hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/rust-canonical-paths

Browse Source
This commit is contained in:
Paolo Tranquilli
2024-12-16 16:23:41 +01:00
parent c8d668bcee a333453bd7
commit a15f19291a
1198 changed files with 22270 additions and 4311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.bazelrc
View File

@@ -24,4 +24,12 @@ common --registry=https://bcr.bazel.build
common --@rules_dotnet//dotnet/settings:strict_deps=false
# Reduce this eventually to empty, once we've fixed all our usages of java, and https://github.com/bazel-contrib/rules_go/issues/4193 is fixed
common --incompatible_autoload_externally="+@rules_java,+@rules_shell"
build --java_language_version=17
build --tool_java_language_version=17
build --tool_java_runtime_version=remotejdk_17
build --java_runtime_version=remotejdk_17
try-import %workspace%/local.bazelrc

2
.bazelversion
View File

@@ -1 +1 @@
8.0.0rc1
8.0.0

3
.gitattributes vendored
View File

@@ -86,4 +86,5 @@
/misc/ripunzip/ripunzip-* filter=lfs diff=lfs merge=lfs -text
# swift prebuilt resources
/swift/third_party/resource-dir/*.zip filter=lfs diff=lfs merge=lfs -text
/swift/third_party/resources/*.zip filter=lfs diff=lfs merge=lfs -text
/swift/third_party/resources/*.tar.zst filter=lfs diff=lfs merge=lfs -text

16
.github/workflows/swift.yml vendored
View File

@@ -50,17 +50,10 @@ jobs:
- uses: ./swift/actions/build-and-test
build-and-test-linux:
if: github.repository_owner == 'github'
runs-on: ubuntu-latest-xl
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./swift/actions/build-and-test
qltests-linux:
if: github.repository_owner == 'github'
needs: build-and-test-linux
runs-on: ubuntu-latest-xl
steps:
- uses: actions/checkout@v4
- uses: ./swift/actions/run-ql-tests
qltests-macos:
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
needs: build-and-test-macos
@@ -109,3 +102,10 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/fetch-codeql
- uses: ./swift/actions/database-upgrade-scripts
check-no-override:
if : github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- shell: bash
run: bazel test //swift/... --test_tag_filters=override --test_output=errors

2
.gitignore vendored
View File

@@ -8,7 +8,7 @@
# qltest projects and artifacts
*.actual
*/ql/test/**/*.testproj
*/ql/test*/**/*.testproj
*/ql/test/**/go.sum
# Visual studio temporaries, except a file used by QL4VS

30
MODULE.bazel
View File

@@ -15,19 +15,21 @@ local_path_override(
# see https://registry.bazel.build/ for a list of available packages
bazel_dep(name = "platforms", version = "0.0.10")
bazel_dep(name = "rules_go", version = "0.50.0")
bazel_dep(name = "rules_go", version = "0.50.1")
bazel_dep(name = "rules_pkg", version = "1.0.1")
bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
bazel_dep(name = "rules_python", version = "0.36.0")
bazel_dep(name = "rules_python", version = "0.40.0")
bazel_dep(name = "rules_shell", version = "0.3.0")
bazel_dep(name = "bazel_skylib", version = "1.7.1")
bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
bazel_dep(name = "fmt", version = "10.0.0")
bazel_dep(name = "rules_kotlin", version = "2.0.0-codeql.1")
bazel_dep(name = "gazelle", version = "0.38.0")
bazel_dep(name = "gazelle", version = "0.40.0")
bazel_dep(name = "rules_dotnet", version = "0.17.4")
bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
bazel_dep(name = "rules_rust", version = "0.52.2")
bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
@@ -94,10 +96,12 @@ use_repo(
swift_deps,
"binlog",
"picosha2",
"swift_prebuilt_darwin_x86_64",
"swift_prebuilt_linux",
"swift_toolchain_linux",
"swift_toolchain_macos",
"swift-prebuilt-linux",
"swift-prebuilt-linux-download-only",
"swift-prebuilt-macos",
"swift-prebuilt-macos-download-only",
"swift-resource-dir-linux",
"swift-resource-dir-macos",
)
node = use_extension("@rules_nodejs//nodejs:extensions.bzl", "node")
@@ -189,16 +193,6 @@ lfs_files(
executable = True,
)
lfs_files(
name = "swift-resource-dir-linux",
srcs = ["//swift/third_party/resource-dir:resource-dir-linux.zip"],
)
lfs_files(
name = "swift-resource-dir-macos",
srcs = ["//swift/third_party/resource-dir:resource-dir-macos.zip"],
)
register_toolchains(
"@nodejs_toolchains//:all",
)

9
config/identical-files.json
View File

@@ -234,12 +234,14 @@
"CryptoAlgorithms Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
"ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
"ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll",
"rust/ql/lib/codeql/rust/security/CryptoAlgorithms.qll"
],
"CryptoAlgorithmNames Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
"python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
"ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
"ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll",
"rust/ql/lib/codeql/rust/security/internal/CryptoAlgorithmNames.qll"
],
"SensitiveDataHeuristics Python/JS": [
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
@@ -254,7 +256,8 @@
"Concepts Python/Ruby/JS": [
"python/ql/lib/semmle/python/internal/ConceptsShared.qll",
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll",
"rust/ql/lib/codeql/rust/internal/ConceptsShared.qll"
],
"ApiGraphModels": [
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",

18
cpp/ql/lib/ext/CA2CAEX.model.yml Normal file
View File

@@ -0,0 +1,18 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]

15
cpp/ql/lib/ext/CAtlArray.model.yml Normal file
View File

@@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]

9
cpp/ql/lib/ext/CAtlFile.model.yml Normal file
View File

@@ -0,0 +1,9 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]

13
cpp/ql/lib/ext/CAtlFileMappingBase.model.yml Normal file
View File

@@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

15
cpp/ql/lib/ext/CAtlList.model.yml Normal file
View File

@@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]

8
cpp/ql/lib/ext/CAtlTemporaryFile.model.yml Normal file
View File

@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

33
cpp/ql/lib/ext/CComBSTR.model.yml Normal file
View File

@@ -0,0 +1,33 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"]
- ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
- ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

26
cpp/ql/lib/ext/CComSafeArray.model.yml Normal file
View File

@@ -0,0 +1,26 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray<T>", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"]
- ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"]
- ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

23
cpp/ql/lib/ext/CPathT.model.yml Normal file
View File

@@ -0,0 +1,23 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
# Note: These don't work currently since we cannot use the template parameter in the name of the function
# - ["", "CPathT<T>", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
# - ["", "CPathT<T>", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

20
cpp/ql/lib/ext/CRegKey.model.yml Normal file
View File

@@ -0,0 +1,20 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

12
cpp/ql/lib/ext/CSimpleArray.model.yml Normal file
View File

@@ -0,0 +1,12 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]

12
cpp/ql/lib/ext/CSimpleMap.model.yml Normal file
View File

@@ -0,0 +1,12 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]

21
cpp/ql/lib/ext/CUrl.model.yml Normal file
View File

@@ -0,0 +1,21 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

15
cpp/ql/lib/semmle/code/cpp/PrintAST.qll
View File

@@ -954,9 +954,18 @@ private predicate namedExprChildPredicates(Expr expr, Element ele, string pred)
expr.(C11GenericExpr).getAssociationExpr(n) = ele and pred = "getAssociationExpr(" + n + ")"
)
or
expr.(Call).getQualifier() = ele and pred = "getQualifier()"
// OverloadedArrayExpr::getArrayBase/0 also considers qualifiers, and is already handled below.
not expr.(OverloadedArrayExpr).getArrayBase() = expr.(Call).getQualifier() and
expr.(Call).getQualifier() = ele and
pred = "getQualifier()"
or
exists(int n | expr.(Call).getArgument(n) = ele and pred = "getArgument(" + n.toString() + ")")
// OverloadedArrayExpr::getArrayBase/0 and OverloadedArrayExpr::getArrayOffset/0 also consider arguments, and are already handled below.
exists(int n, Expr arg | expr.(Call).getArgument(n) = arg |
not expr.(OverloadedArrayExpr).getArrayBase() = arg and
not expr.(OverloadedArrayExpr).getArrayOffset() = arg and
arg = ele and
pred = "getArgument(" + n.toString() + ")"
)
or
expr.(ExprCall).getExpr() = ele and pred = "getExpr()"
or
@@ -964,7 +973,7 @@ private predicate namedExprChildPredicates(Expr expr, Element ele, string pred)
or
expr.(OverloadedArrayExpr).getArrayOffset() = ele and pred = "getArrayOffset()"
or
// OverloadedPointerDereferenceExpr::getExpr/0 also considers qualifiers, which are already handled above for all Call classes.
// OverloadedPointerDereferenceExpr::getExpr/0 also considers qualifiers, and is already handled above for all Call classes.
not expr.(OverloadedPointerDereferenceExpr).getQualifier() =
expr.(OverloadedPointerDereferenceExpr).getExpr() and
expr.(OverloadedPointerDereferenceExpr).getExpr() = ele and

56
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -434,18 +434,48 @@ private predicate elementSpec(
summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _)
}
/**
* Holds if `c` is an instantiation of a class template `templateClass`, or
* holds with `c = templateClass` if `c` is not an instantiation of any class
* template.
*
* This predicate is used instead of `Class.isConstructedFrom` (which only
* holds for template instantiations) in this file to allow for uniform
* treatment of non-templated classes and class template instantiations.
*/
private predicate isClassConstructedFrom(Class c, Class templateClass) {
c.isConstructedFrom(templateClass)
or
not c.isConstructedFrom(_) and c = templateClass
}
/**
* Holds if `f` is an instantiation of a function template `templateFunc`, or
* holds with `f = templateFunc` if `f` is not an instantiation of any function
* template.
*
* This predicate is used instead of `Function.isConstructedFrom` (which only
* holds for template instantiations) in this file to allow for uniform
* treatment of non-templated classes and class template instantiations.
*/
private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
f.isConstructedFrom(templateFunc)
or
not f.isConstructedFrom(_) and f = templateFunc
}
/** Gets the fully templated version of `f`. */
private Function getFullyTemplatedFunction(Function f) {
not f.isFromUninstantiatedTemplate(_) and
(
exists(Class c, Class templateClass, int i |
c.isConstructedFrom(templateClass) and
isClassConstructedFrom(c, templateClass) and
f = c.getAMember(i) and
result = templateClass.getCanonicalMember(i)
)
or
not exists(f.getDeclaringType()) and
f.isConstructedFrom(result)
isFunctionConstructedFrom(f, result)
)
}
@@ -489,7 +519,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain
private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
// If there is a declaring type then we start by expanding the function templates
exists(Class template |
f.getDeclaringType().isConstructedFrom(template) and
isClassConstructedFrom(f.getDeclaringType(), template) and
remaining = template.getNumberOfTemplateArguments() and
result = getTypeNameWithoutFunctionTemplates(f, n, 0)
)
@@ -501,7 +531,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
or
exists(string mid, TemplateParameter tp, Class template |
mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
f.getDeclaringType().isConstructedFrom(template) and
isClassConstructedFrom(f.getDeclaringType(), template) and
tp = template.getTemplateArgument(remaining) and
result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())
)
@@ -742,6 +772,22 @@ private predicate elementSpecMatchesSignature(
signatureMatches(func, signature, type, name, 0)
}
/**
* Holds when `method` has name `nameWithoutArgs`, and gets the enclosing
* class of `method`. Unlike `method.getClassAndName` this predicate does
* not strip typedefs from the name when `method` is an `ConversionOperator`.
*/
bindingset[nameWithoutArgs]
pragma[inline_late]
private Class getClassAndNameImpl(Function method, string nameWithoutArgs) {
exists(string memberName | result = method.getClassAndName(memberName) |
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
not method instanceof ConversionOperator and
memberName = nameWithoutArgs
)
}
/**
* Holds if `classWithMethod` has `method` named `name` (excluding any
* template parameters).
@@ -751,7 +797,7 @@ pragma[inline_late]
private predicate hasClassAndName(Class classWithMethod, Function method, string name) {
exists(string nameWithoutArgs |
parseAngles(name, nameWithoutArgs, _, "") and
classWithMethod = method.getClassAndName(nameWithoutArgs)
classWithMethod = getClassAndNameImpl(method, nameWithoutArgs)
)
}

29
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -2275,6 +2275,12 @@ private predicate guardControlsPhiInput(
*/
signature predicate guardChecksSig(IRGuardCondition g, Expr e, boolean branch);
bindingset[g, n]
pragma[inline_late]
private predicate controls(IRGuardCondition g, Node n, boolean edge) {
g.controls(n.getBasicBlock(), edge)
}
/**
* Provides a set of barrier nodes for a guard that validates an expression.
*
@@ -2318,15 +2324,17 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
exists(IRGuardCondition g, Expr e, ValueNumber value, boolean edge |
e = value.getAnInstruction().getConvertedResultExpression() and
result.asConvertedExpr() = e and
guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
g.controls(result.getBasicBlock(), edge)
guardChecks(g,
pragma[only_bind_into](value.getAnInstruction().getConvertedResultExpression()), edge) and
controls(g, result, edge)
)
or
exists(
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
|
guardChecks(g, def.getARead().asOperand().getDef().getConvertedResultExpression(), branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}
@@ -2404,8 +2412,9 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
exists(IRGuardCondition g, Expr e, ValueNumber value, boolean edge |
e = value.getAnInstruction().getConvertedResultExpression() and
result.asIndirectConvertedExpr(indirectionIndex) = e and
guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
g.controls(result.getBasicBlock(), edge)
guardChecks(g,
pragma[only_bind_into](value.getAnInstruction().getConvertedResultExpression()), edge) and
controls(g, result, edge)
)
or
exists(
@@ -2414,7 +2423,8 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
guardChecks(g,
def.getARead().asIndirectOperand(indirectionIndex).getDef().getConvertedResultExpression(),
branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}
@@ -2443,17 +2453,18 @@ module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardCheck
/** Gets a node that is safely guarded by the given guard check. */
Node getABarrierNode() {
exists(IRGuardCondition g, ValueNumber value, boolean edge, Operand use |
instructionGuardChecks(g, value.getAnInstruction(), edge) and
instructionGuardChecks(g, pragma[only_bind_into](value.getAnInstruction()), edge) and
use = value.getAnInstruction().getAUse() and
result.asOperand() = use and
g.controls(result.getBasicBlock(), edge)
controls(g, result, edge)
)
or
exists(
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
|
instructionGuardChecks(g, def.getARead().asOperand().getDef(), branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}

1
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -1276,6 +1276,7 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
}
/** Gets a node that represents a read of this SSA definition. */
pragma[nomagic]
Node getARead() {
exists(SourceVariable sv, IRBlock bb, int i | SsaCached::ssaDefReachesReadExt(sv, this, bb, i) |
useToNode(bb, i, sv, result)

7
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TypeFlow.qll
View File

@@ -27,8 +27,11 @@ private module Input implements TypeFlowInput<Location> {
}
private predicate hasExactSingleType(Instruction i) {
// The address of a variable is always a single object
i instanceof VariableAddressInstruction
// The address of a variable is always a single object (unless it's an array)
exists(VariableAddressInstruction vai |
i = vai and
not vai.getResultType() instanceof ArrayType
)
or
// A reference always points to a single object
i.getResultLanguageType().hasUnspecifiedType(any(ReferenceType rt), false)

