullness,go/redundant-assignment] */ x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
x = x /* lgtm[@tag:nullness] */ x = x /* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
x = x
// CODEQL[js/debugger-statement]
x = x
// codeql[js/debugger-statement] -- because I know better than codeql
x = x
/* codeql[js/debugger-statement] */
x = x
/* codeql[js/debugger-statement]
*/
x = x
x = x // codeql[js/debugger-statement]
} }

15
go/ql/test/query-tests/AlertSuppression/tstWindows.go
View File

@@ -42,4 +42,17 @@ func winMain() {
*/ */
x = x /* lgtm[@tag:nullness,go/redundant-assignment] */ x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
x = x /* lgtm[@tag:nullness] */ x = x /* lgtm[@tag:nullness] */
} // codeql[js/debugger-statement]
x = x
// CODEQL[js/debugger-statement]
x = x
// codeql[js/debugger-statement] -- because I know better than codeql
x = x
/* codeql[js/debugger-statement] */
x = x
/* codeql[js/debugger-statement]
*/
x = x
x = x // codeql[js/debugger-statement]
}

22
go/scripts/install-deps.sh
View File

@@ -1,22 +0,0 @@
#!/bin/bash
# Installs any necessary QL pack dependencies from the package registry.
# The optional argument must be a valid value for the `--mode` option to `codeql pack install`
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
GO_ROOT=$(dirname "$SCRIPT_DIR")
if [ $# -eq 0 ]; then
LOCK_MODE="use-lock"
elif [ $# -eq 1 ]; then
LOCK_MODE=$1
else
echo "Usage: install-deps.sh [<lock-mode>]"
echo " lock-mode: One of 'use-lock' (default), 'verify', 'update', or 'no-lock'"
exit 1
fi
for d in ql/lib ql/src ql/test ql/examples
do
codeql pack install --mode ${LOCK_MODE} "${GO_ROOT}/${d}"
done

5
java/documentation/library-coverage/coverage.csv
View File

@@ -39,10 +39,11 @@ jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55 jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40, java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40,
java.lang,13,,66,,,,,,,,,,,,8,,,,,,4,,,1,,,,,,,,,,,,,,,,54,12 java.lang,13,,75,,,,,,,,,,,,8,,,,,,4,,,1,,,,,,,,,,,,,,,,56,19
java.math,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
java.net,10,3,7,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,3,7, java.net,10,3,7,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,3,7,
java.nio,15,,16,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,16, java.nio,15,,16,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,16,
java.sql,11,,,,,,,,,,4,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,, java.sql,11,,1,,,,,,,,4,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,1,
java.util,44,,461,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425 java.util,44,,461,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425
javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,, javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
1 package sink source summary sink:bean-validation sink:create-file sink:fragment-injection sink:groovy sink:header-splitting sink:information-leak sink:intent-start sink:jdbc-url sink:jexl sink:jndi-injection sink:ldap sink:logging sink:mvel sink:ognl-injection sink:open-url sink:pending-intent-sent sink:regex-use sink:regex-use[-1] sink:regex-use[0] sink:regex-use[] sink:regex-use[f-1] sink:regex-use[f1] sink:regex-use[f] sink:set-hostname-verifier sink:sql sink:ssti sink:url-open-stream sink:url-redirect sink:write-file sink:xpath sink:xslt sink:xss source:android-external-storage-dir source:android-widget source:contentprovider source:remote summary:taint summary:value
39 jakarta.ws.rs.core 2 149 2 94 55
40 java.beans 1 1
41 java.io 37 40 15 22 40
42 java.lang 13 66 75 8 4 1 54 56 12 19
43 java.math 1 1
44 java.net 10 3 7 10 3 7
45 java.nio 15 16 13 2 16
46 java.sql 11 1 4 7 1
47 java.util 44 461 34 5 2 1 2 36 425
48 javax.faces.context 2 7 2 7
49 javax.jms 9 57 9 57

4
java/documentation/library-coverage/coverage.rst
View File

@@ -18,10 +18,10 @@ Java framework & library support
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,, `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
JBoss Logging,``org.jboss.logging``,,,324,,,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,,,
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
Java Standard Library,``java.*``,3,591,130,28,,,7,,,10 Java Standard Library,``java.*``,3,602,130,28,,,7,,,10
Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2 Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
Kotlin Standard Library,``kotlin*``,,1835,12,10,,,,,,2 Kotlin Standard Library,``kotlin*``,,1835,12,10,,,,,,2
`Spring <https://spring.io/>`_,``org.springframework.*``,29,477,101,,,,19,14,,29 `Spring <https://spring.io/>`_,``org.springframework.*``,29,477,101,,,,19,14,,29
Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",60,300,269,,,,14,18,,3 Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",60,300,269,,,,14,18,,3
Totals,,217,8438,1563,129,6,10,107,33,1,86 Totals,,217,8449,1563,129,6,10,107,33,1,86

4
java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* We now correctly handle empty block comments, like `/**/`. Previously these could be mistaken for Javadoc comments and led to attribution of Javadoc tags to the wrong declaration.

4
java/ql/lib/change-notes/2022-12-16-add-top-jdk-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more dataflow models for frequently-used JDK APIs.

32
java/ql/lib/ext/java.lang.model.yml
View File

@@ -37,12 +37,17 @@ extensions:
- ["java.lang", "CharSequence", True, "charAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.lang", "CharSequence", True, "charAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "CharSequence", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.lang", "CharSequence", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "CharSequence", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.lang", "CharSequence", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "IllegalArgumentException", False, "IllegalArgumentException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "IllegalStateException", False, "IllegalStateException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "Integer", False, "parseInt", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "RuntimeException", False, "RuntimeException", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
- ["java.lang", "String", False, "String", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["java.lang", "String", False, "String", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -82,7 +87,34 @@ extensions:
- ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"] - ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
- ["java.lang", "Throwable", False, "getCause", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
- ["java.lang", "Throwable", False, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.lang", "Class", "getName", "()", "manual"]
- ["java.lang", "Class", "getSimpleName", "()", "manual"]
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
- ["java.lang", "Enum", "equals", "(Object)", "manual"]
- ["java.lang", "Enum", "name", "()", "manual"]
- ["java.lang", "Enum", "toString", "()", "manual"]
- ["java.lang", "Object", "equals", "(Object)", "manual"]
- ["java.lang", "Object", "getClass", "()", "manual"]
- ["java.lang", "Object", "hashCode", "()", "manual"]
- ["java.lang", "Object", "toString", "()", "manual"]
- ["java.lang", "String", "contains", "(CharSequence)", "manual"]
- ["java.lang", "String", "equals", "(Object)", "manual"]
- ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
- ["java.lang", "String", "hashCode", "()", "manual"]
- ["java.lang", "String", "isEmpty", "()", "manual"]
- ["java.lang", "String", "length", "()", "manual"]
- ["java.lang", "String", "startsWith", "(String)", "manual"]
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]

