mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Tom Hvitved
@@ -218,7 +218,7 @@ namespace Semmle.Extraction.CIL
|
||||
public PdbSourceFile CreateSourceFile(PDB.ISourceFile file) => sourceFiles[file];
|
||||
|
||||
/// <summary>
|
||||
/// Creates a folder entitiy with the given path.
|
||||
/// Creates a folder entity with the given path.
|
||||
/// </summary>
|
||||
/// <param name="path">The path of the folder.</param>
|
||||
/// <returns>A folder entity.</returns>
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace Semmle.Extraction.CIL
|
||||
{
|
||||
/// <summary>
|
||||
/// An entity that has contents to extract. There is no need to populate
|
||||
/// a key as it's done in the contructor.
|
||||
/// a key as it's done in the constructor.
|
||||
/// </summary>
|
||||
internal abstract class UnlabelledEntity : Extraction.UnlabelledEntity, IExtractedEntity
|
||||
{
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
namespace Semmle.Extraction.CIL.Entities
|
||||
{
|
||||
/// <summary>
|
||||
/// An entity represting a member.
|
||||
/// An entity representing a member.
|
||||
/// Used to type tuples correctly.
|
||||
/// </summary>
|
||||
internal interface IMember : IExtractedEntity
|
||||
|
||||
@@ -66,7 +66,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// The location which is stored in the database and is used when highlighing source code.
|
||||
/// The location which is stored in the database and is used when highlighting source code.
|
||||
/// It's generally short, e.g. a method name.
|
||||
/// </summary>
|
||||
public override Microsoft.CodeAnalysis.Location? ReportingLocation => Symbol.Locations.FirstOrDefault();
|
||||
|
||||
@@ -42,7 +42,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
}
|
||||
else
|
||||
{
|
||||
Context.ModelError(Symbol, $"Undhandled event accessor kind {Symbol.ToDisplayString()}");
|
||||
Context.ModelError(Symbol, $"Unhandled event accessor kind {Symbol.ToDisplayString()}");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -74,7 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
bool IExpressionParentEntity.IsTopLevelParent => false;
|
||||
|
||||
/// <summary>
|
||||
/// Gets a string represention of a constant value.
|
||||
/// Gets a string representation of a constant value.
|
||||
/// </summary>
|
||||
/// <param name="obj">The value.</param>
|
||||
/// <returns>The string representation.</returns>
|
||||
|
||||
@@ -23,7 +23,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
trapFile.modifiers(Label, Symbol);
|
||||
}
|
||||
|
||||
public static string AccessbilityModifier(Accessibility access)
|
||||
public static string AccessibilityModifier(Accessibility access)
|
||||
{
|
||||
switch (access)
|
||||
{
|
||||
@@ -48,7 +48,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
case Accessibility.Public:
|
||||
case Accessibility.Protected:
|
||||
case Accessibility.Internal:
|
||||
HasModifier(cx, trapFile, type, Modifier.AccessbilityModifier(access));
|
||||
HasModifier(cx, trapFile, type, Modifier.AccessibilityModifier(access));
|
||||
break;
|
||||
case Accessibility.NotApplicable:
|
||||
break;
|
||||
@@ -131,7 +131,7 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
|
||||
public static Modifier Create(Context cx, Accessibility access)
|
||||
{
|
||||
var modifier = AccessbilityModifier(access);
|
||||
var modifier = AccessibilityModifier(access);
|
||||
return ModifierFactory.Instance.CreateEntity(cx, (typeof(Modifier), modifier), modifier);
|
||||
}
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace Semmle.Extraction.CSharp
|
||||
{
|
||||
/// <summary>
|
||||
/// An ITypeSymbol with nullability annotations.
|
||||
/// Although a similar class has been implemented in Rolsyn,
|
||||
/// Although a similar class has been implemented in Roslyn,
|
||||
/// https://github.com/dotnet/roslyn/blob/090e52e27c38ad8f1ea4d033114c2a107604ddaa/src/Compilers/CSharp/Portable/Symbols/TypeWithAnnotations.cs
|
||||
/// it is an internal struct that has not yet been exposed on the public interface.