35
cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll
View File

@@ -8,7 +8,8 @@ private newtype TEdgeKind =
TGotoEdge() or // Single successor (including fall-through)
TTrueEdge() or // 'true' edge of conditional branch
TFalseEdge() or // 'false' edge of conditional branch
TExceptionEdge() or // Thrown exception
TCppExceptionEdge() or // Thrown C++ exception
TSehExceptionEdge() or // Thrown SEH exception
TDefaultEdge() or // 'default' label of switch
TCaseEdge(string minValue, string maxValue) {
// Case label of switch
@@ -51,12 +52,31 @@ class FalseEdge extends EdgeKindImpl, TFalseEdge {
final override string toString() { result = "False" }
}
abstract private class ExceptionEdgeImpl extends EdgeKindImpl { }
/**
* An "exception" edge, representing the successor of an instruction when that
* instruction's evaluation throws an exception.
*
* Exception edges are expclitly sublcassed to `CppExceptionEdge` and `SehExceptionEdge`
* only. Further sublcasses, if required, should be added privately here for IR efficiency.
*/
class ExceptionEdge extends EdgeKindImpl, TExceptionEdge {
final override string toString() { result = "Exception" }
final class ExceptionEdge = ExceptionEdgeImpl;
/**
* An "exception" edge, representing the successor of an instruction when that
* instruction's evaluation throws a C++ exception.
*/
class CppExceptionEdge extends ExceptionEdgeImpl, TCppExceptionEdge {
final override string toString() { result = "C++ Exception" }
}
/**
* An "exception" edge, representing the successor of an instruction when that
* instruction's evaluation throws an SEH exception.
*/
class SehExceptionEdge extends ExceptionEdgeImpl, TSehExceptionEdge {
final override string toString() { result = "SEH Exception" }
}
/**
@@ -123,9 +143,14 @@ module EdgeKind {
FalseEdge falseEdge() { result = TFalseEdge() }
/**
* Gets the single instance of the `ExceptionEdge` class.
* Gets the single instance of the `CppExceptionEdge` class.
*/
ExceptionEdge exceptionEdge() { result = TExceptionEdge() }
CppExceptionEdge cppExceptionEdge() { result = TCppExceptionEdge() }
/**
* Gets the single instance of the `SehExceptionEdge` class.
*/
SehExceptionEdge sehExceptionEdge() { result = TSehExceptionEdge() }
/**
* Gets the single instance of the `DefaultEdge` class.

20
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
View File

@@ -422,16 +422,22 @@ private int getSuccessorIndex(IRBlock pred, IRBlock succ) {
* has the given `value`.
*/
query predicate edges(PrintableIRBlock pred, PrintableIRBlock succ, string key, string value) {
exists(EdgeKind kind, IRBlock predBlock, IRBlock succBlock |
exists(IRBlock predBlock, IRBlock succBlock |
predBlock = pred.getBlock() and
succBlock = succ.getBlock() and
predBlock.getSuccessor(kind) = succBlock and
(
(
key = "semmle.label" and
if predBlock.getBackEdgeSuccessor(kind) = succBlock
then value = kind.toString() + " (back edge)"
else value = kind.toString()
key = "semmle.label" and
exists(string kinds |
kinds =
strictconcat(EdgeKind k |
predBlock.getSuccessor(k) = succBlock
|
k.toString(), "|" order by k.toString()
)
|
if predBlock.getBackEdgeSuccessor(_) = succBlock
then value = kinds + " (back edge)"
else value = kinds
)
or
key = "semmle.order" and

20
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
View File

@@ -422,16 +422,22 @@ private int getSuccessorIndex(IRBlock pred, IRBlock succ) {
* has the given `value`.
*/
query predicate edges(PrintableIRBlock pred, PrintableIRBlock succ, string key, string value) {
exists(EdgeKind kind, IRBlock predBlock, IRBlock succBlock |
exists(IRBlock predBlock, IRBlock succBlock |
predBlock = pred.getBlock() and
succBlock = succ.getBlock() and
predBlock.getSuccessor(kind) = succBlock and
(
(
key = "semmle.label" and
if predBlock.getBackEdgeSuccessor(kind) = succBlock
then value = kind.toString() + " (back edge)"
else value = kind.toString()
key = "semmle.label" and
exists(string kinds |
kinds =
strictconcat(EdgeKind k |
predBlock.getSuccessor(k) = succBlock
|
k.toString(), "|" order by k.toString()
)
|
if predBlock.getBackEdgeSuccessor(_) = succBlock
then value = kinds + " (back edge)"
else value = kinds
)
or
key = "semmle.order" and

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
View File

@@ -88,7 +88,7 @@ abstract class TranslatedCall extends TranslatedExpr {
result = this.getParent().getChildSuccessor(this, kind)
or
this.mayThrowException() and
kind instanceof ExceptionEdge and
kind instanceof CppExceptionEdge and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
}

4
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -3039,7 +3039,7 @@ class TranslatedDestructorsAfterThrow extends TranslatedElement, TTranslatedDest
or
// And otherwise, exit this element with an exceptional edge
not exists(this.getChild(id + 1)) and
kind instanceof ExceptionEdge and
kind instanceof CppExceptionEdge and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
}
@@ -3078,7 +3078,7 @@ abstract class TranslatedThrowExpr extends TranslatedNonConstantExpr {
result = this.getDestructors().getFirstInstruction(kind)
or
not exists(this.getDestructors()) and
kind instanceof ExceptionEdge and
kind instanceof CppExceptionEdge and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
}

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -932,7 +932,7 @@ class TranslatedCatchByTypeHandler extends TranslatedHandler {
kind instanceof GotoEdge and
result = this.getParameter().getFirstInstruction(kind)
or
kind instanceof ExceptionEdge and
kind instanceof CppExceptionEdge and
if exists(this.getDestructors())
then result = this.getDestructors().getFirstInstruction(any(GotoEdge edge))
else result = this.getParent().(TranslatedTryStmt).getNextHandler(this, any(GotoEdge edge))

20
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
View File

@@ -422,16 +422,22 @@ private int getSuccessorIndex(IRBlock pred, IRBlock succ) {
* has the given `value`.
*/
query predicate edges(PrintableIRBlock pred, PrintableIRBlock succ, string key, string value) {
exists(EdgeKind kind, IRBlock predBlock, IRBlock succBlock |
exists(IRBlock predBlock, IRBlock succBlock |
predBlock = pred.getBlock() and
succBlock = succ.getBlock() and
predBlock.getSuccessor(kind) = succBlock and
(
(
key = "semmle.label" and
if predBlock.getBackEdgeSuccessor(kind) = succBlock
then value = kind.toString() + " (back edge)"
else value = kind.toString()
key = "semmle.label" and
exists(string kinds |
kinds =
strictconcat(EdgeKind k |
predBlock.getSuccessor(k) = succBlock
|
k.toString(), "|" order by k.toString()
)
|
if predBlock.getBackEdgeSuccessor(_) = succBlock
then value = kinds + " (back edge)"
else value = kinds
)
or
key = "semmle.order" and

7
cpp/ql/lib/semmle/code/cpp/models/Models.qll
View File

@@ -50,3 +50,10 @@ private import implementations.System
private import implementations.StructuredExceptionHandling
private import implementations.ZMQ
private import implementations.Win32CommandExecution
private import implementations.CA2AEX
private import implementations.CComBSTR
private import implementations.CPathT
private import implementations.CAtlFile
private import implementations.CAtlFileMapping
private import implementations.CAtlTemporaryFile
private import implementations.CRegKey

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll Normal file
View File

@@ -0,0 +1,17 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/**
* The `CA2AEX` (and related) classes from the Windows Active Template library.
*/
class Ca2Aex extends Class {
Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) }
}
private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
Ca2AexTaintInheritingContent() {
// The two members m_psz and m_szBuffer
this.getField().getDeclaringType() instanceof Ca2Aex
}
}

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll Normal file
View File

@@ -0,0 +1,17 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlFile extends Class {
CAtlFile() { this.hasGlobalName("CAtlFile") }
}
private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction {
CAtlFileRead() { this.getClassAndName("Read") instanceof CAtlFile }
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(0) and
description = "string read by " + this.getName()
}
}

37
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll Normal file
View File

@@ -0,0 +1,37 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFileMapping` class from Microsoft's Active Template Library.
*/
class CAtlFileMapping extends Class {
CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") }
}
/**
* The `CAtlFileMappingBase` class from Microsoft's Active Template Library.
*/
class CAtlFileMappingBase extends Class {
CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") }
}
private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction {
CAtlFileMappingBaseGetData() {
this.getClassAndName("GetData") = any(CAtlFileMappingBase fileMaping).getADerivedClass*()
}
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isReturnValueDeref(1) and
description = "data read by " + this.getName()
}
}
private class CAtlFileMappingGetData extends MemberFunction, LocalFlowSourceFunction {
CAtlFileMappingGetData() {
this.(ConversionOperator).getDeclaringType() instanceof CAtlFileMapping
}
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isReturnValueDeref(1) and
description = "data read by " + this.getName()
}
}

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll Normal file
View File

@@ -0,0 +1,17 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlTemporaryFile extends Class {
CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") }
}
private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction {
CAtlTemporaryFileRead() { this.getClassAndName("Read") instanceof CAtlTemporaryFile }
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(0) and
description = "string read by " + this.getName()
}
}

16
cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll Normal file
View File

@@ -0,0 +1,16 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CComBSTR` class from the Microsoft "Active Template Library". */
class CcomBstr extends Class {
CcomBstr() { this.hasGlobalName("CComBSTR") }
}
private class Mstr extends Field {
Mstr() { this.getDeclaringType() instanceof CcomBstr and this.hasName("m_str") }
}
private class MstrTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
MstrTaintInheritingContent() { this.getField() instanceof Mstr }
}

16
cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll Normal file
View File

@@ -0,0 +1,16 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CPathT` class from the Microsoft "Active Template Library". */
class CPathT extends Class {
CPathT() { this.hasGlobalName("CPathT") }
}
private class MStrPath extends Field {
MStrPath() { this.getDeclaringType() instanceof CPathT and this.hasName("m_strPath") }
}
private class MStrPathTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
MStrPathTaintInheritingContent() { this.getField() instanceof MStrPath }
}

87
cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll Normal file
View File

@@ -0,0 +1,87 @@
private import cpp
private import semmle.code.cpp.models.interfaces.FlowSource
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CRegKey` class from the Microsoft "Active Template Library". */
class CRegKey extends Class {
CRegKey() { this.hasGlobalName("CRegKey") }
}
module CRegKey {
/** The `m_hKey` member on a object of type `CRegKey`. */
class MhKey extends Field {
MhKey() {
this.getDeclaringType() instanceof CRegKey and
this.getName() = "m_hKey"
}
}
private class MhKeyPathTaintInheritingContent extends TaintInheritingContent,
DataFlow::FieldContent
{
MhKeyPathTaintInheritingContent() { this.getField() instanceof MhKey }
}
private class CRegKeyMemberFunction extends MemberFunction {
string name;
CRegKeyMemberFunction() { this.getClassAndName(name) instanceof CRegKey }
}
abstract private class CRegKeyFlowSource extends CRegKeyMemberFunction, LocalFlowSourceFunction {
FunctionOutput output;
final override predicate hasLocalFlowSource(FunctionOutput output_, string description) {
output_ = output and
description = "registry string read by " + name
}
}
/** The `CRegKey::QueryBinaryValue` function from Win32. */
class QueryBinaryValue extends CRegKeyFlowSource {
QueryBinaryValue() { name = "QueryBinaryValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryDWORDValue` function from Win32. */
class QueryDwordValue extends CRegKeyFlowSource {
QueryDwordValue() { name = "QueryDWORDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryGUIDValue` function from Win32. */
class QueryGuidValue extends CRegKeyFlowSource {
QueryGuidValue() { name = "QueryGUIDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryMultiStringValue` function from Win32. */
class QueryMultiStringValue extends CRegKeyFlowSource {
QueryMultiStringValue() { name = "QueryMultiStringValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryQWORDValue` function from Win32. */
class QueryQwordValue extends CRegKeyFlowSource {
QueryQwordValue() { name = "QueryQWORDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryStringValue` function from Win32. */
class QueryStringValue extends CRegKeyFlowSource {
QueryStringValue() { name = "QueryStringValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryValue` function from Win32. */
class QueryValue extends CRegKeyFlowSource {
QueryValue() {
name = "QueryValue" and
(
this.getNumberOfParameters() = 4 and
output.isParameterDeref(2)
or
this.getNumberOfParameters() = 2 and
output.isParameterDeref(0)
or
this.getNumberOfParameters() = 3 and
output.isParameterDeref(0)
)
}
}
}

0
cpp/ql/test/TestUtilities/InlineExpectationsTest.qll → cpp/ql/lib/utils/test/InlineExpectationsTest.qll
View File

0
cpp/ql/test/TestUtilities/InlineExpectationsTestQuery.ql → cpp/ql/lib/utils/test/InlineExpectationsTestQuery.ql
View File

2
cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll → cpp/ql/lib/utils/test/dataflow/FlowTestCommon.qll
View File

@@ -14,7 +14,7 @@
import cpp
private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow
private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module IRFlowTest<IRDataFlow::GlobalFlowSig Flow> implements TestSig {
string getARelevantTag() { result = "ir" }

0
cpp/ql/test/TestUtilities/internal/InlineExpectationsTestImpl.qll → cpp/ql/lib/utils/test/internal/InlineExpectationsTestImpl.qll
View File

3
cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
View File

@@ -44,7 +44,8 @@ where
) and
// A typical problem is that string literals are concatenated, but if one of the string
// literals is an undefined macro, then this just leads to a syntax error.
not exists(SyntaxError e | e.affects(fl))
not exists(SyntaxError e | e.affects(fl)) and
not ffc.getArgument(_) instanceof ErrorExpr
select ffc,
"Format for " + ffcName + " expects " + expected.toString() + " arguments but given " +
given.toString()

2
cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
View File

@@ -170,7 +170,7 @@ where
) and
not arg.isAffectedByMacro() and
not arg.isFromUninstantiatedTemplate(_) and
not actual.getUnspecifiedType() instanceof ErroneousType and
not actual.stripType() instanceof ErroneousType and
not arg.(Call).mayBeFromImplicitlyDeclaredFunction()
select arg,
"This format specifier for type '" + expected.getName() + "' does not match the argument type '" +

3
cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
View File

@@ -25,7 +25,8 @@ from BufferWrite bw, int destSize
where
bw.hasExplicitLimit() and // has an explicit size limit
destSize = max(getBufferSize(bw.getDest(), _)) and
bw.getExplicitLimit() > destSize // but it's larger than the destination
bw.getExplicitLimit() > destSize and // but it's larger than the destination
not bw.getDest().getType().stripType() instanceof ErroneousType // destSize may be incorrect
select bw,
"This '" + bw.getBWDesc() + "' operation is limited to " + bw.getExplicitLimit() +
" bytes but the destination is only " + destSize + " bytes."

4
cpp/ql/src/change-notes/2024-11-27-active-template-library.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL).

4
cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer.

4
cpp/ql/src/change-notes/2024-12-05-wrong-number-format-arguments.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error.

4
cpp/ql/src/change-notes/2024-12-05-wrong-type-format-args.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error.