6
java/ql/lib/ext/java.math.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

6
java/ql/lib/ext/java.sql.model.yml
View File

@@ -14,3 +14,9 @@ extensions:
- ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"] - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"] - ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"] - ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]

23
java/ql/lib/ext/java.util.model.yml
View File

@@ -355,3 +355,26 @@ extensions:
- ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] - ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.util", "Collections", "emptyList", "()", "manual"]
- ["java.util", "Collection", "size", "()", "manual"]
- ["java.util", "Iterator", "hasNext", "()", "manual"]
- ["java.util", "List", "contains", "(Object)", "manual"]
- ["java.util", "List", "isEmpty", "()", "manual"]
- ["java.util", "List", "size", "()", "manual"]
- ["java.util", "Map", "containsKey", "(Object)", "manual"]
- ["java.util", "Map", "isEmpty", "()", "manual"]
- ["java.util", "Map", "size", "()", "manual"]
- ["java.util", "Objects", "equals", "(Object,Object)", "manual"]
- ["java.util", "Objects", "hash", "(Object[])", "manual"]
- ["java.util", "Optional", "empty", "()", "manual"]
- ["java.util", "Optional", "isPresent", "()", "manual"]
- ["java.util", "Set", "contains", "(Object)", "manual"]
- ["java.util", "Set", "isEmpty", "()", "manual"]
- ["java.util", "Set", "size", "()", "manual"]
- ["java.util", "UUID", "randomUUID", "()", "manual"]
- ["java.util", "UUID", "toString", "()", "manual"]

6
java/ql/lib/ext/java.util.stream.model.yml
View File

@@ -87,3 +87,9 @@ extensions:
- ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"] - ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
- ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.util.stream", "Collectors", "toList", "()", "manual"]

8
java/ql/lib/semmle/code/java/Javadoc.qll
View File

@@ -33,7 +33,11 @@ class Javadoc extends JavadocParent, @javadoc {
string getAuthor() { result = this.getATag("@author").getChild(0).toString() } string getAuthor() { result = this.getATag("@author").getChild(0).toString() }
override string toString() { override string toString() {
result = this.toStringPrefix() + this.getChild(0) + this.toStringPostfix() exists(string childStr |
if exists(this.getChild(0)) then childStr = this.getChild(0).toString() else childStr = ""
|
result = this.toStringPrefix() + childStr + this.toStringPostfix()
)
} }
private string toStringPrefix() { private string toStringPrefix() {
@@ -48,7 +52,7 @@ class Javadoc extends JavadocParent, @javadoc {
if isEolComment(this) if isEolComment(this)
then result = "" then result = ""
else ( else (
if strictcount(this.getAChild()) = 1 then result = " */" else result = " ... */" if strictcount(this.getAChild()) > 1 then result = " ... */" else result = " */"
) )
} }

6
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated. * Holds if the neutral is auto generated.
*/ */
predicate isAutoGenerated() { neutralElement(this, true) } predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
} }
} }

140
java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll Normal file
View File

@@ -0,0 +1,140 @@
/** Definitions for the Android Missing Certificate Pinning query. */
import java
import semmle.code.xml.AndroidManifest
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.Networking
import semmle.code.java.security.Encryption
import semmle.code.java.security.HttpsUrls
/** An Android Network Security Configuration XML file. */
class AndroidNetworkSecurityConfigFile extends XmlFile {
AndroidNetworkSecurityConfigFile() {
exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName |
confAttr.getElement() = app and
confAttr.getValue() = "@xml/" + confName and
this.getRelativePath().matches("%res/xml/" + confName + ".xml") and
this.getARootElement().getName() = "network-security-config"
)
}
}
/** Holds if this database is of an Android application. */
predicate isAndroid() { exists(AndroidManifestXmlFile m) }
/** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
private predicate trustedDomainViaXml(string domainName) {
exists(
AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain,
XmlElement trust
|
domConf.getFile() = confFile and
domConf.getName() = "domain-config" and
domain.getParent() = domConf and
domain.getName() = "domain" and
domain.getACharactersSet().getCharacters() = domainName and
trust.getParent() = domConf and
trust.getName() = ["trust-anchors", "pin-set"]
)
}
/** Holds if the given domain name is trusted by an OkHttp `CertificatePinner`. */
private predicate trustedDomainViaOkHttp(string domainName) {
exists(CompileTimeConstantExpr domainExpr, MethodAccess certPinnerAdd |
domainExpr.getStringValue().replaceAll("*.", "") = domainName and // strip wildcard patterns like *.example.com
certPinnerAdd.getMethod().hasQualifiedName("okhttp3", "CertificatePinner$Builder", "add") and
DataFlow::localExprFlow(domainExpr, certPinnerAdd.getArgument(0))
)
}
/** Holds if the given domain name is trusted by some certificate pinning implementation. */
predicate trustedDomain(string domainName) {
trustedDomainViaXml(domainName)
or
trustedDomainViaOkHttp(domainName)
}
/**
* Holds if `setSocketFactory` is a call to `HttpsURLConnection.setSSLSocketFactory` or `HttpsURLConnection.setDefaultSSLSocketFactory`
* that uses a socket factory derived from a `TrustManager`.
* `default` is true if the default SSL socket factory for all URLs is being set.
*/
private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
exists(Method m | setSocketFactory.getMethod() = m |
default = true and m instanceof SetDefaultConnectionFactoryMethod
or
default = false and m instanceof SetConnectionFactoryMethod
) and
initSslContext.getMethod().getDeclaringType() instanceof SslContext and
initSslContext.getMethod().hasName("init") and
getSocketFactory.getMethod().getASourceOverriddenMethod*() instanceof GetSocketFactory and
not initSslContext.getArgument(1) instanceof NullLiteral and
DataFlow::localExprFlow(initSslContext.getQualifier(), getSocketFactory.getQualifier()) and
DataFlow::localExprFlow(getSocketFactory, setSocketFactory.getArgument(0))
)
}
/**
* Holds if the given expression is an qualifier to a `URL.openConnection` or `URL.openStream` call
* that is trusted due to its SSL socket factory being set.
*/
private predicate trustedUrlConnection(Expr url) {
exists(MethodAccess openCon |
openCon.getMethod().getASourceOverriddenMethod*() instanceof UrlOpenConnectionMethod and
url = openCon.getQualifier() and
exists(MethodAccess setSocketFactory |
trustedSocketFactory(setSocketFactory, false) and
TaintTracking::localExprTaint(openCon, setSocketFactory.getQualifier())
)
)
or
trustedSocketFactory(_, true) and
exists(MethodAccess open, Method m |
m instanceof UrlOpenConnectionMethod or m instanceof UrlOpenStreamMethod
|
open.getMethod().getASourceOverriddenMethod*() = m and
url = open.getQualifier()
)
}
private class MissingPinningSink extends DataFlow::Node {
MissingPinningSink() {
this instanceof UrlOpenSink and
not trustedUrlConnection(this.asExpr())
}
}
/** Configuration for finding uses of non trusted URLs. */
private class UntrustedUrlConfig extends TaintTracking::Configuration {
UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
override predicate isSource(DataFlow::Node node) {
trustedDomain(_) and
exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() |
lit.matches("%://%") and // it's a URL
not exists(string dom | trustedDomain(dom) and lit.matches("%" + dom + "%"))
)
}
override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink }
}
/** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
predicate missingPinning(DataFlow::Node node, string domain) {
isAndroid() and
node instanceof MissingPinningSink and
(
not trustedDomain(_) and domain = ""
or
exists(UntrustedUrlConfig conf, DataFlow::Node src |
conf.hasFlow(src, node) and
domain = getDomain(src.asExpr())
)
)
}
/** Gets the domain name from the given string literal */
private string getDomain(CompileTimeConstantExpr expr) {
result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)(/.*)?", 2)
}