|
||||
/// </summary>
|
||||
@@ -80,8 +80,8 @@ namespace Semmle.Extraction.CSharp
|
||||
public static IEnumerable<string> GetSourceLevelModifiers(this ISymbol symbol)
|
||||
{
|
||||
var methodModifiers = symbol.GetModifiers<Microsoft.CodeAnalysis.CSharp.Syntax.BaseMethodDeclarationSyntax>(md => md.Modifiers);
|
||||
var typeModifers = symbol.GetModifiers<Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax>(cd => cd.Modifiers);
|
||||
return methodModifiers.Concat(typeModifers).Select(m => m.Text);
|
||||
var typeModifiers = symbol.GetModifiers<Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax>(cd => cd.Modifiers);
|
||||
return methodModifiers.Concat(typeModifiers).Select(m => m.Text);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
||||
@@ -26,7 +26,7 @@ namespace Semmle.Extraction
|
||||
Label Label { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Writes the unique identifier of this entitiy to a trap file.
|
||||
/// Writes the unique identifier of this entity to a trap file.
|
||||
/// </summary>
|
||||
/// <param name="trapFile">The trapfile to write to.</param>
|
||||
void WriteId(EscapingTextWriter trapFile);
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace Semmle.Util
|
||||
/// Create an enumerable with a single element.
|
||||
/// </summary>
|
||||
///
|
||||
/// <typeparam name="T">The type of the enumerble/element.</typeparam>
|
||||
/// <typeparam name="T">The type of the enumerable/element.</typeparam>
|
||||
/// <param name="t">The element.</param>
|
||||
/// <returns>An enumerable containing a single element.</returns>
|
||||
public static IEnumerable<T> Singleton<T>(T t)
|
||||
|
||||
@@ -17,7 +17,7 @@ namespace Semmle.Util
|
||||
/// The algorithm locates the closest match to a string based on a "distance function".
|
||||
///
|
||||
/// Whilst many distance functions are possible, a bespoke algorithm is used here,
|
||||
/// for efficiency and suitablility for the domain.
|
||||
/// for efficiency and suitability for the domain.
|
||||
///
|
||||
/// The distance is defined as the Hamming Distance of the numbers in the string.
|
||||
/// Each string is split into the base "form" (stripped of numbers) and a vector of
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
lgtm,codescanning
|
||||
* Inferring the lengths of implicitely sized arrays is fixed. Previously, multi
|
||||
* Inferring the lengths of implicitly sized arrays is fixed. Previously, multi
|
||||
dimensional arrays were always extracted with the same length for each dimension.
|
||||
With the fix, the array sizes `2` and `1` are extracted for `new int[,]{{1},{2}}`.
|
||||
Previously `2` and `2` were extracted.