42
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
View File

@@ -21,7 +21,11 @@ edges
| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
| test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance | |
| test.cpp:92:9:92:11 | definition of arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
@@ -31,40 +35,54 @@ edges
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance | |
| test.cpp:142:10:142:13 | definition of asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | |
| test.cpp:154:7:154:9 | definition of buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance | |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance | |
| test.cpp:217:19:217:24 | definition of buffer | test.cpp:218:16:218:28 | buffer | provenance | |
| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
| test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance | |
| test.cpp:228:10:228:14 | definition of array | test.cpp:229:17:229:29 | array | provenance | |
| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
| test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:273:19:273:25 | definition of buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance | |
| test.cpp:278:14:278:14 | p | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:282:19:282:25 | definition of buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance | |
| test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:288:19:288:25 | definition of buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
| test.cpp:305:9:305:12 | definition of arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:308:9:308:12 | definition of arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
| test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
@@ -114,32 +132,39 @@ nodes
| test.cpp:85:34:85:36 | buf | semmle.label | buf |
| test.cpp:87:5:87:31 | access to array | semmle.label | access to array |
| test.cpp:88:5:88:27 | access to array | semmle.label | access to array |
| test.cpp:92:9:92:11 | definition of arr | semmle.label | definition of arr |
| test.cpp:96:13:96:15 | arr | semmle.label | arr |
| test.cpp:96:13:96:18 | access to array | semmle.label | access to array |
| test.cpp:102:9:102:11 | definition of arr | semmle.label | definition of arr |
| test.cpp:111:17:111:19 | arr | semmle.label | arr |
| test.cpp:111:17:111:22 | access to array | semmle.label | access to array |
| test.cpp:115:35:115:37 | arr | semmle.label | arr |
| test.cpp:115:35:115:40 | access to array | semmle.label | access to array |
| test.cpp:119:17:119:19 | arr | semmle.label | arr |
| test.cpp:119:17:119:22 | access to array | semmle.label | access to array |
| test.cpp:125:11:125:13 | definition of arr | semmle.label | definition of arr |
| test.cpp:128:9:128:11 | arr | semmle.label | arr |
| test.cpp:128:9:128:14 | access to array | semmle.label | access to array |
| test.cpp:134:25:134:27 | arr | semmle.label | arr |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:138:13:138:15 | arr | semmle.label | arr |
| test.cpp:142:10:142:13 | definition of asdf | semmle.label | definition of asdf |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
| test.cpp:146:26:146:26 | *p | semmle.label | *p |
| test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... |
| test.cpp:154:7:154:9 | definition of buf | semmle.label | definition of buf |
| test.cpp:156:12:156:14 | buf | semmle.label | buf |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:158:17:158:18 | *& ... | semmle.label | *& ... |
| test.cpp:217:19:217:24 | definition of buffer | semmle.label | definition of buffer |
| test.cpp:218:16:218:28 | buffer | semmle.label | buffer |
| test.cpp:218:23:218:28 | buffer | semmle.label | buffer |
| test.cpp:220:5:220:11 | access to array | semmle.label | access to array |
| test.cpp:221:5:221:11 | access to array | semmle.label | access to array |
| test.cpp:228:10:228:14 | definition of array | semmle.label | definition of array |
| test.cpp:229:17:229:29 | array | semmle.label | array |
| test.cpp:229:25:229:29 | array | semmle.label | array |
| test.cpp:231:5:231:10 | access to array | semmle.label | access to array |
@@ -147,22 +172,29 @@ nodes
| test.cpp:245:30:245:30 | p | semmle.label | p |
| test.cpp:245:30:245:30 | p | semmle.label | p |
| test.cpp:261:27:261:30 | access to array | semmle.label | access to array |
| test.cpp:273:19:273:25 | definition of buffer3 | semmle.label | definition of buffer3 |
| test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
| test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
| test.cpp:277:35:277:35 | p | semmle.label | p |
| test.cpp:278:14:278:14 | p | semmle.label | p |
| test.cpp:282:19:282:25 | definition of buffer1 | semmle.label | definition of buffer1 |
| test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
| test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
| test.cpp:285:19:285:25 | definition of buffer2 | semmle.label | definition of buffer2 |
| test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
| test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
| test.cpp:288:19:288:25 | definition of buffer3 | semmle.label | definition of buffer3 |
| test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
| test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
| test.cpp:292:25:292:27 | arr | semmle.label | arr |
| test.cpp:299:16:299:21 | access to array | semmle.label | access to array |
| test.cpp:305:9:305:12 | definition of arr1 | semmle.label | definition of arr1 |
| test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
| test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
| test.cpp:308:9:308:12 | definition of arr2 | semmle.label | definition of arr2 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:314:10:314:13 | definition of temp | semmle.label | definition of temp |
| test.cpp:319:13:319:27 | ... = ... | semmle.label | ... = ... |
| test.cpp:319:19:319:22 | temp | semmle.label | temp |
| test.cpp:319:19:319:27 | ... + ... | semmle.label | ... + ... |
@@ -187,13 +219,23 @@ subpaths
| test.cpp:72:5:72:15 | PointerAdd: access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write |
| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write |
| test.cpp:88:5:88:27 | PointerAdd: access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write |
| test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
| test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
| test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:142:10:142:13 | definition of asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
| test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:143:18:143:21 | asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
| test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:217:19:217:24 | definition of buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
| test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
| test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:228:10:228:14 | definition of array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
| test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
| test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
| test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:286:19:286:25 | buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
| test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:308:9:308:12 | definition of arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
| test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:309:20:309:23 | arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |

2
cpp/ql/test/library-tests/dataflow/asExpr/test-indirect.ql
View File

@@ -1,5 +1,5 @@
import cpp
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.dataflow.new.DataFlow::DataFlow
bindingset[s]

2
cpp/ql/test/library-tests/dataflow/asExpr/test.ql
View File

@@ -1,5 +1,5 @@
import cpp
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.dataflow.new.DataFlow::DataFlow
bindingset[s]

4
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -181,6 +181,10 @@ postWithInFlow
| test.cpp:1108:4:1108:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:3:1109:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:4:1109:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:3:1138:13 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:5:1138:8 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:3:1139:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
private import cpp
private import semmle.code.cpp.ir.dataflow.DataFlow
private import semmle.code.cpp.controlflow.IRGuards

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import cpp
module AstTest {

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import cpp
module AstTest {

3
cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
View File

@@ -132,6 +132,8 @@ astFlow
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1074:10:1074:10 | i |
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1082:10:1082:10 | i |
| test.cpp:1086:12:1086:12 | a | test.cpp:1088:8:1088:9 | & ... |
| test.cpp:1137:7:1137:10 | data | test.cpp:1140:8:1140:18 | * ... |
| test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
| true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
@@ -324,6 +326,7 @@ irFlow
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1081:10:1081:10 | i |
| test.cpp:1117:27:1117:34 | call to source | test.cpp:1117:27:1117:34 | call to source |
| test.cpp:1132:11:1132:16 | call to source | test.cpp:1121:8:1121:8 | x |
| test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
| true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |

7
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -1131,4 +1131,11 @@ void (*dispatch_table[])(int) = {
void test_dispatch_table(int i) {
int x = source();
dispatch_table[i](x);
}
void test_uncertain_array(int n1, int n2) {
int data[10];
*(data + 1) = source();
*data = 0;
sink(*(data + 1)); // $ ast=1138:17 ast=1137:7 ir
}

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql
View File

@@ -1,3 +1,3 @@
import TestBase
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>>

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_argument_flow.ql
View File

@@ -1,6 +1,6 @@
import cpp
import semmle.code.cpp.dataflow.new.DataFlow
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module TestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql
View File

@@ -1,6 +1,6 @@
import cpp
import semmle.code.cpp.dataflow.new.DataFlow
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module TestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import cpp
module AstTest {

3
cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
View File

@@ -56,3 +56,6 @@
| test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a |
| test.cpp:1086:12:1086:12 | a | test.cpp:1087:3:1087:3 | a |
| test.cpp:1086:12:1086:12 | a | test.cpp:1088:9:1088:9 | a |
| test.cpp:1137:7:1137:10 | data | test.cpp:1138:5:1138:8 | data |
| test.cpp:1137:7:1137:10 | data | test.cpp:1139:4:1139:7 | data |
| test.cpp:1137:7:1137:10 | data | test.cpp:1140:10:1140:13 | data |

10
cpp/ql/test/library-tests/dataflow/external-models/flow.expected
View File

@@ -10,14 +10,14 @@ edges
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 |
| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 |
| test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | |
| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 |
| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 |
nodes
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
| asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |

2
cpp/ql/test/library-tests/dataflow/external-models/flow.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
import cpp
import semmle.code.cpp.security.FlowSources
import IRTest::IRFlow::PathGraph

20
cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
View File

@@ -1,8 +1,28 @@
| Dubious member name "operator BSTR" in summary model. |
| Dubious member name "operator HKEY" in summary model. |
| Dubious member name "operator LPCSTR" in summary model. |
| Dubious member name "operator LPSAFEARRAY" in summary model. |
| Dubious member name "operator LPSTR" in summary model. |
| Dubious member name "operator LPWSTR" in summary model. |
| Dubious member name "operator PCXSTR" in summary model. |
| Dubious member name "operator&" in summary model. |
| Dubious member name "operator*" in summary model. |
| Dubious member name "operator+=" in summary model. |
| Dubious member name "operator->" in summary model. |
| Dubious member name "operator=" in summary model. |
| Dubious member name "operator[]" in summary model. |
| Dubious signature "(CAtlFile &)" in summary model. |
| Dubious signature "(CComBSTR &&)" in summary model. |
| Dubious signature "(CRegKey &)" in summary model. |
| Dubious signature "(DWORD &,LPCTSTR)" in summary model. |
| Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. |
| Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. |
| Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. |
| Dubious signature "(const CComBSTR &)" in summary model. |
| Dubious signature "(const CComSafeArray &)" in summary model. |
| Dubious signature "(const SAFEARRAY &)" in summary model. |
| Dubious signature "(const SAFEARRAY *)" in summary model. |
| Dubious signature "(const T &,BOOL)" in summary model. |
| Dubious signature "(const deque &)" in summary model. |
| Dubious signature "(const deque &,const Allocator &)" in summary model. |
| Dubious signature "(const forward_list &)" in summary model. |

2
cpp/ql/test/library-tests/dataflow/fields/flow.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
module AstTest {
import ASTConfiguration

2
cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import testModels
module InterpretElementTest implements TestSig {

2
cpp/ql/test/library-tests/dataflow/models-as-data/taint.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
import testModels
module IRTest {

2
cpp/ql/test/library-tests/dataflow/parameters-without-defs/test.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
import semmle.code.cpp.dataflow.new.DataFlow
module ParamConfig implements DataFlow::ConfigSig {

2
cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
module AstTest {
private import semmle.code.cpp.dataflow.TaintTracking

389
cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp Normal file
View File

@@ -0,0 +1,389 @@
typedef void* HANDLE;
typedef long LONG;
typedef LONG HRESULT;
typedef const char* LPCTSTR;
typedef unsigned long DWORD;
typedef unsigned long ULONG;
typedef void* PVOID;
typedef void* LPVOID;
typedef bool BOOL;
typedef const void* LPCVOID;
typedef unsigned long long ULONGLONG;
typedef long long LONGLONG;
typedef unsigned long* ULONG_PTR;
typedef char *LPTSTR;
typedef DWORD* LPDWORD;
typedef ULONG REGSAM;
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;
typedef GUID* REFGUID;
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
typedef struct _FILETIME {
DWORD dwLowDateTime;
DWORD dwHighDateTime;
} FILETIME, *PFILETIME, *LPFILETIME;
using size_t = decltype(sizeof(int));
using SIZE_T = size_t;
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
union {
struct {
DWORD Offset;
DWORD OffsetHigh;
} DUMMYSTRUCTNAME;
PVOID Pointer;
} DUMMYUNIONNAME;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED);
using HKEY = void*;
class CAtlTransactionManager;
class CHandle {
CHandle() throw();
CHandle(CHandle& h) throw();
explicit CHandle(HANDLE h) throw();
};
struct CAtlFile : public CHandle {
CAtlFile() throw();
CAtlFile(CAtlTransactionManager* pTM) throw();
CAtlFile(CAtlFile& file) throw();
explicit CAtlFile(HANDLE hFile) throw();
HRESULT Create(
LPCTSTR szFilename,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
LPSECURITY_ATTRIBUTES lpsa,
HANDLE hTemplateFile) throw();
HRESULT Flush() throw();
HRESULT GetOverlappedResult(
LPOVERLAPPED pOverlapped,
DWORD& dwBytesTransferred,
BOOL bWait
) throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Seek(
LONGLONG nOffset,
DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
};
void test_CAtlFile() {
CAtlFile catFile;
char buffer[1024];
catFile.Read(buffer, 1024); // $ local_source
}
struct CAtlFileMappingBase {
CAtlFileMappingBase(CAtlFileMappingBase& orig);
CAtlFileMappingBase() throw();
~CAtlFileMappingBase() throw();
HRESULT CopyFrom(CAtlFileMappingBase& orig) throw();
void* GetData() const throw();
HANDLE GetHandle() throw ();
SIZE_T GetMappingSize() throw();
HRESULT MapFile(
HANDLE hFile,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT MapSharedMem(
SIZE_T nMappingSize,
LPCTSTR szName,
BOOL* pbAlreadyExisted,
LPSECURITY_ATTRIBUTES lpsa,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT OpenMapping(
LPCTSTR szName,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwViewDesiredAccess) throw();
HRESULT Unmap() throw();
};
template <typename T>
struct CAtlFileMapping : public CAtlFileMappingBase {
operator T*() const throw();
};
void test_CAtlFileMapping(CAtlFileMapping<char> mapping) {
char* data = static_cast<char*>(mapping); // $ local_source
void* data2 = mapping.GetData(); // $ local_source
}
struct CAtlTemporaryFile {
CAtlTemporaryFile() throw();
~CAtlTemporaryFile() throw();
HRESULT Close(LPCTSTR szNewName) throw();
HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw();
HRESULT Flush() throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT HandsOff() throw();
HRESULT HandsOn() throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
LPCTSTR TempFileName() throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
operator HANDLE() throw();
};
void test_CAtlTemporaryFile() {
CAtlTemporaryFile file;
char buffer[1024];
DWORD bytesRead;
file.Read(buffer, 1024, bytesRead); // $ local_source
}
struct CRegKey {
CRegKey() throw();
CRegKey(CRegKey& key) throw();
explicit CRegKey(HKEY hKey) throw();
CRegKey(CAtlTransactionManager* pTM) throw();
~CRegKey() throw();
void Attach(HKEY hKey) throw();
LONG Close() throw();
LONG Create(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPTSTR lpszClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecAttr,
LPDWORD lpdwDisposition) throw();
LONG DeleteSubKey(LPCTSTR lpszSubKey) throw();
LONG DeleteValue(LPCTSTR lpszValue) throw();
HKEY Detach() throw();
LONG EnumKey(
DWORD iIndex,
LPTSTR pszName,
LPDWORD pnNameLength,
FILETIME* pftLastWriteTime) throw();
LONG Flush() throw();
LONG GetKeySecurity(
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR psd,
LPDWORD pnBytes) throw();
LONG NotifyChangeKeyValue(
BOOL bWatchSubtree,
DWORD dwNotifyFilter,
HANDLE hEvent,
BOOL bAsync) throw();
LONG Open(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
REGSAM samDesired) throw();
LONG QueryBinaryValue(
LPCTSTR pszValueName,
void* pValue,
ULONG* pnBytes) throw();
LONG QueryDWORDValue(
LPCTSTR pszValueName,
DWORD& dwValue) throw();
LONG QueryGUIDValue(
LPCTSTR pszValueName,
GUID& guidValue) throw();
LONG QueryMultiStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryQWORDValue(
LPCTSTR pszValueName,
ULONGLONG& qwValue) throw();
LONG QueryStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryValue(
LPCTSTR pszValueName,
DWORD* pdwType,
void* pData,
ULONG* pnBytes) throw();
LONG QueryValue(
DWORD& dwValue,
LPCTSTR lpszValueName);
LONG QueryValue(
LPTSTR szValue,
LPCTSTR lpszValueName,
DWORD* pdwCount);
LONG RecurseDeleteKey(LPCTSTR lpszKey) throw();
LONG SetBinaryValue(
LPCTSTR pszValueName,
const void* pValue,
ULONG nBytes) throw();
LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw();
LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw();
LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw();
LONG SetKeyValue(
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName) throw();
LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw();
LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw();
LONG SetStringValue(
LPCTSTR pszValueName,
LPCTSTR pszValue,
DWORD dwType) throw();
LONG SetValue(
LPCTSTR pszValueName,
DWORD dwType,
const void* pValue,
ULONG nBytes) throw();
static LONG SetValue(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName);
LONG SetValue(
DWORD dwValue,
LPCTSTR lpszValueName);
LONG SetValue(
LPCTSTR lpszValue,
LPCTSTR lpszValueName,
bool bMulti,
int nValueLen);
operator HKEY() const throw();
CRegKey& operator= (CRegKey& key) throw();
HKEY m_hKey;
};
void test_CRegKey() {
CRegKey key;
char data[1024];
ULONG bytesRead;
key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source
DWORD value;
key.QueryDWORDValue("foo", value); // $ local_source
GUID guid;
key.QueryGUIDValue("foo", guid); // $ local_source
key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source
ULONGLONG qword;
key.QueryQWORDValue("foo", qword); // $ local_source
key.QueryStringValue("foo", data, &bytesRead); // $ local_source
key.QueryValue(data, "foo", &bytesRead); // $ local_source
DWORD type;
key.QueryValue("foo", &type, data, &bytesRead); // $ local_source
DWORD value2;
key.QueryValue(value2, "foo"); // $ local_source
}