9
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -143,6 +143,7 @@ class CreateSslEngineMethod extends Method {
} }
} }
/** The `setConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
class SetConnectionFactoryMethod extends Method { class SetConnectionFactoryMethod extends Method {
SetConnectionFactoryMethod() { SetConnectionFactoryMethod() {
this.hasName("setSSLSocketFactory") and this.hasName("setSSLSocketFactory") and
@@ -150,6 +151,14 @@ class SetConnectionFactoryMethod extends Method {
} }
} }
/** The `setDefaultConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
class SetDefaultConnectionFactoryMethod extends Method {
SetDefaultConnectionFactoryMethod() {
this.hasName("setDefaultSSLSocketFactory") and
this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
}
}
class SetHostnameVerifierMethod extends Method { class SetHostnameVerifierMethod extends Method {
SetHostnameVerifierMethod() { SetHostnameVerifierMethod() {
this.hasName("setHostnameVerifier") and this.hasName("setHostnameVerifier") and

4
java/ql/src/AlertSuppression.ql
View File

@@ -5,7 +5,7 @@
* @id java/alert-suppression * @id java/alert-suppression
*/ */
private import codeql.suppression.AlertSuppression as AS private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.java.Javadoc private import semmle.code.java.Javadoc
class SingleLineComment extends Javadoc { class SingleLineComment extends Javadoc {
@@ -18,4 +18,4 @@ class SingleLineComment extends Javadoc {
string getText() { result = this.getChild(0).getText() } string getText() { result = this.getChild(0).getText() }
} }
import AS::Make<SingleLineComment> import AS::Make<Top, SingleLineComment>

6
java/ql/src/AlertSuppressionAnnotations.ql
View File

@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
/** Gets the LGTM suppression annotation text in the string `s`, if any. */ /** Gets the LGTM suppression annotation text in the string `s`, if any. */
bindingset[s] bindingset[s]
string getAnnotationText(string s) { string getAnnotationText(string s) {
// match `lgtm[...]` anywhere in the comment // match `lgtm[...]` or `codeql[...]` anywhere in the comment
result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _) result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
} }
/** /**
@@ -96,5 +96,5 @@ where
annotationText = getAnnotationText(text) annotationText = getAnnotationText(text)
select c, // suppression entity select c, // suppression entity
text, // full text of suppression string text, // full text of suppression string
annotationText, // LGTM suppression annotation text annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
c.getScope() // scope of suppression c.getScope() // scope of suppression

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name Access Java object methods through JavaScript exposure * @name Access Java object methods through JavaScript exposure
* @id java/android-webview-addjavascriptinterface * @id java/android/webview-addjavascriptinterface
* @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application. * @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
* @kind problem * @kind problem
* @problem.severity warning * @problem.severity warning

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
View File

@@ -2,7 +2,7 @@
* @name Android WebView JavaScript settings * @name Android WebView JavaScript settings
* @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks. * @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
* @kind problem * @kind problem
* @id java/android-websettings-javascript-enabled * @id java/android/websettings-javascript-enabled
* @problem.severity warning * @problem.severity warning
* @security-severity 6.1 * @security-severity 6.1
* @precision medium * @precision medium

2
java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
View File

@@ -2,7 +2,7 @@
* @name Android WebSettings file access * @name Android WebSettings file access
* @kind problem * @kind problem
* @description Enabling access to the file system in a WebView allows attackers to view sensitive information. * @description Enabling access to the file system in a WebView allows attackers to view sensitive information.
* @id java/android-websettings-file-access * @id java/android/websettings-file-access
* @problem.severity warning * @problem.severity warning
* @security-severity 6.5 * @security-severity 6.5
* @precision medium * @precision medium