|
||||
|
||||
@@ -124,7 +124,7 @@ string solorigateSuspiciousLiterals() {
|
||||
"fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD",
|
||||
"HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA",
|
||||
"HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography",
|
||||
"HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match",
|
||||
"HKEY_PERFORMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match",
|
||||
"Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans",
|
||||
"Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone",
|
||||
"ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege",
|
||||
|
||||
@@ -10,7 +10,9 @@ import csharp
|
||||
private import DataFlow
|
||||
private import semmle.code.csharp.dataflow.TaintTracking2
|
||||
|
||||
predicate maybeANonCryptogrphicHash(Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop) {
|
||||
predicate maybeANonCryptographicHash(
|
||||
Callable callable, Variable v, Expr xor, Expr mul, LoopStmt loop
|
||||
) {
|
||||
callable = loop.getEnclosingCallable() and
|
||||
(
|
||||
maybeUsedInFnvFunction(v, xor, mul, loop) or
|
||||
@@ -75,7 +77,7 @@ private predicate maybeUsedInElfHashFunction(Variable v, Operation xor, Operatio
|
||||
*/
|
||||
predicate isCallableAPotentialNonCryptographicHashFunction(Callable callable, Parameter param) {
|
||||
exists(Variable v, Expr op1, Expr op2, LoopStmt loop |
|
||||
maybeANonCryptogrphicHash(callable, v, op1, op2, loop) and
|
||||
maybeANonCryptographicHash(callable, v, op1, op2, loop) and
|
||||
callable.getAParameter() = param and
|
||||
exists(ParameterNode p, ExprNode n |
|
||||
p.getParameter() = param and
|
||||
|
||||
@@ -191,7 +191,7 @@ private module Annotations {
|
||||
NoNullability() { not nullability_parent(_, _, nullability) }
|
||||
}
|
||||
|
||||
/** A type with annotated nullablity, `?`. */
|
||||
/** A type with annotated nullability, `?`. */
|
||||
class AnnotatedNullability extends Nullability {
|
||||
AnnotatedNullability() { nullability instanceof @annotated }
|
||||
|
||||
|
||||
@@ -517,7 +517,7 @@ predicate convNullableType(ValueOrRefType fromType, NullableType toType) {
|
||||
/**
|
||||
* Holds if `fromType` is `NullType`, and `toType` is a type that can represent
|
||||
* the `null` value, such as a reference type, `Nullable<T>` or a type parameter
|
||||
* with contraints that restrict it to a reference type.
|
||||
* with constraints that restrict it to a reference type.
|
||||
*/
|
||||
// This is a deliberate, small Cartesian product, so we have manually lifted it to force the
|
||||
// evaluator to evaluate it in its entirety, rather than trying to optimize it in context.
|
||||
|
||||
@@ -125,7 +125,7 @@ class Version extends string {
|
||||
|
||||
/**
|
||||
* Gets the minor version, for example `3` in `1.2.3.4`.
|
||||
* If the minor version is unspecifed, then the result is `0`.
|
||||
* If the minor version is unspecified, then the result is `0`.
|
||||
*/
|
||||
bindingset[this]
|
||||
int getMinor() { result = this.getField(3) }
|
||||
|
||||
@@ -136,7 +136,7 @@ class Property extends DotNet::Property, DeclarationWithGetSetAccessors, @proper
|
||||
* }
|
||||
* ```
|
||||
*
|
||||
* Note that this information is only avaiable for properties in source
|
||||
* Note that this information is only available for properties in source
|
||||
* code.
|
||||
*/
|
||||
predicate isAutoImplemented() {
|
||||
|
||||
@@ -44,7 +44,7 @@ class GeneratedNamespaceFile extends GeneratedCodeFile {
|
||||
}
|
||||
}
|
||||
|
||||
/** A file contining comments suggesting it contains generated code. */
|
||||
/** A file continuing comments suggesting it contains generated code. */
|
||||
class GeneratedCommentFile extends GeneratedCodeFile {
|
||||
GeneratedCommentFile() { this = any(GeneratedCodeComment c).getLocation().getFile() }
|
||||
}
|
||||
|
||||
@@ -1470,7 +1470,7 @@ module Internal {
|
||||
)
|
||||
}
|
||||
|
||||
private predicate firstReadSameVarUniquePredecesssor(
|
||||
private predicate firstReadSameVarUniquePredecessor(
|
||||
PreSsa::Definition def, AssignableRead read
|
||||
) {
|
||||
read = def.getAFirstRead() and
|
||||
@@ -1603,7 +1603,7 @@ module Internal {
|
||||
g1 = def.getARead() and
|
||||
isGuard(g1, v1) and
|
||||
v2 = v1 and
|
||||
if v1.isReferentialProperty() then firstReadSameVarUniquePredecesssor(def, g1) else any()
|
||||
if v1.isReferentialProperty() then firstReadSameVarUniquePredecessor(def, g1) else any()
|
||||
)
|
||||
or
|
||||
exists(PreSsa::Definition def, AbstractValue v |
|
||||
@@ -1684,7 +1684,7 @@ module Internal {
|
||||
mid = e.(Cast).getExpr()
|
||||
)
|
||||
or
|
||||
exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecesssor(def, e))
|
||||
exists(PreSsa::Definition def | emptyDef(def) | firstReadSameVarUniquePredecessor(def, e))
|
||||
or
|
||||
exists(MethodCall mc |
|
||||
mc.getTarget().getAnUltimateImplementee().getUnboundDeclaration() =
|
||||
@@ -1708,7 +1708,7 @@ module Internal {
|
||||
)
|
||||
or
|
||||
exists(PreSsa::Definition def | nonEmptyDef(def) |
|
||||
firstReadSameVarUniquePredecesssor(def, e)
|
||||
firstReadSameVarUniquePredecessor(def, e)
|
||||
)
|
||||
or
|
||||
exists(MethodCall mc |
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
*
|
||||
* Provides a basic block implementation on control flow elements. That is,
|
||||
* a "pre-CFG" where the nodes are (unsplit) control flow elements and the
|
||||
* successor releation is `succ = succ(pred, _)`.