2
cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql
View File

@@ -1,7 +1,7 @@
/** This tests that we are able to detect local flow sources. */
import cpp
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.security.FlowSources
module LocalFlowSourceTest implements TestSig {

2
cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql
View File

@@ -1,7 +1,7 @@
/** This tests that we are able to detect remote flow sources and sinks. */
import cpp
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.security.FlowSources
module RemoteFlowSourceTest implements TestSig {

900
cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp Normal file
View File

@@ -0,0 +1,900 @@
namespace {
template<typename T> T source();
template<typename T> T* indirect_source();
void sink(...);
}
typedef unsigned int UINT;
typedef long LONG;
typedef void* LPVOID;
typedef void* PVOID;
typedef bool BOOL;
typedef char* PSTR, *LPSTR;
typedef const char* LPCTSTR;
typedef unsigned short WORD;
typedef unsigned long DWORD;
typedef void* HANDLE;
typedef LONG HRESULT;
typedef unsigned long ULONG;
typedef const char* LPCSTR;
typedef wchar_t OLECHAR;
typedef OLECHAR* LPOLESTR;
typedef const LPOLESTR LPCOLESTR;
typedef OLECHAR* BSTR;
typedef wchar_t* LPWSTR, *PWSTR;
typedef BSTR* LPBSTR;
typedef unsigned short USHORT;
typedef char *LPTSTR;
struct __POSITION { int unused; };
typedef __POSITION* POSITION;
typedef WORD ATL_URL_PORT;
enum ATL_URL_SCHEME{
ATL_URL_SCHEME_UNKNOWN = -1,
ATL_URL_SCHEME_FTP = 0,
ATL_URL_SCHEME_GOPHER = 1,
ATL_URL_SCHEME_HTTP = 2,
ATL_URL_SCHEME_HTTPS = 3,
ATL_URL_SCHEME_FILE = 4,
ATL_URL_SCHEME_NEWS = 5,
ATL_URL_SCHEME_MAILTO = 6,
ATL_URL_SCHEME_SOCKS = 7
};
using HINSTANCE = void*;
using size_t = decltype(sizeof(int));
using SIZE_T = size_t;
#define NULL nullptr
typedef struct tagSAFEARRAYBOUND {
ULONG cElements;
LONG lLbound;
} SAFEARRAYBOUND, *LPSAFEARRAYBOUND;
typedef struct tagVARIANT {
/* ... */
} VARIANT;
typedef struct tagSAFEARRAY {
USHORT cDims;
USHORT fFeatures;
ULONG cbElements;
ULONG cLocks;
PVOID pvData;
SAFEARRAYBOUND rgsabound[1];
} SAFEARRAY, *LPSAFEARRAY;
struct _U_STRINGorID {
_U_STRINGorID(UINT nID);
_U_STRINGorID(LPCTSTR lpString);
LPCTSTR m_lpstr;
};
void test__U_STRINGorID() {
{
UINT x = source<UINT>();
_U_STRINGorID u(x);
sink(u.m_lpstr); // $ ir
}
{
LPCTSTR y = indirect_source<const char>();
_U_STRINGorID u(y);
sink(u.m_lpstr); // $ ir
}
}
template <int t_nBufferLength>
struct CA2AEX {
LPSTR m_psz;
char m_szBuffer[t_nBufferLength];
CA2AEX(LPCSTR psz, UINT nCodePage);
CA2AEX(LPCSTR psz);
~CA2AEX();
operator LPSTR() const throw();
};
void test_CA2AEX() {
{
LPSTR x = indirect_source<char>();
CA2AEX<128> a(x);
sink(static_cast<LPSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_szBuffer); // $ ir
}
{
LPSTR x = indirect_source<char>();
CA2AEX<128> a(x, 0);
sink(static_cast<LPSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_szBuffer); // $ ir
}
}
template<int t_nBufferLength>
struct CA2CAEX {
CA2CAEX(LPCSTR psz, UINT nCodePage) ;
CA2CAEX(LPCSTR psz) ;
~CA2CAEX() throw();
operator LPCSTR() const throw();
LPCSTR m_psz;
};
void test_CA2CAEX() {
LPCSTR x = indirect_source<char>();
{
CA2CAEX<128> a(x);
sink(static_cast<LPCSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
{
CA2CAEX<128> a(x, 0);
sink(static_cast<LPCSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
}
template <int t_nBufferLength>
struct CA2WEX {
CA2WEX(LPCSTR psz, UINT nCodePage) ;
CA2WEX(LPCSTR psz) ;
~CA2WEX() throw();
operator LPWSTR() const throw();
LPWSTR m_psz;
wchar_t m_szBuffer[t_nBufferLength];
};
void test_CA2WEX() {
LPCSTR x = indirect_source<char>();
{
CA2WEX<128> a(x);
sink(static_cast<LPWSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
{
CA2WEX<128> a(x, 0);
sink(static_cast<LPWSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
}
template<typename T>
struct CElementTraitsBase {
typedef const T& INARGTYPE;
typedef T& OUTARGTYPE;
static void CopyElements(T* pDest, const T* pSrc, size_t nElements);
static void RelocateElements(T* pDest, T* pSrc, size_t nElements);
};
template <typename T>
struct CDefaultElementTraits : public CElementTraitsBase<T> {};
template<typename T>
struct CElementTraits : public CDefaultElementTraits<T> {};
template<typename E, class ETraits = CElementTraits<E>>
struct CAtlArray {
using INARGTYPE = typename ETraits::INARGTYPE;
using OUTARGTYPE = typename ETraits::OUTARGTYPE;
CAtlArray() throw();
~CAtlArray() throw();
size_t Add(INARGTYPE element);
size_t Add();
size_t Append(const CAtlArray<E, ETraits>& aSrc);
void Copy(const CAtlArray<E, ETraits>& aSrc);
const E& GetAt(size_t iElement) const throw();
E& GetAt(size_t iElement) throw();
size_t GetCount() const throw();
E* GetData() throw();
const E* GetData() const throw();
void InsertArrayAt(size_t iStart, const CAtlArray<E, ETraits>* paNew);
void InsertAt(size_t iElement, INARGTYPE element, size_t nCount);
bool IsEmpty() const throw();
void RemoveAll() throw();
void RemoveAt(size_t iElement, size_t nCount);
void SetAt(size_t iElement, INARGTYPE element);
void SetAtGrow(size_t iElement, INARGTYPE element);
bool SetCount(size_t nNewSize, int nGrowBy);
E& operator[](size_t ielement) throw();
const E& operator[](size_t ielement) const throw();
};
void test_CAtlArray() {
int x = source<int>();
{
CAtlArray<int> a;
a.Add(x);
sink(a[0]); // $ ir
a.Add(0);
sink(a[0]); // $ ir
CAtlArray<int> a2;
sink(a2[0]);
a2.Append(a);
sink(a2[0]); // $ ir
CAtlArray<int> a3;
sink(a3[0]);
a3.Copy(a2);
sink(a3[0]); // $ ir
sink(a3.GetAt(0)); // $ ir
sink(*a3.GetData()); // $ ir
CAtlArray<int> a4;
sink(a4.GetAt(0));
a4.InsertArrayAt(0, &a3);
sink(a4.GetAt(0)); // $ ir
}
{
CAtlArray<int> a5;
a5.InsertAt(0, source<int>(), 1);
sink(a5[0]); // $ ir
CAtlArray<int> a6;
a6.SetAtGrow(0, source<int>());
sink(a6[0]); // $ ir
}
}
template<typename E, class ETraits = CElementTraits<E>>
struct CAtlList {
using INARGTYPE = typename ETraits::INARGTYPE;
CAtlList(UINT nBlockSize) throw();
~CAtlList() throw();
POSITION AddHead();
POSITION AddHead(INARGTYPE element);
void AddHeadList(const CAtlList<E, ETraits>* plNew);
POSITION AddTail();
POSITION AddTail(INARGTYPE element);
void AddTailList(const CAtlList<E, ETraits>* plNew);
POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw();
POSITION FindIndex(size_t iElement) const throw();
E& GetAt(POSITION pos) throw();
const E& GetAt(POSITION pos) const throw();
size_t GetCount() const throw();
E& GetHead() throw();
const E& GetHead() const throw();
POSITION GetHeadPosition() const throw();
E& GetNext(POSITION& pos) throw();
const E& GetNext(POSITION& pos) const throw();
E& GetPrev(POSITION& pos) throw();
const E& GetPrev(POSITION& pos) const throw();
E& GetTail() throw();
const E& GetTail() const throw();
POSITION GetTailPosition() const throw();
POSITION InsertAfter(POSITION pos, INARGTYPE element);
POSITION InsertBefore(POSITION pos, INARGTYPE element);
bool IsEmpty() const throw();
void MoveToHead(POSITION pos) throw();
void MoveToTail(POSITION pos) throw();
void RemoveAll() throw();
void RemoveAt(POSITION pos) throw();
E RemoveHead();
void RemoveHeadNoReturn() throw();
E RemoveTail();
void RemoveTailNoReturn() throw();
void SetAt(POSITION pos, INARGTYPE element);
void SwapElements(POSITION pos1, POSITION pos2) throw();
};
void test_CAtlList() {
int x = source<int>();
{
CAtlList<int> list(10);
sink(list.GetHead());
list.AddHead(x);
sink(list.GetHead()); // $ ir
CAtlList<int> list2(10);
list2.AddHeadList(&list);
sink(list2.GetHead()); // $ ir
CAtlList<int> list3(10);
list3.AddTail(x);
sink(list3.GetHead()); // $ ir
CAtlList<int> list4(10);
list4.AddTailList(&list3);
sink(list4.GetHead()); // $ ir
{
CAtlList<int> list5(10);
auto pos = list5.Find(x, list5.GetHeadPosition());
sink(list5.GetAt(pos)); // $ MISSING: ir
}
{
CAtlList<int> list6(10);
list6.AddHead(x);
auto pos = list6.FindIndex(0);
sink(list6.GetAt(pos)); // $ ir
}
{
CAtlList<int> list7(10);
auto pos = list7.GetTailPosition();
list7.InsertAfter(pos, x);
sink(list7.GetHead()); // $ ir
}
{
CAtlList<int> list8(10);
auto pos = list8.GetTailPosition();
list8.InsertBefore(pos, x);
sink(list8.GetHead()); // $ ir
}
{
CAtlList<int> list9(10);
list9.SetAt(list9.GetHeadPosition(), x);
sink(list9.GetHead()); // $ ir
}
}
int* p = indirect_source<int>();
{
CAtlList<int*> list(10);
sink(list.GetHead());
list.AddHead(p);
sink(list.GetHead()); // $ ir
CAtlList<int*> list2(10);
list2.AddHeadList(&list);
sink(list2.GetHead()); // $ ir
CAtlList<int*> list3(10);
list3.AddTail(p);
sink(list3.GetHead()); // $ ir
CAtlList<int*> list4(10);
list4.AddTailList(&list3);
sink(list4.GetHead()); // $ ir
{
CAtlList<int*> list5(10);
auto pos = list5.Find(p, list5.GetHeadPosition());
sink(list5.GetAt(pos)); // $ MISSING: ir
}
{
CAtlList<int*> list6(10);
list6.AddHead(p);
auto pos = list6.FindIndex(0);
sink(list6.GetAt(pos)); // $ ir
}
{
CAtlList<int*> list7(10);
auto pos = list7.GetTailPosition();
list7.InsertAfter(pos, p);
sink(list7.GetHead()); // $ ir
}
{
CAtlList<int*> list8(10);
auto pos = list8.GetTailPosition();
list8.InsertBefore(pos, p);
sink(list8.GetHead()); // $ ir
}
{
CAtlList<int*> list9(10);
list9.SetAt(list9.GetHeadPosition(), p);
sink(list9.GetHead()); // $ ir
}
}
}
struct IUnknown { };
struct ISequentialStream : public IUnknown { };
struct IStream : public ISequentialStream { };
struct CComBSTR {
CComBSTR() throw();
CComBSTR(const CComBSTR& src);
CComBSTR(int nSize);
CComBSTR(int nSize, LPCOLESTR sz);
CComBSTR(int nSize, LPCSTR sz);
CComBSTR(LPCOLESTR pSrc);
CComBSTR(LPCSTR pSrc);
CComBSTR(CComBSTR&& src) throw();
~CComBSTR();
HRESULT Append(const CComBSTR& bstrSrc) throw();
HRESULT Append(wchar_t ch) throw();
HRESULT Append(char ch) throw();
HRESULT Append(LPCOLESTR lpsz) throw();
HRESULT Append(LPCSTR lpsz) throw();
HRESULT Append(LPCOLESTR lpsz, int nLen) throw();
HRESULT AppendBSTR(BSTR p) throw();
HRESULT AppendBytes(const char* lpsz, int nLen) throw();
HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw();
HRESULT AssignBSTR(const BSTR bstrSrc) throw();
void Attach(BSTR src) throw();
HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw();