48
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp Normal file
View File

@@ -0,0 +1,48 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default.
In Android applications, it is reccomended to use certificate pinning when communicating over the network,
in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.
</p>
</overview>
<recommendation>
<p>
The easiest way to implement certificate pinning is to declare your pins in a <code>network-security-config</code> XML file.
This will automatically provide certificate pinning for any network connection made by the app.
</p>
<p>
Another way to implement certificate pinning is to use the `CertificatePinner` class from the `okhttp` library.
</p>
<p>
A final way to implement certificate pinning is to use a <code>TrustManager</code>, initialized from a <code>KeyStore</code> loaded with only the necessary certificates.
</p>
</recommendation>
<example>
<p>
In the first (bad) case below, a network call is performed with no certificate pinning implemented.
The other (good) cases demonstrate the different ways to implement certificate pinning.
</p>
<sample src="AndroidMissingCertificatePinning1.java" />
<sample src="AndroidMissingCertificatePinning2.xml" />
<sample src="AndroidMissingCertificatePinning3.java" />
</example>
<references>
<li>
OWASP Mobile Security: <a href="https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4">Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)</a>.
</li>
<li>
Android Developers: <a href="https://developer.android.com/training/articles/security-config">Network security configuration</a>.
</li>
<li>
OkHttp: <a href="https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a>.
</li>
</references>
</qhelp>

22
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql Normal file
View File

@@ -0,0 +1,22 @@
/**
* @name Android missing certificate pinning
* @description Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications.
* @kind problem
* @problem.severity warning
* @security-severity 5.9
* @precision medium
* @id java/android/missing-certificate-pinning
* @tags security
* external/cwe/cwe-295
*/
import java
import semmle.code.java.security.AndroidCertificatePinningQuery
from DataFlow::Node node, string domain, string msg
where
missingPinning(node, domain) and
if domain = ""
then msg = "(no explicitly trusted domains)"
else msg = "(" + domain + " is not trusted by a pin)"
select node, "This network call does not implement certificate pinning. " + msg

2
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java Normal file
View File

@@ -0,0 +1,2 @@
// BAD - By default, this network call does not use certificate pinning
URLConnection conn = new URL("https://example.com").openConnection();

21
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml Normal file
View File

@@ -0,0 +1,21 @@
<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->
<!-- In AndroidManifest.xml -->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app">
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
...
</application>
</manifest>
<!-- In res/xml/NetworkSecurityConfig.xml -->
<network-security-config>
<domain-config>
<domain>good.example.com</domain>
<pin-set expiration="2038/1/19">
<pin digest="SHA-256">...</pin>
</pin-set>
</domain-config>
</network-security-config>

26
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java Normal file
View File

@@ -0,0 +1,26 @@
// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
client.newCall(new Request.Builder().url("https://example.com").build()).execute();
// GOOD: Certificate pinning implemented via a TrustManager
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(resources.openRawResource(R.raw.cert), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
URL url = new URL("http://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

4
java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: newQuery
---
* Added a new query, `java/android/missing-certificate-pinning`, to find network calls where certificate pinning is not implemented.

4
java/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

10
java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected
View File

@@ -12,8 +12,14 @@ edges
| ThreadResourceAbuse.java:71:15:71:17 | parameter this [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number | | ThreadResourceAbuse.java:71:15:71:17 | parameter this [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number |
| ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | | ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime |
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:173:37:173:42 | header : String |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
| ThreadResourceAbuse.java:173:37:173:42 | header : String | ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number |
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this [slowUploads] : Number | | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number |
@@ -42,8 +48,12 @@ nodes
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | semmle.label | getValue(...) : String | | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | semmle.label | getValue(...) : String |
| ThreadResourceAbuse.java:144:34:144:42 | delayTime | semmle.label | delayTime | | ThreadResourceAbuse.java:144:34:144:42 | delayTime | semmle.label | delayTime |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | semmle.label | getHeader(...) : String | | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | semmle.label | getHeader(...) : String |
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ThreadResourceAbuse.java:173:37:173:42 | header : String | semmle.label | header : String |
| ThreadResourceAbuse.java:176:17:176:26 | retryAfter | semmle.label | retryAfter | | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | semmle.label | retryAfter |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | semmle.label | uploadDelayStr : String |
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | semmle.label | new UploadListener(...) [slowUploads] : Number | | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | semmle.label | new UploadListener(...) [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number |
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number | | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number |

6
java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected
View File

@@ -3,8 +3,12 @@ edges
| NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) | | NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) |
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | | NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:32:23:39 | widthStr : Object |
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | | NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:33:26:41 | heightStr : Object |
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | | NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:44:21:44:43 | new Double(...) | | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:44:21:44:43 | new Double(...) |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) | | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) |
@@ -15,9 +19,11 @@ nodes
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent | | NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object | | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | semmle.label | parseInt(...) | | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | semmle.label | parseInt(...) |
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | semmle.label | widthStr : Object |
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent | | NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object | | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | semmle.label | parseInt(...) | | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | semmle.label | parseInt(...) |
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | semmle.label | heightStr : Object |
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent | | NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object | | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:44:21:44:43 | new Double(...) | semmle.label | new Double(...) | | NFEAndroidDoS.java:44:21:44:43 | new Double(...) | semmle.label | new Double(...) |

45
java/ql/test/ext/TestModels/Test.java Normal file
View File

@@ -0,0 +1,45 @@
import java.math.BigDecimal;
import java.sql.ResultSet;
public class Test {
void sink(Object o) { }
Object source() { return null; }
public void test() throws Exception {
Exception e1 = new RuntimeException((String)source());
sink((String)e1.getMessage()); // $hasValueFlow
Exception e2 = new RuntimeException((Throwable)source());
sink((Throwable)e2.getCause()); // $hasValueFlow
Exception e3 = new IllegalArgumentException((String)source());
sink((String)e3.getMessage()); // $hasValueFlow
Exception e4 = new IllegalStateException((String)source());
sink((String)e4.getMessage()); // $hasValueFlow
Throwable t = new Throwable((Throwable)source());
sink((Throwable)t.getCause()); // $hasValueFlow
Integer x = (Integer)source();
int y = x;
sink(String.valueOf(y)); // $hasTaintFlow
String s1 = (String)source();
sink(Integer.parseInt(s1)); // $hasTaintFlow
String s2 = (String)source();
int i = 0;
sink(s2.charAt(i)); // $hasTaintFlow
String s3 = (String)source();
sink(new BigDecimal(s3)); // $hasTaintFlow
ResultSet rs = (ResultSet)source();
sink(rs.getString("")); // $hasTaintFlow
}
}