|
||||
* successor relation is `succ = succ(pred, _)`.
|
||||
*
|
||||
* The logic is duplicated from the implementation in `BasicBlocks.qll`, and
|
||||
* being an internal class, all predicate documentation has been removed.
|
||||
|
||||
@@ -911,7 +911,7 @@ module BooleanSplitting {
|
||||
* ```
|
||||
*
|
||||
* the branch taken in the condition on line 2 can be recorded, and the
|
||||
* recorded value will detmine the branch taken in the condition on line 4.
|
||||
* recorded value will determine the branch taken in the condition on line 4.
|
||||
*/
|
||||
abstract predicate correlatesConditions(ConditionBlock cb1, ConditionBlock cb2, boolean inverted);
|
||||
|
||||
|
||||
@@ -126,7 +126,7 @@ module SuccessorTypes {
|
||||
* }
|
||||
* ```
|
||||
*
|
||||
* has a control flow graph containing macthing successors:
|
||||
* has a control flow graph containing matching successors:
|
||||
*
|
||||
* ```
|
||||
* switch
|
||||
@@ -230,7 +230,7 @@ module SuccessorTypes {
|
||||
* }
|
||||
* ```
|
||||
*
|
||||
* The node `return x;` is a `break` succedssor of the node `break;`.
|
||||
* The node `return x;` is a `break` successor of the node `break;`.
|
||||
*/
|
||||
class BreakSuccessor extends SuccessorType, TBreakSuccessor {
|
||||
override string toString() { result = "break" }
|
||||
|
||||
@@ -97,7 +97,7 @@ module SummaryComponentStack {
|
||||
result = push(SummaryComponent::element(), container)
|
||||
}
|
||||
|
||||
/** Gets a stack representing a propery `p` of `object`. */
|
||||
/** Gets a stack representing a property `p` of `object`. */
|
||||
SummaryComponentStack propertyOf(Property p, SummaryComponentStack object) {
|
||||
result = push(SummaryComponent::property(p), object)
|
||||
}
|
||||
|
||||
@@ -702,7 +702,7 @@ private predicate arrayStore(Expr e, Expr src, Expr a, boolean postUpdate) {
|
||||
e = a and
|
||||
postUpdate = false
|
||||
or
|
||||
// Member initalizer, `new C { Array = { [i] = src } }`
|
||||
// Member initializer, `new C { Array = { [i] = src } }`
|
||||
exists(MemberInitializer mi |
|
||||
mi = a.(ObjectInitializer).getAMemberInitializer() and
|
||||
mi.getLValue() instanceof ArrayAccess and
|
||||
@@ -2038,8 +2038,8 @@ private module PostUpdateNodes {
|
||||
ExprPostUpdateNode() { this = TExprPostUpdateNode(cfn) }
|
||||
|
||||
override ExprNode getPreUpdateNode() {
|
||||
// For compund arguments, such as `m(b ? x : y)`, we want the leaf nodes
|
||||
// `[post] x` and `[post] y` to have two pre-update nodes: (1) the compund argument,
|
||||
// For compound arguments, such as `m(b ? x : y)`, we want the leaf nodes
|
||||
// `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument,
|
||||
// `if b then x else y`; and the (2) the underlying expressions; `x` and `y`,
|
||||
// respectively.