unsigned int ByteLength() const throw();
BSTR Copy() const throw();
HRESULT CopyTo(BSTR* pbstr) throw();
HRESULT CopyTo(VARIANT* pvarDest) throw();
BSTR Detach() throw();
void Empty() throw();
unsigned int Length() const throw();
bool LoadString(HINSTANCE hInst, UINT nID) throw();
bool LoadString(UINT nID) throw();
HRESULT ReadFromStream(IStream* pStream) throw();
HRESULT ToUpper() throw();
HRESULT WriteToStream(IStream* pStream) throw();
operator BSTR() const throw();
BSTR* operator&() throw();
CComBSTR& operator+= (const CComBSTR& bstrSrc);
CComBSTR& operator+= (const LPCOLESTR pszSrc);
BSTR m_str;
};
LPSAFEARRAY getSafeArray() {
SAFEARRAY* safe = new SAFEARRAY;
safe->pvData = indirect_source<char>();
return safe;
}
void test_CComBSTR() {
char* x = indirect_source<char>();
{
CComBSTR b(x);
sink(b.m_str); // $ ir
CComBSTR b2(b);
sink(b2.m_str); // $ ir
}
{
CComBSTR b(10, x);
sink(b.m_str); // $ ir
}
{
CComBSTR b(x);
CComBSTR b2;
sink(b2.m_str);
b2 += b;
sink(b2.m_str); // $ ir
CComBSTR b3;
b3 += x;
sink(b3.m_str); // $ ir
sink(static_cast<BSTR>(b3)); // $ ir
sink(**&b3); // $ ir
CComBSTR b4;
b4.Append(source<char>());
sink(b4.m_str); // $ ir
CComBSTR b5;
b5.AppendBSTR(b4.m_str);
sink(b5.m_str); // $ ir
CComBSTR b6;
b6.AppendBytes(x, 10);
sink(b6.m_str); // $ ir
CComBSTR b7;
b7.ArrayToBSTR(getSafeArray());
sink(b7.m_str); // $ ir
CComBSTR b8;
b8.AssignBSTR(b7.m_str);
sink(b8.m_str); // $ ir
CComBSTR b9;
LPSAFEARRAY safe;
b9.Append(source<char>());
b9.BSTRToArray(&safe);
sink(safe->pvData); // $ ir
sink(b9.Copy()); // $ ir
}
wchar_t* w = indirect_source<wchar_t>();
{
CComBSTR b(w);
sink(b.m_str); // $ ir
CComBSTR b2;
b2.Attach(w);
sink(b2.m_str); // $ ir
}
{
CComBSTR b(10, w);
sink(b.m_str); // $ ir
}
}
template <typename T>
struct CComSafeArray {
CComSafeArray();
CComSafeArray(const SAFEARRAYBOUND& bound);
CComSafeArray(ULONG ulCount, LONG lLBound);
CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims);
CComSafeArray(const CComSafeArray& saSrc);
CComSafeArray(const SAFEARRAY& saSrc);
CComSafeArray(const SAFEARRAY* psaSrc);
~CComSafeArray() throw();
HRESULT Add(const SAFEARRAY* psaSrc);
HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy);
HRESULT Add(const T& t, BOOL bCopy);
HRESULT Attach(const SAFEARRAY* psaSrc);
HRESULT CopyFrom(LPSAFEARRAY* ppArray);
HRESULT CopyTo(LPSAFEARRAY* ppArray);
HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims);
HRESULT Create(ULONG ulCount, LONG lLBound);
HRESULT Destroy();
LPSAFEARRAY Detach();
T& GetAt(LONG lIndex) const;
ULONG GetCount(UINT uDim) const;
UINT GetDimensions() const;
LONG GetLowerBound(UINT uDim) const;
LPSAFEARRAY GetSafeArrayPtr() throw();
LONG GetUpperBound(UINT uDim) const;
bool IsSizable() const;
HRESULT MultiDimGetAt(const LONG* alIndex, T& t);
HRESULT MultiDimSetAt(const LONG* alIndex, const T& t);
HRESULT Resize(const SAFEARRAYBOUND* pBound);
HRESULT Resize(ULONG ulCount, LONG lLBound);
HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy);
operator LPSAFEARRAY() const;
T& operator[](long lindex) const;
T& operator[](int nindex) const;
LPSAFEARRAY m_psa;
};
void test_CComSafeArray() {
LPSAFEARRAY safe = getSafeArray();
sink(safe->pvData); // $ ir
{
CComSafeArray<int> c(safe);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
sink(c.m_psa->pvData); // $ ir
}
{
CComSafeArray<int> c;
sink(c[0]);
sink(c.GetAt(0));
sink(c.GetSafeArrayPtr()->pvData);
c.Add(safe);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
sink(static_cast<LPSAFEARRAY>(c)->pvData); // $ ir
}
{
CComSafeArray<int> c;
c.Add(source<int>(), true);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
}
{
CComSafeArray<int> c;
c.SetAt(0, source<int>(), true);
sink(c[0]); // $ ir
sink(c[0L]); // $ ir
}
}
template <typename StringType>
struct CPathT {
typedef StringType PCXSTR; // simplified
CPathT(PCXSTR pszPath);
CPathT(const CPathT<StringType>& path);
CPathT() throw();
void AddBackslash();
BOOL AddExtension(PCXSTR pszExtension);
BOOL Append(PCXSTR pszMore);
void BuildRoot(int iDrive);
void Canonicalize();
void Combine(PCXSTR pszDir, PCXSTR pszFile);
CPathT<StringType> CommonPrefix(PCXSTR pszOther);
BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags);
BOOL FileExists() const;
int FindExtension() const;
int FindFileName() const;
int GetDriveNumber() const;
StringType GetExtension() const;
BOOL IsDirectory() const;
BOOL IsFileSpec() const;
BOOL IsPrefix(PCXSTR pszPrefix) const;
BOOL IsRelative() const;
BOOL IsRoot() const;
BOOL IsSameRoot(PCXSTR pszOther) const;
BOOL IsUNC() const;
BOOL IsUNCServer() const;
BOOL IsUNCServerShare() const;
BOOL MakePretty();
BOOL MatchSpec(PCXSTR pszSpec) const;
void QuoteSpaces();
BOOL RelativePathTo(
PCXSTR pszFrom,
DWORD dwAttrFrom,
PCXSTR pszTo,
DWORD dwAttrTo);
void RemoveArgs();
void RemoveBackslash();
void RemoveBlanks();
void RemoveExtension();
BOOL RemoveFileSpec();
BOOL RenameExtension(PCXSTR pszExtension);
int SkipRoot() const;
void StripPath();
BOOL StripToRoot();
void UnquoteSpaces();
operator const StringType&() const throw();
operator PCXSTR() const throw();
operator StringType&() throw();
CPathT<StringType>& operator+=(PCXSTR pszMore);
StringType m_strPath;
};
using CPath = CPathT<char*>;
void test_CPathT() {
char* x = indirect_source<char>();
CPath p(x);
sink(static_cast<char*>(p)); // $ MISSING: ir
sink(p.m_strPath); // $ ir
CPath p2(p);
sink(p2.m_strPath); // $ ir
{
CPath p;
p.AddExtension(x);
sink(p.m_strPath); // $ ir
}
{
CPath p;
p.Append(x);
sink(p.m_strPath); // $ ir
CPath p2;
p2 += p;
sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD
CPath p3;
p3 += x;
sink(p3.m_strPath); // $ ir
}
{
CPath p;
p.Combine(x, nullptr);
sink(p.m_strPath); // $ ir
}
{
CPath p;
p.Combine(nullptr, x);
sink(p.m_strPath); // $ ir
}
{
CPath p;
auto p2 = p.CommonPrefix(x);
sink(p2.m_strPath); // $ ir
sink(p2.GetExtension()); // $ ir
}
}
template <class T>
struct CSimpleArray {
CSimpleArray(const CSimpleArray<T>& src);
CSimpleArray();
~CSimpleArray();
BOOL Add(const T& t);
int Find(const T& t) const;
T* GetData() const;
int GetSize() const;
BOOL Remove(const T& t);
void RemoveAll();
BOOL RemoveAt(int nIndex);
BOOL SetAtIndex(
int nIndex,
const T& t);
T& operator[](int nindex);
CSimpleArray<T> & operator=(const CSimpleArray<T>& src);
};
void test_CSimpleArray() {
int x = source<int>();
{
CSimpleArray<int> a;
a.Add(x);
sink(a[0]); // $ ir
a.Add(0);
sink(a[0]); // $ ir
CSimpleArray<int> a2;
sink(a2[0]);
a2 = a;
sink(a2[0]); // $ ir
}
{
CSimpleArray<int> a;
a.Add(x);
sink(a.GetData()); // $ ir
CSimpleArray<int> a2;
int pos = a2.Find(x);
sink(a2[pos]); // $ MISSING: ir
}
}
template <class TKey, class TVal>
struct CSimpleMap {
CSimpleMap();
~CSimpleMap();
BOOL Add(const TKey& key, const TVal& val);
int FindKey(const TKey& key) const;
int FindVal(const TVal& val) const;
TKey& GetKeyAt(int nIndex) const;
int GetSize() const;
TVal& GetValueAt(int nIndex) const;
TVal Lookup(const TKey& key) const;
BOOL Remove(const TKey& key);
void RemoveAll();
BOOL RemoveAt(int nIndex);
TKey ReverseLookup(const TVal& val) const;
BOOL SetAt(const TKey& key, const TVal& val);
BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val);
};
void test_CSimpleMap() {
wchar_t* x = source<wchar_t*>();
{
CSimpleMap<char*, wchar_t*> a;
a.Add("hello", x);
sink(a.Lookup("hello")); // $ ir
}
{
CSimpleMap<char*, wchar_t*> a;
auto pos = a.FindKey("hello");
sink(a.GetValueAt(pos)); // clean
}
{
CSimpleMap<char*, wchar_t*> a;
auto pos = a.FindVal(x);
sink(a.GetValueAt(pos)); // $ MISSING: ir
}
{
CSimpleMap<char*, wchar_t*> a;
auto key = a.ReverseLookup(x);
sink(key);
sink(a.Lookup(key)); // $ MISSING: ir
}
{
CSimpleMap<char*, wchar_t*> a;
a.SetAt("hello", x);
sink(a.Lookup("hello")); // $ ir
}
{
CSimpleMap<char*, wchar_t*> a;
a.SetAtIndex(0, "hello", x);
sink(a.Lookup("hello")); // $ ir
}
}
struct CUrl {
CUrl& operator= (const CUrl& urlThat) throw();
CUrl() throw();
CUrl(const CUrl& urlThat) throw();
~CUrl() throw();
inline BOOL Canonicalize(DWORD dwFlags) throw();
inline void Clear() throw();
BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw();
inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw();
inline LPCTSTR GetExtraInfo() const throw();
inline DWORD GetExtraInfoLength() const throw();
inline LPCTSTR GetHostName() const throw();
inline DWORD GetHostNameLength() const throw();
inline LPCTSTR GetPassword() const throw();
inline DWORD GetPasswordLength() const throw();
inline ATL_URL_PORT GetPortNumber() const throw();
inline ATL_URL_SCHEME GetScheme() const throw();
inline LPCTSTR GetSchemeName() const throw();
inline DWORD GetSchemeNameLength() const throw();
inline DWORD GetUrlLength() const throw();
inline LPCTSTR GetUrlPath() const throw();
inline DWORD GetUrlPathLength() const throw();
inline LPCTSTR GetUserName() const throw();
inline DWORD GetUserNameLength() const throw();
inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw();
inline BOOL SetHostName(LPCTSTR lpszHost) throw();
inline BOOL SetPassword(LPCTSTR lpszPass) throw();
inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw();
inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw();
inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw();
inline BOOL SetUrlPath(LPCTSTR lpszPath) throw();
inline BOOL SetUserName(LPCTSTR lpszUser) throw();
};
void test_CUrl() {
char* x = indirect_source<char>();
CUrl url;
url.CrackUrl(x, 0);
sink(url); // $ ir
sink(url.GetExtraInfo()); // $ ir
sink(url.GetHostName()); // $ ir
sink(url.GetPassword()); // $ ir
sink(url.GetSchemeName()); // $ ir
sink(url.GetUrlPath()); // $ ir
sink(url.GetUserName()); // $ ir
{
CUrl url2;
DWORD len;
char buffer[1024];
url2.CrackUrl(x, 0);
url2.CreateUrl(buffer, &len, 0);
sink(buffer); // $ ast ir
}
{
CUrl url2;
url2.SetExtraInfo(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetHostName(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetPassword(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetSchemeName(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetUrlPath(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetUserName(x);
sink(url2); // $ ir
}
}