0
java/ql/test/ext/TestModels/test.expected Normal file
View File

2
java/ql/test/ext/TestModels/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

97
java/ql/test/ext/TopJdkApis/TopJdkApis.qll Normal file
View File

@@ -0,0 +1,97 @@
/** Provides classes and predicates for working with Top JDK APIs. */
import java
private import semmle.code.java.dataflow.FlowSummary
private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.java.dataflow.ExternalFlow
/** Holds if the given API name is a top JDK API. */
predicate topJdkApiName(string apiName) {
apiName in [
// top 100 JDK APIs
"java.lang.StringBuilder#append(String)", "java.util.List#get(int)",
"java.util.List#add(Object)", "java.util.Map#put(Object,Object)",
"java.lang.String#equals(Object)", "java.util.Map#get(Object)", "java.util.List#size()",
"java.util.Collection#stream()", "java.lang.Object#getClass()",
"java.util.stream.Stream#collect(Collector)", "java.util.Objects#equals(Object,Object)",
"java.lang.String#format(String,Object[])", "java.util.stream.Stream#map(Function)",
"java.lang.Throwable#getMessage()", "java.util.Arrays#asList(Object[])",
"java.lang.String#equalsIgnoreCase(String)", "java.util.List#isEmpty()",
"java.util.Set#add(Object)", "java.util.HashMap#put(Object,Object)",
"java.util.stream.Collectors#toList()", "java.lang.StringBuilder#append(char)",
"java.util.stream.Stream#filter(Predicate)", "java.lang.String#length()",
"java.lang.Enum#name()", "java.lang.Object#toString()", "java.util.Optional#get()",
"java.lang.StringBuilder#toString()",
"java.lang.IllegalArgumentException#IllegalArgumentException(String)",
"java.lang.Class#getName()", "java.lang.Enum#Enum(String,int)",
"java.io.PrintWriter#write(String)", "java.util.Entry#getValue()", "java.util.Entry#getKey()",
"java.util.Iterator#next()", "java.lang.Object#hashCode()",
"java.util.Optional#orElse(Object)", "java.lang.StringBuffer#append(String)",
"java.util.Collections#singletonList(Object)", "java.lang.Iterable#forEach(Consumer)",
"java.util.Optional#of(Object)", "java.lang.String#contains(CharSequence)",
"java.util.ArrayList#add(Object)", "java.util.Optional#ofNullable(Object)",
"java.util.Collections#emptyList()", "java.math.BigDecimal#BigDecimal(String)",
"java.lang.System#currentTimeMillis()", "java.lang.Object#equals(Object)",
"java.util.Map#containsKey(Object)", "java.util.Optional#isPresent()",
"java.lang.String#trim()", "java.util.List#addAll(Collection)",
"java.util.Set#contains(Object)", "java.util.Optional#map(Function)",
"java.util.Map#entrySet()", "java.util.Optional#empty()",
"java.lang.Integer#parseInt(String)", "java.lang.String#startsWith(String)",
"java.lang.IllegalStateException#IllegalStateException(String)",
"java.lang.Enum#equals(Object)", "java.util.Iterator#hasNext()",
"java.util.List#contains(Object)", "java.lang.String#substring(int,int)",
"java.util.List#of(Object)", "java.util.Objects#hash(Object[])",
"java.lang.RuntimeException#RuntimeException(String)", "java.lang.String#isEmpty()",
"java.lang.String#replace(CharSequence,CharSequence)", "java.util.Set#size()",
"java.io.File#File(String)", "java.lang.StringBuilder#append(Object)",
"java.lang.String#split(String)", "java.util.Map#values()", "java.util.UUID#randomUUID()",
"java.util.ArrayList#ArrayList(Collection)", "java.util.Map#keySet()",
"java.sql.ResultSet#getString(String)", "java.lang.String#hashCode()",
"java.lang.Throwable#Throwable(Throwable)", "java.util.HashMap#get(Object)",
"java.lang.Class#getSimpleName()", "java.util.Set#isEmpty()", "java.util.Map#size()",
"java.lang.String#substring(int)", "java.util.Map#remove(Object)",
"java.lang.Throwable#printStackTrace()", "java.util.stream.Stream#findFirst()",
"java.util.Optional#ifPresent(Consumer)", "java.lang.String#valueOf(Object)",
"java.lang.String#toLowerCase()", "java.util.UUID#toString()",
"java.lang.StringBuilder#append(int)", "java.util.Objects#requireNonNull(Object,String)",
"java.nio.file.Path#resolve(String)", "java.lang.Enum#toString()",
"java.lang.RuntimeException#RuntimeException(Throwable)", "java.util.Collection#size()",
"java.lang.String#charAt(int)", "java.util.stream.Stream#forEach(Consumer)",
"java.util.Map#isEmpty()", "java.lang.String#valueOf(int)"
]
}
/** Holds if `c` has the MaD-formatted name `apiName`. */
predicate hasApiName(Callable c, string apiName) {
apiName =
c.getDeclaringType().getPackage() + "." + c.getDeclaringType().getSourceDeclaration() + "#" +
c.getName() + paramsString(c)
}
/** A top JDK API. */
class TopJdkApi extends SummarizedCallableBase {
TopJdkApi() {
exists(string apiName |
hasApiName(this.asCallable(), apiName) and
topJdkApiName(apiName)
)
}
/** Holds if this API has a manual summary model. */
private predicate hasManualSummary() { this.(SummarizedCallable).hasProvenance(false) }
/** Holds if this API has a manual neutral model. */
private predicate hasManualNeutral() {
this.(FlowSummaryImpl::Public::NeutralCallable).hasProvenance(false)
}
/** Holds if this API has a manual MaD model. */
predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() }
/*
* Note: the following top-100 APIs are not modeled with MaD:
* java.util.stream.Stream#collect(Collector) : handled separately on a case-by-case basis as it is too complex for MaD
* java.lang.String#valueOf(Object) : also a complex case; an alias for `Object.toString`, except the dispatch is hidden
* java.lang.Throwable#printStackTrace() : should probably not be a general step, but there might be specialised queries that care
*/
}

3
java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected Normal file
View File

@@ -0,0 +1,3 @@
| java.lang.String#valueOf(Object) | no manual model |
| java.lang.Throwable#printStackTrace() | no manual model |
| java.util.stream.Stream#collect(Collector) | no manual model |