|
||||
//
|
||||
|
||||
@@ -803,14 +803,14 @@ private module CapturedVariableImpl {
|
||||
* Holds if `c` is a relevant part of the call graph for
|
||||
* `updatesCapturedVariable` based on following edges in forward direction.
|
||||
*/
|
||||
private predicate reachbleFromSource(Callable c) {
|
||||
private predicate reachableFromSource(Callable c) {
|
||||
source(_, _, _, c, _)
|
||||
or
|
||||
exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c))
|
||||
exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c))
|
||||
}
|
||||
|
||||
private predicate sink(Callable c, CapturedWrittenLocalScopeVariable captured) {
|
||||
reachbleFromSource(c) and
|
||||
reachableFromSource(c) and
|
||||
relevantDefinition(c, captured, _)
|
||||
}
|
||||
|
||||
@@ -932,14 +932,14 @@ private module CapturedVariableLivenessImpl {
|
||||
* Holds if `c` is a relevant part of the call graph for
|
||||
* `readsCapturedVariable` based on following edges in forward direction.
|
||||
*/
|
||||
private predicate reachbleFromSource(Callable c) {
|
||||
private predicate reachableFromSource(Callable c) {
|
||||
source(_, _, _, c, _)
|
||||
or
|
||||
exists(Callable mid | reachbleFromSource(mid) | callEdge(mid, c))
|
||||
exists(Callable mid | reachableFromSource(mid) | callEdge(mid, c))
|
||||
}
|
||||
|
||||
private predicate sink(Callable c, CapturedReadLocalScopeVariable captured) {
|
||||
reachbleFromSource(c) and
|
||||
reachableFromSource(c) and
|
||||
capturerReads(c, captured)
|
||||
}
|
||||
|
||||
|
||||
@@ -53,12 +53,12 @@ module Steps {
|
||||
|
||||
private predicate flowIn(Parameter p, Expr pred, AssignableRead succ) {
|
||||
exists(AssignableDefinitions::ImplicitParameterDefinition def, Call c | succ = getARead(def) |
|
||||
pred = getArgumentForOverridderParameter(c, p) and
|
||||
pred = getArgumentForOverriderParameter(c, p) and
|
||||
p.getUnboundDeclaration() = def.getParameter()
|
||||
)
|
||||
}
|
||||
|
||||
private Expr getArgumentForOverridderParameter(Call call, Parameter p) {
|
||||
private Expr getArgumentForOverriderParameter(Call call, Parameter p) {
|
||||
exists(Parameter base, Callable callable | result = call.getArgumentForParameter(base) |
|
||||
base = callable.getAParameter() and
|
||||
isOverriderParameter(callable, p, base.getPosition())
|
||||
|
||||
@@ -74,7 +74,7 @@ class BitwiseOrExpr extends BinaryBitwiseOperation, @bit_or_expr {
|
||||
}
|
||||
|
||||
/**
|
||||
* A bitwise exlusive-or operation, for example `x ^ y`.
|
||||
* A bitwise exclusive-or operation, for example `x ^ y`.