806
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -140,6 +140,812 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
| arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT |
| arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | |
| arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT |
| atl.cpp:33:30:33:30 | 1 | atl.cpp:33:29:33:30 | - ... | TAINT |
| atl.cpp:77:14:77:25 | call to source | atl.cpp:78:21:78:21 | x | |
| atl.cpp:78:21:78:21 | x | atl.cpp:78:21:78:22 | call to _U_STRINGorID | TAINT |
| atl.cpp:78:21:78:22 | call to _U_STRINGorID | atl.cpp:79:10:79:10 | u | |
| atl.cpp:83:17:83:43 | call to indirect_source | atl.cpp:84:21:84:21 | y | |
| atl.cpp:84:21:84:21 | y | atl.cpp:84:21:84:22 | call to _U_STRINGorID | TAINT |
| atl.cpp:84:21:84:22 | call to _U_STRINGorID | atl.cpp:85:10:85:10 | u | |
| atl.cpp:104:15:104:35 | call to indirect_source | atl.cpp:105:19:105:19 | x | |
| atl.cpp:105:19:105:19 | x | atl.cpp:105:19:105:20 | call to CA2AEX | TAINT |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:106:29:106:29 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:109:3:109:3 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:107:10:107:10 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:108:10:108:10 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:109:3:109:3 | a | |
| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:10:108:10 | a | |
| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:109:3:109:3 | a | |
| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:3:109:3 | a | |
| atl.cpp:112:15:112:35 | call to indirect_source | atl.cpp:113:19:113:19 | x | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:114:29:114:29 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:117:3:117:3 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:115:10:115:10 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:116:10:116:10 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:117:3:117:3 | a | |
| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:10:116:10 | a | |
| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:117:3:117:3 | a | |
| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:3:117:3 | a | |
| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:132:20:132:20 | x | |
| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:138:20:138:20 | x | |
| atl.cpp:132:20:132:20 | x | atl.cpp:132:20:132:21 | call to CA2CAEX | TAINT |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:133:30:133:30 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:136:3:136:3 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:139:30:139:30 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:142:3:142:3 | a | |
| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:158:19:158:19 | x | |
| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:164:19:164:19 | x | |
| atl.cpp:158:19:158:19 | x | atl.cpp:158:19:158:20 | call to CA2WEX | TAINT |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:159:30:159:30 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:162:3:162:3 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:160:10:160:10 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:161:10:161:10 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:162:3:162:3 | a | |
| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:10:161:10 | a | |
| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:162:3:162:3 | a | |
| atl.cpp:160:12:160:16 | ref arg m_psz | atl.cpp:161:12:161:16 | m_psz | |
| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:3:162:3 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:165:30:165:30 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:168:3:168:3 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:166:10:166:10 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:167:10:167:10 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:168:3:168:3 | a | |
| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:10:167:10 | a | |
| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:168:3:168:3 | a | |
| atl.cpp:166:12:166:16 | ref arg m_psz | atl.cpp:167:12:167:16 | m_psz | |
| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:3:168:3 | a | |
| atl.cpp:216:11:216:21 | call to source | atl.cpp:220:11:220:11 | x | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:220:5:220:5 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:221:10:221:10 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:222:5:222:5 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:223:10:223:10 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:227:15:227:15 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:242:3:242:3 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:221:10:221:10 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:222:5:222:5 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:222:5:222:5 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:226:10:226:11 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:227:5:227:6 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:227:5:227:6 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:231:10:231:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:232:5:232:6 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:232:5:232:6 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:236:14:236:20 | call to GetData | atl.cpp:236:10:236:22 | * ... | TAINT |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:239:10:239:11 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:240:5:240:6 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:240:5:240:6 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:240:26:240:27 | a3 | atl.cpp:240:25:240:27 | & ... | |
| atl.cpp:241:10:241:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:245:5:245:6 | a5 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:246:10:246:11 | a5 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:246:10:246:11 | a5 | |
| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:246:10:246:11 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:249:5:249:6 | a6 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:250:10:250:11 | a6 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:250:10:250:11 | a6 | |
| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:250:10:250:11 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:300:18:300:18 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:308:19:308:19 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:317:29:317:29 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:323:21:323:21 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | |
| atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:301:10:301:13 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:304:24:304:27 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:346:3:346:3 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:300:5:300:8 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:301:10:301:13 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:301:10:301:13 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:303:25:303:26 | 10 | atl.cpp:303:25:303:27 | call to CAtlList | TAINT |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:304:5:304:9 | list2 | |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:305:10:305:14 | list2 | |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:305:10:305:14 | list2 | |
| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:304:24:304:27 | list | atl.cpp:304:23:304:27 | & ... | |
| atl.cpp:305:10:305:14 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:307:25:307:26 | 10 | atl.cpp:307:25:307:27 | call to CAtlList | TAINT |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:308:5:308:9 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:309:10:309:14 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:309:10:309:14 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:311:25:311:26 | 10 | atl.cpp:311:25:311:27 | call to CAtlList | TAINT |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:312:5:312:9 | list4 | |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:313:10:313:14 | list4 | |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:313:10:313:14 | list4 | |
| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:312:24:312:28 | list3 | atl.cpp:312:23:312:28 | & ... | |
| atl.cpp:313:10:313:14 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:316:27:316:28 | 10 | atl.cpp:316:27:316:29 | call to CAtlList | TAINT |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:18:317:22 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:32:317:36 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:317:24:317:27 | call to Find | atl.cpp:318:24:318:26 | pos | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:317:18:317:22 | list5 | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:318:12:318:16 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:322:27:322:28 | 10 | atl.cpp:322:27:322:29 | call to CAtlList | TAINT |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:323:7:323:11 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:324:18:324:22 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:324:18:324:22 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:324:24:324:32 | call to FindIndex | atl.cpp:325:24:325:26 | pos | |
| atl.cpp:325:12:325:16 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:329:27:329:28 | 10 | atl.cpp:329:27:329:29 | call to CAtlList | TAINT |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:330:18:330:22 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:331:7:331:11 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:331:7:331:11 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:330:24:330:38 | call to GetTailPosition | atl.cpp:331:25:331:27 | pos | |
| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:332:12:332:16 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:336:27:336:28 | 10 | atl.cpp:336:27:336:29 | call to CAtlList | TAINT |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:337:18:337:22 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:338:7:338:11 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:338:7:338:11 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:337:24:337:38 | call to GetTailPosition | atl.cpp:338:26:338:28 | pos | |
| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:339:12:339:16 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:342:27:342:28 | 10 | atl.cpp:342:27:342:29 | call to CAtlList | TAINT |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:7:343:11 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:19:343:23 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:343:7:343:11 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:352:18:352:18 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:360:19:360:19 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:369:29:369:29 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:375:21:375:21 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:383:30:383:30 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:390:31:390:31 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:395:44:395:44 | p | |
| atl.cpp:350:25:350:26 | 10 | atl.cpp:350:25:350:27 | call to CAtlList | TAINT |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:351:10:351:13 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:352:5:352:8 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:353:10:353:13 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:356:24:356:27 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:398:3:398:3 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:353:10:353:13 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:355:26:355:27 | 10 | atl.cpp:355:26:355:28 | call to CAtlList | TAINT |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | |
| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | |
| atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:359:26:359:27 | 10 | atl.cpp:359:26:359:28 | call to CAtlList | TAINT |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:363:26:363:27 | 10 | atl.cpp:363:26:363:28 | call to CAtlList | TAINT |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | |
| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | |
| atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:368:28:368:29 | 10 | atl.cpp:368:28:368:30 | call to CAtlList | TAINT |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:369:18:369:22 | list5 | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:374:28:374:29 | 10 | atl.cpp:374:28:374:30 | call to CAtlList | TAINT |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | |
| atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:381:28:381:29 | 10 | atl.cpp:381:28:381:30 | call to CAtlList | TAINT |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:382:24:382:38 | call to GetTailPosition | atl.cpp:383:25:383:27 | pos | |
| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:388:28:388:29 | 10 | atl.cpp:388:28:388:30 | call to CAtlList | TAINT |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:389:24:389:38 | call to GetTailPosition | atl.cpp:390:26:390:28 | pos | |
| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:394:28:394:29 | 10 | atl.cpp:394:28:394:30 | call to CAtlList | TAINT |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:396:12:396:16 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:454:21:454:33 | new | atl.cpp:455:3:455:6 | safe | |
| atl.cpp:454:21:454:33 | new | atl.cpp:456:10:456:13 | safe | |
| atl.cpp:455:3:455:6 | safe [post update] | atl.cpp:456:10:456:13 | safe | |
| atl.cpp:455:3:455:40 | ... = ... | atl.cpp:455:9:455:14 | pvData [post update] | |
| atl.cpp:455:18:455:38 | call to indirect_source | atl.cpp:455:3:455:40 | ... = ... | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:462:16:462:16 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:469:20:469:20 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:473:16:473:16 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:481:11:481:11 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:495:20:495:20 | x | |
| atl.cpp:462:16:462:16 | x | atl.cpp:462:16:462:17 | call to CComBSTR | TAINT |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:463:10:463:10 | b | |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:465:17:465:17 | b | |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:467:3:467:3 | b | |
| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:465:17:465:17 | b | |
| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:467:3:467:3 | b | |
| atl.cpp:463:12:463:16 | ref arg m_str | atl.cpp:466:13:466:17 | m_str | |
| atl.cpp:465:17:465:17 | b | atl.cpp:465:17:465:18 | call to CComBSTR | |
| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:466:10:466:11 | b2 | |
| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:467:3:467:3 | b2 | |
| atl.cpp:466:10:466:11 | b2 [post update] | atl.cpp:467:3:467:3 | b2 | |
| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:470:10:470:10 | b | |
| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:471:3:471:3 | b | |
| atl.cpp:470:10:470:10 | b [post update] | atl.cpp:471:3:471:3 | b | |
| atl.cpp:473:16:473:16 | x | atl.cpp:473:16:473:17 | call to CComBSTR | TAINT |
| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:477:11:477:11 | b | |
| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:513:3:513:3 | b | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:476:10:476:11 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:477:5:477:6 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:477:5:477:6 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:476:13:476:17 | ref arg m_str | atl.cpp:478:13:478:17 | m_str | |
| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:478:10:478:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:481:5:481:6 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:482:10:482:11 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:482:10:482:11 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:481:11:481:11 | x | atl.cpp:481:11:481:11 | call to CComBSTR | TAINT |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:484:11:484:14 | * ... | atl.cpp:484:10:484:14 | * ... | TAINT |
| atl.cpp:484:12:484:12 | call to operator& | atl.cpp:484:11:484:14 | * ... | TAINT |
| atl.cpp:484:13:484:14 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:487:5:487:6 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:488:10:488:11 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:488:10:488:11 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:488:13:488:17 | ref arg m_str | atl.cpp:491:22:491:26 | m_str | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:491:5:491:6 | b5 | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:492:10:492:11 | b5 | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:492:10:492:11 | b5 | |
| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:491:19:491:20 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:492:10:492:11 | b5 [post update] | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:495:5:495:6 | b6 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:496:10:496:11 | b6 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:496:10:496:11 | b6 | |
| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:496:10:496:11 | b6 [post update] | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:499:5:499:6 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:500:10:500:11 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:500:10:500:11 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:500:13:500:17 | ref arg m_str | atl.cpp:503:22:503:26 | m_str | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:503:5:503:6 | b8 | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:504:10:504:11 | b8 | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:504:10:504:11 | b8 | |
| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:503:19:503:20 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:504:10:504:11 | b8 [post update] | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe | |
| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:509:21:509:24 | safe [inner post update] | |
| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:510:10:510:13 | safe | |
| atl.cpp:509:21:509:24 | safe | atl.cpp:509:20:509:24 | & ... | |
| atl.cpp:512:10:512:11 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:517:16:517:16 | w | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:521:15:521:15 | w | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:525:20:525:20 | w | |
| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:521:15:521:15 | w | |
| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:525:20:525:20 | w | |
| atl.cpp:517:16:517:16 | w | atl.cpp:517:16:517:17 | call to CComBSTR | TAINT |
| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:518:10:518:10 | b | |
| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:523:3:523:3 | b | |
| atl.cpp:518:10:518:10 | b [post update] | atl.cpp:523:3:523:3 | b | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:521:5:521:6 | b2 | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:522:10:522:11 | b2 | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:522:10:522:11 | b2 | |
| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:521:15:521:15 | ref arg w | atl.cpp:525:20:525:20 | w | |
| atl.cpp:522:10:522:11 | b2 [post update] | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:526:10:526:10 | b | |
| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:527:3:527:3 | b | |
| atl.cpp:526:10:526:10 | b [post update] | atl.cpp:527:3:527:3 | b | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:573:8:573:11 | safe | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:575:24:575:27 | safe | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:586:11:586:14 | safe | |
| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:575:24:575:27 | safe | |
| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:586:11:586:14 | safe | |
| atl.cpp:575:24:575:27 | safe | atl.cpp:575:24:575:28 | call to CComSafeArray | TAINT |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:580:3:580:3 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:579:8:579:8 | c [post update] | atl.cpp:580:3:580:3 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:586:5:586:5 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:590:35:590:35 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:591:3:591:3 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:590:35:590:35 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:594:5:594:5 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:598:3:598:3 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:595:10:595:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:596:10:596:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:601:5:601:5 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:604:3:604:3 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:602:10:602:10 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:603:10:603:10 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:10:603:10 | c | |
| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:666:11:666:11 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:675:20:675:20 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:680:14:680:14 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:688:11:688:11 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:694:15:694:15 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:699:24:699:24 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:705:30:705:30 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:675:20:675:20 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:680:14:680:14 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:666:11:666:11 | x | atl.cpp:666:11:666:12 | call to CPathT | TAINT |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:667:27:667:27 | p | |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:668:8:668:8 | p | |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:670:12:670:12 | p | |
| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:668:8:668:8 | p | |
| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:670:12:670:12 | p | |
| atl.cpp:668:8:668:8 | p [post update] | atl.cpp:670:12:670:12 | p | |
| atl.cpp:668:10:668:18 | ref arg m_strPath | atl.cpp:671:11:671:19 | m_strPath | |
| atl.cpp:670:12:670:12 | p | atl.cpp:670:12:670:13 | call to CPathT | |
| atl.cpp:670:12:670:13 | call to CPathT | atl.cpp:671:8:671:9 | p2 | |
| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:675:5:675:5 | p | |
| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:676:10:676:10 | p | |
| atl.cpp:675:5:675:5 | ref arg p | atl.cpp:676:10:676:10 | p | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:680:14:680:14 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | |
| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | |
| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | |
| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | |
| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:685:10:685:11 | p2 | |
| atl.cpp:684:5:684:6 | ref arg p2 | atl.cpp:685:10:685:11 | p2 | |
| atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT |
| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | |
| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:689:10:689:11 | p3 | |
| atl.cpp:688:5:688:6 | ref arg p3 | atl.cpp:689:10:689:11 | p3 | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:688:11:688:11 | x | atl.cpp:688:8:688:8 | call to operator+= | TAINT |
| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:694:5:694:5 | p | |
| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:695:10:695:10 | p | |
| atl.cpp:694:5:694:5 | ref arg p | atl.cpp:695:10:695:10 | p | |
| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:699:5:699:5 | p | |
| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:700:10:700:10 | p | |
| atl.cpp:699:5:699:5 | ref arg p | atl.cpp:700:10:700:10 | p | |
| atl.cpp:699:24:699:24 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:704:11:704:11 | call to CPathT | atl.cpp:705:15:705:15 | p | |
| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | |
| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | |
| atl.cpp:706:10:706:11 | p2 [post update] | atl.cpp:707:10:707:11 | p2 | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:737:11:737:11 | x | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:749:11:749:11 | x | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:753:23:753:23 | x | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:737:5:737:5 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:738:10:738:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:739:5:739:5 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:740:10:740:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:744:10:744:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:746:3:746:3 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:738:10:738:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:739:5:739:5 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:739:5:739:5 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:743:10:743:11 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:744:5:744:6 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:744:5:744:6 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:744:10:744:10 | a | atl.cpp:744:5:744:6 | ref arg a2 | TAINT |
| atl.cpp:744:10:744:10 | a | atl.cpp:744:8:744:8 | call to operator= | TAINT |
| atl.cpp:745:10:745:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:749:5:749:5 | a | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:750:10:750:10 | a | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:755:3:755:3 | a | |
| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:750:10:750:10 | a | |
| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:755:3:755:3 | a | |
| atl.cpp:750:10:750:10 | ref arg a | atl.cpp:755:3:755:3 | a | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:753:15:753:16 | a2 | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:754:10:754:11 | a2 | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:755:3:755:3 | a2 | |
| atl.cpp:753:18:753:21 | call to Find | atl.cpp:754:13:754:15 | pos | |
| atl.cpp:754:10:754:11 | ref arg a2 | atl.cpp:755:3:755:3 | a2 | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:782:20:782:20 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:792:26:792:26 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:797:32:797:32 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:803:22:803:22 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:808:30:808:30 | x | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:782:5:782:5 | a | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:783:10:783:10 | a | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:784:3:784:3 | a | |
| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:783:10:783:10 | a | |
| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:784:3:784:3 | a | |
| atl.cpp:783:10:783:10 | ref arg a | atl.cpp:784:3:784:3 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:787:16:787:16 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:788:10:788:10 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:789:3:789:3 | a | |
| atl.cpp:787:18:787:24 | call to FindKey | atl.cpp:788:23:788:25 | pos | |
| atl.cpp:788:10:788:10 | ref arg a | atl.cpp:789:3:789:3 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:792:16:792:16 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:793:10:793:10 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:794:3:794:3 | a | |
| atl.cpp:792:18:792:24 | call to FindVal | atl.cpp:793:23:793:25 | pos | |
| atl.cpp:793:10:793:10 | ref arg a | atl.cpp:794:3:794:3 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:797:16:797:16 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:799:10:799:10 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:800:3:800:3 | a | |
| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:799:10:799:10 | a | |
| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:800:3:800:3 | a | |
| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:798:10:798:12 | key | |
| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:799:19:799:21 | key | |
| atl.cpp:798:10:798:12 | ref arg key | atl.cpp:799:19:799:21 | key | |
| atl.cpp:799:10:799:10 | ref arg a | atl.cpp:800:3:800:3 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:803:5:803:5 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:804:10:804:10 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:805:3:805:3 | a | |
| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:804:10:804:10 | a | |
| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:805:3:805:3 | a | |
| atl.cpp:804:10:804:10 | ref arg a | atl.cpp:805:3:805:3 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:808:5:808:5 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:809:10:809:10 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:810:3:810:3 | a | |
| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:809:10:809:10 | a | |
| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:810:3:810:3 | a | |
| atl.cpp:809:10:809:10 | ref arg a | atl.cpp:810:3:810:3 | a | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:853:16:853:16 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:866:19:866:19 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:872:23:872:23 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:877:22:877:22 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:882:22:882:22 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:887:24:887:24 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:892:21:892:21 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:897:22:897:22 | x | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:853:3:853:5 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:854:8:854:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:855:8:855:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:856:8:856:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:857:8:857:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:858:8:858:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:859:8:859:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:860:8:860:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:900:1:900:1 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:854:8:854:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:855:8:855:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:856:8:856:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:857:8:857:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:858:8:858:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:859:8:859:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:860:8:860:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:900:1:900:1 | url | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:869:3:869:3 | url2 | |
| atl.cpp:864:11:864:13 | len | atl.cpp:867:29:867:31 | len | |
| atl.cpp:865:10:865:15 | buffer | atl.cpp:867:20:867:25 | buffer | |
| atl.cpp:865:10:865:15 | buffer | atl.cpp:868:10:868:15 | buffer | |
| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:867:5:867:8 | url2 | |
| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:869:3:869:3 | url2 | |
| atl.cpp:867:20:867:25 | ref arg buffer | atl.cpp:868:10:868:15 | buffer | |
| atl.cpp:867:28:867:31 | ref arg & ... | atl.cpp:867:29:867:31 | len [inner post update] | |
| atl.cpp:867:29:867:31 | len | atl.cpp:867:28:867:31 | & ... | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:872:5:872:8 | url2 | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:873:10:873:13 | url2 | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:874:3:874:3 | url2 | |
| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:873:10:873:13 | url2 | |
| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:874:3:874:3 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:877:5:877:8 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:878:10:878:13 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:879:3:879:3 | url2 | |
| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:878:10:878:13 | url2 | |
| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:879:3:879:3 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:882:5:882:8 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:883:10:883:13 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:884:3:884:3 | url2 | |
| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:883:10:883:13 | url2 | |
| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:884:3:884:3 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:887:5:887:8 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:888:10:888:13 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:889:3:889:3 | url2 | |
| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:888:10:888:13 | url2 | |
| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:889:3:889:3 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:892:5:892:8 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:893:10:893:13 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:894:3:894:3 | url2 | |
| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:893:10:893:13 | url2 | |
| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:894:3:894:3 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:897:5:897:8 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:898:10:898:13 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:899:3:899:3 | url2 | |
| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:898:10:898:13 | url2 | |
| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:899:3:899:3 | url2 | |
| bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | |
| bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | |
| bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | |

2
cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
View File

@@ -1,4 +1,4 @@
import TestUtilities.dataflow.FlowTestCommon
import utils.test.dataflow.FlowTestCommon
module TaintModels {
class SetMemberFunction extends TaintFunction {

679
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
View File

@@ -1,4 +1,91 @@
signatureMatches
| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 |
| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 |
| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 |
| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:415:3:415:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 |
| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 |
| atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 |
| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | Append | 0 |
| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 |
| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| atl.cpp:425:11:425:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 |
| atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray<T> | Add | 0 |
| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray<T> | Add | 1 |
| atl.cpp:763:8:763:10 | Add | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:763:8:763:10 | Add | (const forward_list &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:763:8:763:10 | Add | (const list &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:763:8:763:10 | Add | (const vector &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:763:8:763:10 | Add | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:763:8:763:10 | Add | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:763:8:763:10 | Add | (list &&,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:763:8:763:10 | Add | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const forward_list &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const list &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const vector &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:774:8:774:12 | SetAt | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:774:8:774:12 | SetAt | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (list &&,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque<T,Allocator> | deque<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list<T,Allocator> | forward_list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list<T,Allocator> | list<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque<T,Allocator> | deque | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list<T,Allocator> | forward_list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list<T,Allocator> | list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector<T,Allocator> | vector | 2 |
| atl.cpp:840:15:840:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:841:15:841:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:842:15:842:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:845:15:845:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:846:15:846:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:847:15:847:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign<InputIt> | 0 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign<InputIt> | 1 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign<InputIt> | 0 |
@@ -267,7 +354,25 @@ signatureMatches
| stl.h:678:33:678:38 | format | (format_string,Args &&) | | format<Args> | 1 |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format<Args> | 0 |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format<Args> | 1 |
| string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 |
| taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 |
getSignatureParameterName
| (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & |
| (CComBSTR &&) | CComBSTR | CComBSTR | 0 | CComBSTR && |
| (CRegKey &) | CRegKey | CRegKey | 0 | CRegKey & |
| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD & |
| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR |
| (HANDLE) | CAtlFile | CAtlFile | 0 | HANDLE |
| (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | HINSTANCE |
| (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | UINT |
| (HKEY) | CRegKey | CRegKey | 0 | HKEY |
| (InputIt,InputIt) | deque | assign<InputIt> | 0 | func:0 |
| (InputIt,InputIt) | deque | assign<InputIt> | 1 | func:0 |
| (InputIt,InputIt) | forward_list | assign<InputIt> | 0 | func:0 |
@@ -288,6 +393,33 @@ getSignatureParameterName
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 0 | func:0 |
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 1 | func:0 |
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 2 | const class:1 & |
| (LPCOLESTR) | CComBSTR | Append | 0 | LPCOLESTR |
| (LPCOLESTR) | CComBSTR | CComBSTR | 0 | LPCOLESTR |
| (LPCOLESTR,int) | CComBSTR | Append | 0 | LPCOLESTR |
| (LPCOLESTR,int) | CComBSTR | Append | 1 | int |
| (LPCSTR) | CComBSTR | Append | 0 | LPCSTR |
| (LPCSTR) | CComBSTR | CComBSTR | 0 | LPCSTR |
| (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | LPCTSTR |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 0 | LPCTSTR |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 1 | DWORD * |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 2 | void * |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 3 | ULONG * |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * |
| (UINT) | CComBSTR | LoadString | 0 | UINT |
| (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT |
| (char) | CComBSTR | Append | 0 | char |
| (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & |
| (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & |
| (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & |
| (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & |
| (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & |
| (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * |
| (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * |
| (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * |
| (const T &,BOOL) | CComSafeArray<T> | Add | 0 | const class:0 & |
| (const T &,BOOL) | CComSafeArray<T> | Add | 1 | BOOL |
| (const deque &) | deque | deque | 0 | const deque & |
| (const deque &,const Allocator &) | deque<T,Allocator> | deque | 0 | const deque & |
| (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 | const class:1 & |
@@ -348,6 +480,10 @@ getSignatureParameterName
| (forward_list &&) | forward_list | forward_list | 0 | forward_list && |
| (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 0 | forward_list && |
| (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 | const class:1 & |
| (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | int |
| (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | LPCOLESTR |
| (int,LPCSTR) | CComBSTR | CComBSTR | 0 | int |
| (int,LPCSTR) | CComBSTR | CComBSTR | 1 | LPCSTR |
| (list &&) | list | list | 0 | list && |
| (list &&,const Allocator &) | list<T,Allocator> | list | 0 | list && |
| (list &&,const Allocator &) | list<T,Allocator> | list | 1 | const class:1 & |
@@ -374,11 +510,294 @@ getSignatureParameterName
| (vector &&) | vector | vector | 0 | vector && |
| (vector &&,const Allocator &) | vector<T,Allocator> | vector | 0 | vector && |
| (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 | const class:1 & |
| (wchar_t) | CComBSTR | Append | 0 | wchar_t |
getParameterTypeName
| arrayassignment.cpp:3:6:3:9 | sink | 0 | int |
| arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt |
| arrayassignment.cpp:5:6:5:9 | sink | 0 | MyArray |
| arrayassignment.cpp:37:7:37:7 | MyInt | 0 | const MyInt & |
| arrayassignment.cpp:44:9:44:17 | operator= | 0 | const int & |
| arrayassignment.cpp:45:9:45:17 | operator= | 0 | const MyInt & |
| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | MyArray && |
| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | const MyArray & |
| arrayassignment.cpp:83:7:83:7 | operator= | 0 | MyArray && |
| arrayassignment.cpp:83:7:83:7 | operator= | 0 | const MyArray & |
| arrayassignment.cpp:88:7:88:9 | get | 0 | int |
| arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int |
| arrayassignment.cpp:124:6:124:9 | sink | 0 | int * |
| atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && |
| atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & |
| atl.cpp:50:16:50:16 | operator= | 0 | const tagSAFEARRAYBOUND & |
| atl.cpp:50:16:50:16 | operator= | 0 | tagSAFEARRAYBOUND && |
| atl.cpp:55:16:55:16 | operator= | 0 | const tagVARIANT & |
| atl.cpp:55:16:55:16 | operator= | 0 | tagVARIANT && |
| atl.cpp:59:16:59:16 | operator= | 0 | const tagSAFEARRAY & |
| atl.cpp:59:16:59:16 | operator= | 0 | tagSAFEARRAY && |
| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | _U_STRINGorID && |
| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | const _U_STRINGorID & |
| atl.cpp:68:8:68:8 | operator= | 0 | _U_STRINGorID && |
| atl.cpp:68:8:68:8 | operator= | 0 | const _U_STRINGorID & |
| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | UINT |
| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | LPCTSTR |
| atl.cpp:194:10:194:12 | Add | 0 | INARGTYPclass:0 |
| atl.cpp:196:10:196:15 | Append | 0 | const CAtlArray & |
| atl.cpp:197:8:197:11 | Copy | 0 | const CAtlArray & |
| atl.cpp:199:6:199:10 | GetAt | 0 | size_t |
| atl.cpp:203:8:203:20 | InsertArrayAt | 0 | size_t |
| atl.cpp:203:8:203:20 | InsertArrayAt | 1 | const CAtlArray * |
| atl.cpp:204:8:204:15 | InsertAt | 0 | size_t |
| atl.cpp:204:8:204:15 | InsertAt | 1 | INARGTYPclass:0 |
| atl.cpp:204:8:204:15 | InsertAt | 2 | size_t |
| atl.cpp:209:8:209:16 | SetAtGrow | 0 | size_t |
| atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 |
| atl.cpp:211:6:211:15 | operator[] | 0 | size_t |
| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT |
| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT |
| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 |
| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 |
| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * |
| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * |
| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 |
| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 |
| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * |
| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * |
| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 |
| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 |
| atl.cpp:265:12:265:15 | Find | 1 | POSITION |
| atl.cpp:265:12:265:15 | Find | 1 | POSITION |
| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t |
| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t |
| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION |
| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 |
| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 |
| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION |
| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION |
| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 |
| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 |
| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION |
| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION |
| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 |
| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 |
| atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && |
| atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & |
| atl.cpp:403:8:403:8 | operator= | 0 | ISequentialStream && |
| atl.cpp:403:8:403:8 | operator= | 0 | const ISequentialStream & |
| atl.cpp:405:8:405:8 | operator= | 0 | IStream && |
| atl.cpp:405:8:405:8 | operator= | 0 | const IStream & |
| atl.cpp:407:8:407:8 | operator= | 0 | const CComBSTR & |
| atl.cpp:409:3:409:10 | CComBSTR | 0 | const CComBSTR & |
| atl.cpp:410:3:410:10 | CComBSTR | 0 | int |
| atl.cpp:411:3:411:10 | CComBSTR | 0 | int |
| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCOLESTR |
| atl.cpp:412:3:412:10 | CComBSTR | 0 | int |
| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCSTR |
| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCOLESTR |
| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCSTR |
| atl.cpp:415:3:415:10 | CComBSTR | 0 | CComBSTR && |
| atl.cpp:418:11:418:16 | Append | 0 | const CComBSTR & |
| atl.cpp:419:11:419:16 | Append | 0 | wchar_t |
| atl.cpp:420:11:420:16 | Append | 0 | char |
| atl.cpp:421:11:421:16 | Append | 0 | LPCOLESTR |
| atl.cpp:422:11:422:16 | Append | 0 | LPCSTR |
| atl.cpp:423:11:423:16 | Append | 0 | LPCOLESTR |
| atl.cpp:423:11:423:16 | Append | 1 | int |
| atl.cpp:424:11:424:20 | AppendBSTR | 0 | BSTR |
| atl.cpp:425:11:425:21 | AppendBytes | 0 | const char * |
| atl.cpp:425:11:425:21 | AppendBytes | 1 | int |
| atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * |
| atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR |
| atl.cpp:428:8:428:13 | Attach | 0 | BSTR |
| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * |
| atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * |
| atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * |
| atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE |
| atl.cpp:438:8:438:17 | LoadString | 1 | UINT |
| atl.cpp:439:8:439:17 | LoadString | 0 | UINT |
| atl.cpp:440:11:440:24 | ReadFromStream | 0 | IStream * |
| atl.cpp:442:11:442:23 | WriteToStream | 0 | IStream * |
| atl.cpp:447:13:447:22 | operator+= | 0 | const CComBSTR & |
| atl.cpp:448:13:448:22 | operator+= | 0 | LPCOLESTR |
| atl.cpp:538:3:538:15 | CComSafeArray | 0 | const SAFEARRAY * |
| atl.cpp:542:11:542:13 | Add | 0 | const SAFEARRAY * |
| atl.cpp:544:11:544:13 | Add | 0 | const class:0 & |
| atl.cpp:544:11:544:13 | Add | 1 | BOOL |