14
java/ql/test/ext/TopJdkApis/TopJdkApisTest.java Normal file
View File

@@ -0,0 +1,14 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.Map;
import java.util.HashMap;
import java.math.BigDecimal;
import java.sql.ResultSet;
import java.lang.System;
import java.lang.IllegalStateException;
public class TopJdkApisTest { }

17
java/ql/test/ext/TopJdkApis/TopJdkApisTest.ql Normal file
View File

@@ -0,0 +1,17 @@
import java
import TopJdkApis
from string apiName, string message
where
// top jdk api names for which there is no callable
topJdkApiName(apiName) and
not hasApiName(_, apiName) and
message = "no callable"
or
// top jdk api names for which there isn't a manual model
exists(TopJdkApi topApi |
not topApi.hasManualMadModel() and
hasApiName(topApi.asCallable(), apiName) and
message = "no manual model"
)
select apiName, message order by apiName

12
java/ql/test/library-tests/comments/PrintAst.expected
View File

@@ -14,6 +14,18 @@ Test.java:
# 21| 3: [Method] test # 21| 3: [Method] test
# 21| 3: [TypeAccess] void # 21| 3: [TypeAccess] void
# 21| 5: [BlockStmt] { ... } # 21| 5: [BlockStmt] { ... }
# 23| 4: [Method] method1
# 23| 3: [TypeAccess] void
# 23| 5: [BlockStmt] { ... }
# 24| 5: [Method] method2
# 24| 3: [TypeAccess] void
# 24| 5: [BlockStmt] { ... }
# 28| 6: [Method] method3
#-----| 0: (Javadoc)
# 25| 1: [Javadoc] /** JavaDoc for method3 */
# 26| 0: [JavadocText] JavaDoc for method3
# 28| 3: [TypeAccess] void
# 28| 5: [BlockStmt] { ... }
TestWindows.java: TestWindows.java:
# 0| [CompilationUnit] TestWindows # 0| [CompilationUnit] TestWindows
# 5| 1: [Class] TestWindows # 5| 1: [Class] TestWindows

7
java/ql/test/library-tests/comments/Test.java
View File

@@ -19,4 +19,11 @@ class Test {
// an end-of-line comment with trailing whitespace // an end-of-line comment with trailing whitespace
//an end-of-line comment without a leading space //an end-of-line comment without a leading space
void test() {} // an end-of-line comment with preceding code void test() {} // an end-of-line comment with preceding code
void method1() { /**/ } // A block comment containing the /** JavaDoc prefix }
void method2() { }
/**
* JavaDoc for method3
*/
void method3() { }
} }

3
java/ql/test/library-tests/comments/toString.expected
View File

@@ -8,6 +8,9 @@
| Test.java:19:2:19:59 | // an end-of-line comment with trailing whitespace | | Test.java:19:2:19:59 | // an end-of-line comment with trailing whitespace |
| Test.java:20:2:20:49 | //an end-of-line comment without a leading space | | Test.java:20:2:20:49 | //an end-of-line comment without a leading space |
| Test.java:21:17:21:61 | // an end-of-line comment with preceding code | | Test.java:21:17:21:61 | // an end-of-line comment with preceding code |
| Test.java:23:26:23:29 | /* */ |
| Test.java:23:33:23:86 | // A block comment containing the /** JavaDoc prefix } |
| Test.java:25:9:27:11 | /** JavaDoc for method3 */ |
| TestWindows.java:1:1:4:3 | /** A JavaDoc comment ... */ | | TestWindows.java:1:1:4:3 | /** A JavaDoc comment ... */ |
| TestWindows.java:6:2:6:45 | /** A JavaDoc comment with a single line. */ | | TestWindows.java:6:2:6:45 | /** A JavaDoc comment with a single line. */ |
| TestWindows.java:8:3:8:27 | // a single-line comment | | TestWindows.java:8:3:8:27 | // a single-line comment |