|
||||
*/
|
||||
class BitwiseXorExpr extends BinaryBitwiseOperation, @bit_xor_expr {
|
||||
override string getOperator() { result = "^" }
|
||||
|
||||
@@ -417,7 +417,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if this initialier is a `this` initializer, for example `this(0)`
|
||||
* Holds if this initializer is a `this` initializer, for example `this(0)`
|
||||
* in
|
||||
*
|
||||
* ```csharp
|
||||
@@ -431,7 +431,7 @@ class ConstructorInitializer extends Call, @constructor_init_expr {
|
||||
predicate isThis() { this.getTargetType() = this.getConstructorType() }
|
||||
|
||||
/**
|
||||
* Holds if this initialier is a `base` initializer, for example `base(0)`
|
||||
* Holds if this initializer is a `base` initializer, for example `base(0)`
|
||||
* in
|
||||
*
|
||||
* ```csharp
|
||||
|
||||
@@ -389,7 +389,7 @@ class ArrayCreation extends Expr, @array_creation_expr {
|
||||
/** Holds if this array creation has an initializer. */
|
||||
predicate hasInitializer() { exists(this.getInitializer()) }
|
||||
|
||||
/** Gets the array initializer of this array cration, if any. */
|
||||
/** Gets the array initializer of this array creation, if any. */
|
||||
ArrayInitializer getInitializer() { result = this.getChild(-1) }
|
||||
|
||||
/** Holds if the type of the created array is inferred from its initializer. */
|
||||
|
||||
@@ -192,7 +192,7 @@ class Operation extends Expr, @op_expr {
|
||||
}
|
||||
|
||||
/**
|
||||
* A unary operation. Either a unary arithemtic operation
|
||||
* A unary operation. Either a unary arithmetic operation
|
||||
* (`UnaryArithmeticOperation`), a unary bitwise operation
|
||||
* (`UnaryBitwiseOperation`), a `sizeof` operation (`SizeofExpr`), a pointer
|
||||
* indirection operation (`PointerIndirectionExpr`), an address-of operation
|
||||
@@ -206,7 +206,7 @@ class UnaryOperation extends Operation, @un_op {
|
||||
}
|
||||
|
||||
/**
|
||||
* A binary operation. Either a binary arithemtic operation
|
||||
* A binary operation. Either a binary arithmetic operation
|
||||
* (`BinaryArithmeticOperation`), a binary bitwise operation
|
||||
* (`BinaryBitwiseOperation`), a comparison operation (`ComparisonOperation`),
|
||||
* or a binary logical operation (`BinaryLogicalOperation`).
|
||||
@@ -776,7 +776,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr {
|
||||
* struct A {
|
||||
* public void M() { }
|
||||
*
|
||||
* unsafe int DirectDerefence() {
|
||||
* unsafe int DirectDereference() {
|
||||
* int n = 10;
|
||||
* int *pn = &n;
|
||||
* return *pn;
|
||||
@@ -788,7 +788,7 @@ class SizeofExpr extends UnaryOperation, @sizeof_expr {
|
||||
* pa->M();
|
||||
* }
|
||||
*
|
||||
* unsafe void ArrayDerefence() {
|
||||
* unsafe void ArrayDereference() {
|
||||
* char* cp = stackalloc char[10];
|
||||
* cp[1] = 'a';
|
||||
* }
|
||||
@@ -813,7 +813,7 @@ class PointerIndirectionExpr extends UnaryOperation, @pointer_indirection_expr {
|
||||
*
|
||||
* ```csharp
|
||||
* class A {
|
||||
* unsafe int DirectDerefence() {
|
||||
* unsafe int DirectDereference() {
|
||||
* int n = 10;
|
||||
* int *pn = &n;
|
||||
* return *pn;
|
||||
|
||||
@@ -1243,7 +1243,7 @@ predicate implementsDispose(ValueOrRefType t) { getInvokedDisposeMethod(t).getDe
|
||||
|
||||
/**
|
||||
* Gets the dispose method that will be invoked on a value `x`
|
||||
* of type `t` when `x.Dipsose()` is called.
|
||||
* of type `t` when `x.Dispose()` is called.