64
java/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,58 +1,122 @@
| Test.java:1:15:1:21 | // lgtm | lgtm | lgtm | Test.java:1:1:1:21 | suppression range | | Test.java:1:15:1:21 | // lgtm | lgtm | lgtm | Test.java:1:1:1:21 | suppression range |
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:2:1:2:35 | suppression range | | Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:2:1:2:35 | suppression range |
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:3:0:3:0 | suppression range |
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:3:1:3:70 | suppression range | | Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:3:1:3:70 | suppression range |
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:4:0:4:0 | suppression range |
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:4:1:4:24 | suppression range | | Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:4:1:4:24 | suppression range |
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:5:0:5:0 | suppression range |
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:5:1:5:51 | suppression range | | Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:5:1:5:51 | suppression range |
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:6:0:6:0 | suppression range |
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:6:1:6:28 | suppression range | | Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:6:1:6:28 | suppression range |
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:7:0:7:0 | suppression range |
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:7:1:7:81 | suppression range | | Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:7:1:7:81 | suppression range |
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:8:0:8:0 | suppression range |
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:8:1:8:18 | suppression range | | Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:8:1:8:18 | suppression range |
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:9:0:9:0 | suppression range |
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:9:1:9:32 | suppression range | | Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:9:1:9:32 | suppression range |
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:10:0:10:0 | suppression range |
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:10:1:10:36 | suppression range | | Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:10:1:10:36 | suppression range |
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:11:0:11:0 | suppression range |
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:11:1:11:10 | suppression range | | Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:11:1:11:10 | suppression range |
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:12:0:12:0 | suppression range |
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:12:1:12:9 | suppression range | | Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:12:1:12:9 | suppression range |
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:13:0:13:0 | suppression range |
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:14:1:14:6 | suppression range | | Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:14:1:14:6 | suppression range |
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:15:0:15:0 | suppression range |
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:15:1:15:7 | suppression range | | Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:15:1:15:7 | suppression range |
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:16:0:16:0 | suppression range |
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:16:1:16:36 | suppression range | | Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:16:1:16:36 | suppression range |
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:17:0:17:0 | suppression range |
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:19:1:19:12 | suppression range | | Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:19:1:19:12 | suppression range |
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:20:0:20:0 | suppression range |
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:20:1:20:40 | suppression range | | Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:20:1:20:40 | suppression range |
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:21:0:21:0 | suppression range |
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:22:1:22:39 | suppression range | | Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:22:1:22:39 | suppression range |
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:23:0:23:0 | suppression range |
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:24:1:24:43 | suppression range | | Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:24:1:24:43 | suppression range |
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:25:0:25:0 | suppression range |
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:25:1:25:8 | suppression range | | Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:25:1:25:8 | suppression range |
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:26:0:26:0 | suppression range |
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:26:1:26:35 | suppression range | | Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:26:1:26:35 | suppression range |
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:27:0:27:0 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:27:1:27:78 | suppression range | | Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:27:1:27:78 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:28:0:28:0 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:27:1:27:78 | suppression range | | Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:27:1:27:78 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:28:0:28:0 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:28:1:28:40 | suppression range | | Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:28:1:28:40 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:29:0:29:0 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:28:1:28:40 | suppression range | | Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:28:1:28:40 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:29:0:29:0 | suppression range |
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:29:1:29:12 | suppression range | | Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:29:1:29:12 | suppression range |
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:30:0:30:0 | suppression range |
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:30:1:30:38 | suppression range | | Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:30:1:30:38 | suppression range |
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:31:0:31:0 | suppression range |
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:36:1:36:52 | suppression range | | Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:36:1:36:52 | suppression range |
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:37:0:37:0 | suppression range |
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:37:1:37:25 | suppression range | | Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:37:1:37:25 | suppression range |
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:38:0:38:0 | suppression range |
| Test.java:39:1:39:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:40:0:40:0 | suppression range |
| Test.java:40:1:40:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:41:0:41:0 | suppression range |
| Test.java:41:1:41:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | Test.java:42:0:42:0 | suppression range |
| Test.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:43:0:43:0 | suppression range |
| TestWindows.java:1:22:1:29 | // lgtm | lgtm | lgtm | TestWindows.java:1:1:1:29 | suppression range | | TestWindows.java:1:22:1:29 | // lgtm | lgtm | lgtm | TestWindows.java:1:1:1:29 | suppression range |
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:2:1:2:36 | suppression range | | TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:2:1:2:36 | suppression range |
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:3:0:3:0 | suppression range |
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:3:1:3:71 | suppression range | | TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:3:1:3:71 | suppression range |
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:4:0:4:0 | suppression range |
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:4:1:4:25 | suppression range | | TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:4:1:4:25 | suppression range |
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:5:0:5:0 | suppression range |
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:5:1:5:52 | suppression range | | TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:5:1:5:52 | suppression range |
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:6:0:6:0 | suppression range |
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:6:1:6:29 | suppression range | | TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:6:1:6:29 | suppression range |
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:7:0:7:0 | suppression range |
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:7:1:7:82 | suppression range | | TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:7:1:7:82 | suppression range |
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:8:0:8:0 | suppression range |
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:8:1:8:19 | suppression range | | TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:8:1:8:19 | suppression range |
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:9:0:9:0 | suppression range |
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:9:1:9:33 | suppression range | | TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:9:1:9:33 | suppression range |
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:10:0:10:0 | suppression range |
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:10:1:10:37 | suppression range | | TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:10:1:10:37 | suppression range |
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:11:0:11:0 | suppression range |
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:11:1:11:10 | suppression range | | TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:11:1:11:10 | suppression range |
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:12:0:12:0 | suppression range |
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:12:1:12:10 | suppression range | | TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:12:1:12:10 | suppression range |
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:13:0:13:0 | suppression range |
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:14:1:14:7 | suppression range | | TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:14:1:14:7 | suppression range |
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:15:0:15:0 | suppression range |
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:15:1:15:8 | suppression range | | TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:15:1:15:8 | suppression range |
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:16:0:16:0 | suppression range |
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:16:1:16:37 | suppression range | | TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:16:1:16:37 | suppression range |
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:17:0:17:0 | suppression range |
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:19:1:19:13 | suppression range | | TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:19:1:19:13 | suppression range |
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:20:0:20:0 | suppression range |
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:20:1:20:41 | suppression range | | TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:20:1:20:41 | suppression range |
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:21:0:21:0 | suppression range |
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:22:1:22:40 | suppression range | | TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:22:1:22:40 | suppression range |
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:23:0:23:0 | suppression range |
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:24:1:24:44 | suppression range | | TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:24:1:24:44 | suppression range |
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:25:0:25:0 | suppression range |
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:25:1:25:9 | suppression range | | TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:25:1:25:9 | suppression range |
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:26:0:26:0 | suppression range |
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:26:1:26:36 | suppression range | | TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:26:1:26:36 | suppression range |
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:27:0:27:0 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:27:1:27:79 | suppression range | | TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:27:1:27:79 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:28:0:28:0 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:27:1:27:79 | suppression range | | TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:27:1:27:79 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:28:0:28:0 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:28:1:28:41 | suppression range | | TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:28:1:28:41 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:29:0:29:0 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:28:1:28:41 | suppression range | | TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:28:1:28:41 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:29:0:29:0 | suppression range |
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:29:1:29:12 | suppression range | | TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:29:1:29:12 | suppression range |
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:30:0:30:0 | suppression range |
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:30:1:30:38 | suppression range | | TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:30:1:30:38 | suppression range |
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:31:0:31:0 | suppression range |
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:36:1:36:52 | suppression range | | TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:36:1:36:52 | suppression range |
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:37:0:37:0 | suppression range |
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:37:1:37:25 | suppression range | | TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:37:1:37:25 | suppression range |
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:38:0:38:0 | suppression range |
| TestWindows.java:39:1:39:33 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:40:0:40:0 | suppression range |
| TestWindows.java:40:1:40:33 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:41:0:41:0 | suppression range |
| TestWindows.java:41:1:41:70 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | TestWindows.java:42:0:42:0 | suppression range |
| TestWindows.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:43:0:43:0 | suppression range |

7
java/ql/test/query-tests/AlertSuppression/AlertSuppressionAnnotations.expected
View File

@@ -1,6 +1,11 @@
| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:21:5 | suppression range | | TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:38:5 | suppression range |
| TestSuppressWarnings.java:5:5:5:31 | SuppressWarnings | lgtm[] | lgtm[] | TestSuppressWarnings.java:5:5:8:5 | suppression range | | TestSuppressWarnings.java:5:5:5:31 | SuppressWarnings | lgtm[] | lgtm[] | TestSuppressWarnings.java:5:5:8:5 | suppression range |
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:9:5:13:5 | suppression range | | TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:9:5:13:5 | suppression range | | TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:18:5:21:5 | suppression range | | TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:18:5:21:5 | suppression range | | TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
| TestSuppressWarnings.java:22:5:22:33 | SuppressWarnings | codeql[] | lgtm[] | TestSuppressWarnings.java:22:5:25:5 | suppression range |
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:35:5:38:5 | suppression range |
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:35:5:38:5 | suppression range |