|
||||
*
|
||||
* Either the dispose method is (an override of) `IDisposable.Dispose()`,
|
||||
* or an implementation of a method `Dispose(bool)` which is called
|
||||
|
||||
@@ -416,7 +416,7 @@ class MicrosoftAspNetCoreBuilderEndpointRouteBuilderExtensions extends Class {
|
||||
/** Gets the `MapDelete` extension method. */
|
||||
Method getMapDeleteMethod() { result = this.getAMethod("MapDelete") }
|
||||
|
||||
/** Get a `Map` like extenion methods. */
|
||||
/** Get a `Map` like extension methods. */
|
||||
Method getAMapMethod() {
|
||||
result =
|
||||
[
|
||||
|
||||
@@ -20,7 +20,7 @@ class SystemSecurityCryptographyClass extends Class {
|
||||
}
|
||||
|
||||
/** Data flow for `System.Security.Cryptography.AsnEncodedDataCollection`. */
|
||||
private class SystemSecurityCryptographyAsnEncondedDataCollectionFlowModelCsv extends SummaryModelCsv {
|
||||
private class SystemSecurityCryptographyAsnEncodedDataCollectionFlowModelCsv extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
|
||||
@@ -130,7 +130,7 @@ module XmlSettings {
|
||||
|
|
||||
not isSafeDtdSetting(dtdVal) and evidence = dtdVal
|
||||
) and
|
||||
reason = "DTD procesing enabled in settings"
|
||||
reason = "DTD processing enabled in settings"
|
||||
or
|
||||
not exists(getAValueForProp(creation, "ProhibitDtd")) and
|
||||
reason = "DTD processing is enabled by default in versions before 4.0" and
|
||||
|
||||
@@ -5,7 +5,7 @@ class Circle
|
||||
{
|
||||
return Math.Pow(radius, 2) * 3.14;
|
||||
}
|
||||
public double circumfrence()
|
||||
public double circumference()
|
||||
{
|
||||
return radius * 2 * 3.14;
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ class Circle
|
||||
{
|
||||
return Math.Pow(radius, 2) * 3.14; // BAD: use the "Pi" constant
|
||||
}
|
||||
public double circumfrence()
|
||||
public double circumference()
|
||||
{
|
||||
return radius * 2 * 3.14; // BAD: use the "Pi" constant
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions
|
||||
{
|
||||
KeyEncryptionKey = myKey,
|
||||
KeyResolver = myKeyResolver,
|
||||
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||
KeyWrapAlgorithm = myKeyWrapAlgorithm
|
||||
}
|
||||
});
|
||||
|
||||
@@ -28,7 +28,7 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions
|
||||
{
|
||||
KeyEncryptionKey = myKey,
|
||||
KeyResolver = myKeyResolver,
|
||||
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||
KeyWrapAlgorithm = myKeyWrapAlgorithm
|
||||
}
|
||||
});
|
||||
|
||||
@@ -39,6 +39,6 @@ var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions
|
||||
{
|
||||
KeyEncryptionKey = myKey,
|
||||
KeyResolver = myKeyResolver,
|
||||
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||
KeyWrapAlgorithm = myKeyWrapAlgorithm
|
||||
}
|
||||
});
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* @name Security sensitive JsonWebTokenHandler validations are disabled
|
||||
* @description Check if secruity sensitive token validations for `JsonWebTokenHandler` are being disabled.
|
||||
* @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled.