8
java/ql/test/query-tests/AlertSuppression/Test.java
View File

@@ -36,3 +36,11 @@ class Test {} // lgtm
/* lgtm[@tag:nullness,java/confusing-method-name] */ /* lgtm[@tag:nullness,java/confusing-method-name] */
/* lgtm[@tag:nullness] */ /* lgtm[@tag:nullness] */
/** lgtm[] */ /** lgtm[] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class Foo {} // codeql[js/debugger-statement]

25
java/ql/test/query-tests/AlertSuppression/TestSuppressWarnings.java
View File

@@ -4,19 +4,36 @@
class TestSuppressWarnings { class TestSuppressWarnings {
@SuppressWarnings("lgtm[]") @SuppressWarnings("lgtm[]")
public void test() { public void test() {
} }
@Deprecated @Deprecated
@SuppressWarnings({"lgtm[java/confusing-method-name] not confusing","lgtm[java/non-sync-override]"}) @SuppressWarnings({"lgtm[java/confusing-method-name] not confusing","lgtm[java/non-sync-override]"})
public void test2() { public void test2() {
} }
@SuppressWarnings("lgtm") @SuppressWarnings("lgtm")
public void test3() { public void test3() {
} }
@SuppressWarnings({"lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override]"}) @SuppressWarnings({"lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override]"})
public void test4() { public void test4() {
}
@SuppressWarnings("codeql[]")
public void test5() {
}
@Deprecated
@SuppressWarnings({"codeql[java/confusing-method-name] not confusing","codeql[java/non-sync-override]"})
public void test6() {
}
@SuppressWarnings("lgtm")
public void test7() {
}
@SuppressWarnings({"codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override]"})
public void test8() {
} }
} }

8
java/ql/test/query-tests/AlertSuppression/TestWindows.java
View File

@@ -36,3 +36,11 @@ class TestWindows {} // lgtm
/* lgtm[@tag:nullness,java/confusing-method-name] */ /* lgtm[@tag:nullness,java/confusing-method-name] */
/* lgtm[@tag:nullness] */ /* lgtm[@tag:nullness] */
/** lgtm[] */ /** lgtm[] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class Foo2 {} // codeql[js/debugger-statement]

2
java/ql/test/query-tests/Telemetry/UnsupportedExternalAPIs/Test.java
View File

@@ -13,7 +13,7 @@ class ExternalApiUsage {
Duration d = java.time.Duration.ofMillis(1000); // not supported Duration d = java.time.Duration.ofMillis(1000); // not supported
long l = "foo".length(); // not interesting long l = "foo".length(); // supported as a neutral model
AtomicReference<String> ref = new AtomicReference<>(); // not supported AtomicReference<String> ref = new AtomicReference<>(); // not supported
ref.set("foo"); ref.set("foo");

1
java/ql/test/query-tests/Telemetry/UnsupportedExternalAPIs/UnsupportedExternalAPIs.expected
View File

@@ -1,4 +1,3 @@
| java.lang.Class#isAssignableFrom(Class) | 1 | | java.lang.Class#isAssignableFrom(Class) | 1 |
| java.lang.String#length() | 1 |
| java.time.Duration#ofMillis(long) | 1 | | java.time.Duration#ofMillis(long) | 1 |
| java.util.concurrent.atomic.AtomicReference#set(Object) | 1 | | java.util.concurrent.atomic.AtomicReference#set(Object) | 1 |

4
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected
View File

@@ -1,10 +1,14 @@
edges edges
| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String | | Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String |
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:80:31:80:34 | size |
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:86:34:86:37 | size |
| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String | | Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:78:20:78:56 | parseInt(...) : Number |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size | | Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size | | Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size |
nodes nodes
| Test.java:76:27:76:60 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Test.java:76:27:76:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:78:20:78:56 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| Test.java:78:37:78:48 | userProperty : String | semmle.label | userProperty : String | | Test.java:78:37:78:48 | userProperty : String | semmle.label | userProperty : String |
| Test.java:78:37:78:55 | trim(...) : String | semmle.label | trim(...) : String | | Test.java:78:37:78:55 | trim(...) : String | semmle.label | trim(...) : String |
| Test.java:80:31:80:34 | size | semmle.label | size | | Test.java:80:31:80:34 | size | semmle.label | size |

3
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected
View File

@@ -1,9 +1,12 @@
edges edges
| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String | | Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String |
| Test.java:16:21:16:57 | parseInt(...) : Number | Test.java:19:34:19:38 | index |
| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String | | Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String |
| Test.java:16:38:16:56 | trim(...) : String | Test.java:16:21:16:57 | parseInt(...) : Number |
| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index | | Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index |
nodes nodes
| Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:16:21:16:57 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| Test.java:16:38:16:49 | userProperty : String | semmle.label | userProperty : String | | Test.java:16:38:16:49 | userProperty : String | semmle.label | userProperty : String |
| Test.java:16:38:16:56 | trim(...) : String | semmle.label | trim(...) : String | | Test.java:16:38:16:56 | trim(...) : String | semmle.label | trim(...) : String |
| Test.java:19:34:19:38 | index | semmle.label | index | | Test.java:19:34:19:38 | index | semmle.label | index |

13
java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected
View File

@@ -11,8 +11,19 @@ edges
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:32:17:32:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:40:17:40:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:50:17:50:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:64:20:64:23 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:95:37:95:40 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:118:9:118:12 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:119:10:119:13 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:120:10:120:13 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:121:10:121:13 | data : Number |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data | | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data | | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data | | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data |
@@ -53,6 +64,8 @@ nodes
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | semmle.label | readerBuffered : BufferedReader | | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | semmle.label | readerBuffered : BufferedReader |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String | | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String | | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String | | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | semmle.label | trim(...) : String | | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | semmle.label | trim(...) : String |

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

Some files were not shown because too many files have changed in this diff Show More