|
||||
* @kind problem
|
||||
* @tags security
|
||||
* JsonWebTokenHandler
|
||||
|
||||
@@ -61,7 +61,7 @@ class DateTimeStruct extends Struct {
|
||||
/**
|
||||
* holds if the Callable is used for DateTime arithmetic operations
|
||||
*/
|
||||
Callable getATimeSpanArtithmeticCallable() {
|
||||
Callable getATimeSpanArithmeticCallable() {
|
||||
(result = this.getAnOperator() or result = this.getAMethod()) and
|
||||
result.getName() in [
|
||||
"Add", "AddDays", "AddHours", "AddMilliseconds", "AddMinutes", "AddMonths", "AddSeconds",
|
||||
@@ -96,7 +96,7 @@ private class FlowsFromGetLastWriteTimeConfigToTimeSpanArithmeticCallable extend
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(Call call, DateTimeStruct dateTime |
|
||||
call.getAChild*() = sink.asExpr() and
|
||||
call = dateTime.getATimeSpanArtithmeticCallable().getACall()
|
||||
call = dateTime.getATimeSpanArithmeticCallable().getACall()
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -111,7 +111,7 @@ private class FlowsFromTimeSpanArithmeticToTimeComparisonCallable extends TaintT
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
exists(DateTimeStruct dateTime, Call call | source.asExpr() = call |
|
||||
call = dateTime.getATimeSpanArtithmeticCallable().getACall()
|
||||
call = dateTime.getATimeSpanArithmeticCallable().getACall()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -157,7 +157,7 @@ predicate isPotentialTimeBomb(
|
||||
|
|
||||
pathSource.getNode() = exprNode(getLastWriteTimeMethodCall) and
|
||||
config1.hasFlow(exprNode(getLastWriteTimeMethodCall), sink) and
|
||||
timeArithmeticCall = dateTime.getATimeSpanArtithmeticCallable().getACall() and
|
||||
timeArithmeticCall = dateTime.getATimeSpanArithmeticCallable().getACall() and
|
||||
timeArithmeticCall.getAChild*() = sink.asExpr() and
|
||||
config2.hasFlow(exprNode(timeArithmeticCall), sink2) and
|
||||
timeComparisonCall = dateTime.getAComparisonCallable().getACall() and
|
||||
|
||||
@@ -512,7 +512,7 @@ abstract class TranslatedElement extends TTranslatedElement {
|
||||
|
||||
/**
|
||||
* If the instruction specified by `tag` has a result of type `UnknownType`,
|
||||
* gets the size of the result in bytes. If the result does not have a knonwn
|
||||
* gets the size of the result in bytes. If the result does not have a known
|
||||
* constant size, this predicate does not hold.
|
||||
*/
|
||||
int getInstructionResultSize(InstructionTag tag) { none() }
|
||||
|
||||
@@ -403,7 +403,7 @@ class TranslatedGeneralCatchClause extends TranslatedClause {
|
||||
|
||||
/**
|
||||
* The IR translation of a throw statement that throws an exception,
|
||||
* as oposed to just rethrowing one.
|
||||
* as opposed to just rethrowing one.
|
||||
*/
|
||||
class TranslatedThrowExceptionStmt extends TranslatedStmt, InitializationContext {
|
||||
override ThrowStmt stmt;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* @name Usage of unsupported external library API
|
||||
* @description A call to an unsuppported external library API.
|
||||
* @description A call to an unsupported external library API.
|
||||
* @kind problem
|
||||
* @problem.severity recommendation
|
||||
* @tags meta
|
||||
|
||||
@@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) {
|
||||
* A TaintTracking Configuration used for tracking flow through APIs.
|
||||
* The sources are the parameters of the API and the fields of the enclosing type.
|
||||
*
|
||||
* This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field)
|
||||
* This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field)
|
||||
* into an existing known sink (then the API itself becomes a sink).
|
||||
*/
|
||||
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
|
||||
|
||||
@@ -131,7 +131,7 @@ private CS::Parameter getParameter(DataFlowImplCommon::ReturnNodeExt node, Param
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the CSV string represention of the the return node `node`.
|
||||
* Gets the CSV string representation of the the return node `node`.
|
||||
*/
|
||||
string returnNodeAsOutput(DataFlowImplCommon::ReturnNodeExt node) {
|
||||
if node.getKind() instanceof DataFlowImplCommon::ValueReturnKind
|
||||
|
||||
@@ -247,7 +247,7 @@ string captureSource(DataFlowTargetApi api) {
|
||||
* A TaintTracking Configuration used for tracking flow through APIs.
|
||||
* The sources are the parameters of the API and the fields of the enclosing type.
|
||||
*
|
||||
* This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field)
|
||||
* This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field)
|
||||
* into an existing known sink (then the API itself becomes a sink).
|
||||
*/
|
||||
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
|
||||
|
||||
Reference in New Issue
Block a user