| atl.cpp:552:6:552:10 | GetAt | 0 | LONG |
| atl.cpp:563:11:563:15 | SetAt | 0 | LONG |
| atl.cpp:563:11:563:15 | SetAt | 1 | const class:0 & |
| atl.cpp:563:11:563:15 | SetAt | 2 | BOOL |
| atl.cpp:565:6:565:15 | operator[] | 0 | long |
| atl.cpp:566:6:566:15 | operator[] | 0 | int |
| atl.cpp:610:3:610:8 | CPathT | 0 | PCXSTR |
| atl.cpp:611:3:611:8 | CPathT | 0 | const CPathT & |
| atl.cpp:615:8:615:19 | AddExtension | 0 | PCXSTR |
| atl.cpp:616:8:616:13 | Append | 0 | PCXSTR |
| atl.cpp:619:8:619:14 | Combine | 0 | PCXSTR |
| atl.cpp:619:8:619:14 | Combine | 1 | PCXSTR |
| atl.cpp:620:22:620:33 | CommonPrefix | 0 | PCXSTR |
| atl.cpp:657:23:657:32 | operator+= | 0 | PCXSTR |
| atl.cpp:717:8:717:10 | Add | 0 | const class:0 & |
| atl.cpp:718:7:718:10 | Find | 0 | const class:0 & |
| atl.cpp:729:6:729:15 | operator[] | 0 | int |
| atl.cpp:730:21:730:29 | operator= | 0 | const CSimpleArray & |
| atl.cpp:763:8:763:10 | Add | 0 | const class:0 & |
| atl.cpp:763:8:763:10 | Add | 1 | const class:1 & |
| atl.cpp:764:7:764:13 | FindKey | 0 | const class:0 & |
| atl.cpp:765:7:765:13 | FindVal | 0 | const class:1 & |
| atl.cpp:768:9:768:18 | GetValueAt | 0 | int |
| atl.cpp:769:8:769:13 | Lookup | 0 | const class:0 & |
| atl.cpp:773:8:773:20 | ReverseLookup | 0 | const class:1 & |
| atl.cpp:774:8:774:12 | SetAt | 0 | const class:0 & |
| atl.cpp:774:8:774:12 | SetAt | 1 | const class:1 & |
| atl.cpp:775:8:775:17 | SetAtIndex | 0 | int |
| atl.cpp:775:8:775:17 | SetAtIndex | 1 | const class:0 & |
| atl.cpp:775:8:775:17 | SetAtIndex | 2 | const class:1 & |
| atl.cpp:814:9:814:17 | operator= | 0 | const CUrl & |
| atl.cpp:816:3:816:6 | CUrl | 0 | const CUrl & |
| atl.cpp:819:15:819:26 | Canonicalize | 0 | DWORD |
| atl.cpp:822:8:822:15 | CrackUrl | 0 | LPCTSTR |
| atl.cpp:822:8:822:15 | CrackUrl | 1 | DWORD |
| atl.cpp:823:15:823:23 | CreateUrl | 0 | LPTSTR |
| atl.cpp:823:15:823:23 | CreateUrl | 1 | DWORD * |
| atl.cpp:823:15:823:23 | CreateUrl | 2 | DWORD |
| atl.cpp:840:15:840:26 | SetExtraInfo | 0 | LPCTSTR |
| atl.cpp:841:15:841:25 | SetHostName | 0 | LPCTSTR |
| atl.cpp:842:15:842:25 | SetPassword | 0 | LPCTSTR |
| atl.cpp:843:15:843:27 | SetPortNumber | 0 | ATL_URL_PORT |
| atl.cpp:844:15:844:23 | SetScheme | 0 | ATL_URL_SCHEME |
| atl.cpp:845:15:845:27 | SetSchemeName | 0 | LPCTSTR |
| atl.cpp:846:15:846:24 | SetUrlPath | 0 | LPCTSTR |
| atl.cpp:847:15:847:25 | SetUserName | 0 | LPCTSTR |
| bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & |
| bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && |
| bsd.cpp:12:5:12:10 | accept | 0 | int |
| bsd.cpp:12:5:12:10 | accept | 1 | sockaddr * |
| bsd.cpp:12:5:12:10 | accept | 2 | int * |
| bsd.cpp:14:6:14:9 | sink | 0 | sockaddr |
| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | MyValue && |
| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | const MyValue & |
| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | MyValue && |
| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | const MyValue & |
| constructor_delegation.cpp:8:2:8:8 | MyValue | 0 | int |
| constructor_delegation.cpp:9:2:9:8 | MyValue | 0 | int |
| constructor_delegation.cpp:9:2:9:8 | MyValue | 1 | bool |
| constructor_delegation.cpp:10:2:10:8 | MyValue | 0 | int |
| constructor_delegation.cpp:10:2:10:8 | MyValue | 1 | int |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 0 | int |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 1 | bool |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 2 | bool |
| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | MyDerivedValue && |
| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | const MyDerivedValue & |
| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | MyDerivedValue && |
| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | const MyDerivedValue & |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 0 | bool |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 1 | int |
| copyableclass.cpp:8:2:8:16 | MyCopyableClass | 0 | int |
| copyableclass.cpp:9:2:9:16 | MyCopyableClass | 0 | const MyCopyableClass & |
| copyableclass.cpp:10:19:10:27 | operator= | 0 | const MyCopyableClass & |
| copyableclass_declonly.cpp:8:2:8:24 | MyCopyableClassDeclOnly | 0 | int |
| copyableclass_declonly.cpp:9:2:9:24 | MyCopyableClassDeclOnly | 0 | const MyCopyableClassDeclOnly & |
| copyableclass_declonly.cpp:10:27:10:35 | operator= | 0 | const MyCopyableClassDeclOnly & |
| file://:0:0:0:0 | operator delete | 0 | void * |
| file://:0:0:0:0 | operator new | 0 | unsigned long |
| file://:0:0:0:0 | operator= | 0 | __va_list_tag && |
| file://:0:0:0:0 | operator= | 0 | const __va_list_tag & |
| format.cpp:3:16:3:16 | operator= | 0 | FILE && |
| format.cpp:3:16:3:16 | operator= | 0 | const FILE & |
| format.cpp:5:5:5:12 | snprintf | 0 | char * |
| format.cpp:5:5:5:12 | snprintf | 1 | size_t |
| format.cpp:5:5:5:12 | snprintf | 2 | const char * |
| format.cpp:6:5:6:11 | sprintf | 0 | char * |
| format.cpp:6:5:6:11 | sprintf | 1 | const char * |
| format.cpp:7:5:7:12 | swprintf | 0 | wchar_t * |
| format.cpp:7:5:7:12 | swprintf | 1 | size_t |
| format.cpp:7:5:7:12 | swprintf | 2 | const wchar_t * |
| format.cpp:14:5:14:13 | vsnprintf | 0 | char * |
| format.cpp:14:5:14:13 | vsnprintf | 1 | size_t |
| format.cpp:14:5:14:13 | vsnprintf | 2 | const char * |
| format.cpp:14:5:14:13 | vsnprintf | 3 | va_list |
| format.cpp:16:5:16:13 | mysprintf | 0 | char * |
| format.cpp:16:5:16:13 | mysprintf | 1 | size_t |
| format.cpp:16:5:16:13 | mysprintf | 2 | const char * |
| format.cpp:28:5:28:10 | sscanf | 0 | const char * |
| format.cpp:28:5:28:10 | sscanf | 1 | const char * |
| format.cpp:142:8:142:13 | strlen | 0 | const char * |
| format.cpp:143:8:143:13 | wcslen | 0 | const wchar_t * |
| format.cpp:169:6:169:9 | test | 0 | format_string |
| map.cpp:8:6:8:9 | sink | 0 | char * |
| map.cpp:9:6:9:9 | sink | 0 | const char * |
| map.cpp:10:6:10:9 | sink | 0 | bool |
| map.cpp:11:6:11:9 | sink | 0 | pair |
| map.cpp:12:6:12:9 | sink | 0 | map, allocator<pair<char *const, char *>>> |
| map.cpp:13:6:13:9 | sink | 0 | iterator |
| map.cpp:14:6:14:9 | sink | 0 | unordered_map, equal_to<char *>, allocator<pair<char *const, char *>>> |
| map.cpp:15:6:15:9 | sink | 0 | iterator |
| map.cpp:16:6:16:9 | sink | 0 | unordered_map, hash<char *>, equal_to<char *>, allocator<pair<char *const, pair<int, int>>>> |
| map.cpp:17:6:17:9 | sink | 0 | iterator |
| map.cpp:442:7:442:19 | indirect_sink | 0 | int * |
| movableclass.cpp:5:7:5:7 | MyMovableClass | 0 | const MyMovableClass & |
| movableclass.cpp:5:7:5:7 | operator= | 0 | const MyMovableClass & |
| movableclass.cpp:8:2:8:15 | MyMovableClass | 0 | int |
| movableclass.cpp:9:2:9:15 | MyMovableClass | 0 | MyMovableClass && |
| movableclass.cpp:13:18:13:26 | operator= | 0 | MyMovableClass && |
| set.cpp:8:6:8:9 | sink | 0 | char * |
| set.cpp:9:6:9:9 | sink | 0 | set, allocator<char *>> |
| set.cpp:10:6:10:9 | sink | 0 | iterator |
| set.cpp:11:6:11:9 | sink | 0 | unordered_set, equal_to<char *>, allocator<char *>> |
| set.cpp:12:6:12:9 | sink | 0 | iterator |
| smart_pointer.cpp:4:6:4:9 | sink | 0 | int |
| smart_pointer.cpp:5:6:5:9 | sink | 0 | int * |
| smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & |
| smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & |
| smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & |
| smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & |
| smart_pointer.cpp:60:8:60:8 | operator= | 0 | A && |
| smart_pointer.cpp:60:8:60:8 | operator= | 0 | const A & |
| smart_pointer.cpp:70:6:70:14 | getNumber | 0 | shared_ptr |
| smart_pointer.cpp:80:8:80:8 | operator= | 0 | B && |
| smart_pointer.cpp:80:8:80:8 | operator= | 0 | const B & |
| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 0 | unique_ptr |
| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 1 | unique_ptr |
| smart_pointer.cpp:97:6:97:12 | taint_x | 0 | A * |
| smart_pointer.cpp:107:8:107:8 | C | 0 | C && |
| smart_pointer.cpp:107:8:107:8 | C | 0 | const C & |
| smart_pointer.cpp:107:8:107:8 | operator= | 0 | C && |
| smart_pointer.cpp:107:8:107:8 | operator= | 0 | const C & |
| smart_pointer.cpp:112:6:112:19 | taint_x_shared | 0 | shared_ptr |
| smart_pointer.cpp:116:6:116:24 | taint_x_shared_cref | 0 | const shared_ptr & |
| smart_pointer.cpp:120:6:120:18 | getNumberCRef | 0 | const shared_ptr & |
| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 0 | shared_ptr |
| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 1 | unique_ptr> |
| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 0 | shared_ptr |
| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 1 | unique_ptr> |
| standalone_iterators.cpp:5:6:5:9 | sink | 0 | int |
| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | const int_iterator_by_typedefs & |
| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | int_iterator_by_typedefs && |
| standalone_iterators.cpp:16:30:16:39 | operator++ | 0 | int |
| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | const int_iterator_by_trait & |
| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | int_iterator_by_trait && |
| standalone_iterators.cpp:23:27:23:36 | operator++ | 0 | int |
| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | const non_iterator & |
| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | non_iterator && |
| standalone_iterators.cpp:39:18:39:27 | operator++ | 0 | int |
| standalone_iterators.cpp:43:6:43:18 | test_typedefs | 0 | int_iterator_by_typedefs |
| standalone_iterators.cpp:49:6:49:15 | test_trait | 0 | int_iterator_by_trait |
| standalone_iterators.cpp:55:6:55:22 | test_non_iterator | 0 | non_iterator |
| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | const insert_iterator_by_trait & |
| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | insert_iterator_by_trait && |
| standalone_iterators.cpp:66:30:66:39 | operator++ | 0 | int |
| standalone_iterators.cpp:68:30:68:39 | operator-- | 0 | int |
| standalone_iterators.cpp:70:31:70:39 | operator= | 0 | int |
| standalone_iterators.cpp:82:7:82:7 | container | 0 | const container & |
| standalone_iterators.cpp:82:7:82:7 | container | 0 | container && |
| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | const container & |
| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | container && |
| standalone_iterators.cpp:88:6:88:9 | sink | 0 | container |
| standalone_iterators.cpp:102:6:102:9 | sink | 0 | insert_iterator_by_trait |
| standalone_iterators.cpp:103:27:103:36 | operator+= | 0 | insert_iterator_by_trait & |
| standalone_iterators.cpp:103:27:103:36 | operator+= | 1 | int |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
@@ -409,6 +828,16 @@ getParameterTypeName
| stl.h:61:13:61:22 | operator+= | 0 | int |
| stl.h:62:13:62:22 | operator-= | 0 | int |
| stl.h:64:18:64:27 | operator[] | 0 | int |
| stl.h:67:9:67:9 | operator= | 0 | const input_iterator_tag & |
| stl.h:67:9:67:9 | operator= | 0 | input_iterator_tag && |
| stl.h:68:9:68:9 | operator= | 0 | const forward_iterator_tag & |
| stl.h:68:9:68:9 | operator= | 0 | forward_iterator_tag && |
| stl.h:69:9:69:9 | operator= | 0 | bidirectional_iterator_tag && |
| stl.h:69:9:69:9 | operator= | 0 | const bidirectional_iterator_tag & |
| stl.h:70:9:70:9 | operator= | 0 | const random_access_iterator_tag & |
| stl.h:70:9:70:9 | operator= | 0 | random_access_iterator_tag && |
| stl.h:72:9:72:9 | operator= | 0 | const output_iterator_tag & |
| stl.h:72:9:72:9 | operator= | 0 | output_iterator_tag && |
| stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & |
| stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & |
| stl.h:88:25:88:33 | operator= | 0 | value_type && |
@@ -733,12 +1162,262 @@ getParameterTypeName
| stl.h:678:33:678:38 | format | 1 | func:0 && |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 0 | format_string |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | func:0 && |
| string.cpp:17:6:17:9 | sink | 0 | const char * |
| string.cpp:18:6:18:9 | sink | 0 | const string & |
| string.cpp:19:6:19:9 | sink | 0 | const char * |
| string.cpp:19:6:19:9 | sink | 1 | const char * |
| string.cpp:20:6:20:9 | sink | 0 | char |
| string.cpp:21:6:21:9 | sink | 0 | iterator |
| stringstream.cpp:13:6:13:9 | sink | 0 | int |
| stringstream.cpp:15:6:15:9 | sink | 0 | const string & |
| stringstream.cpp:18:6:18:9 | sink | 0 | const basic_ostream> & |
| stringstream.cpp:21:6:21:9 | sink | 0 | const basic_istream> & |
| stringstream.cpp:24:6:24:9 | sink | 0 | const basic_iostream> & |
| stringstream.cpp:26:6:26:29 | test_stringstream_string | 0 | int |
| stringstream.cpp:70:6:70:26 | test_stringstream_int | 0 | int |
| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | StructLikeClass && |
| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | const StructLikeClass & |
| structlikeclass.cpp:5:7:5:7 | operator= | 0 | StructLikeClass && |
| structlikeclass.cpp:5:7:5:7 | operator= | 0 | const StructLikeClass & |
| structlikeclass.cpp:8:2:8:16 | StructLikeClass | 0 | int |
| swap1.cpp:14:9:14:9 | move | 0 | func:0 & |
| swap1.cpp:24:9:24:13 | Class | 0 | Class && |
| swap1.cpp:25:9:25:13 | Class | 0 | const Class & |
| swap1.cpp:27:16:27:24 | operator= | 0 | const Class & |
| swap1.cpp:34:16:34:24 | operator= | 0 | Class && |
| swap1.cpp:40:16:40:26 | copy_assign | 0 | const Class & |
| swap1.cpp:47:16:47:26 | move_assign | 0 | Class && |
| swap1.cpp:53:14:53:17 | swap | 0 | Class & |
| swap1.cpp:61:10:61:13 | swap | 0 | Class & |
| swap1.cpp:61:10:61:13 | swap | 1 | Class & |
| swap2.cpp:14:9:14:9 | move | 0 | func:0 & |
| swap2.cpp:24:9:24:13 | Class | 0 | Class && |
| swap2.cpp:25:9:25:13 | Class | 0 | const Class & |
| swap2.cpp:27:16:27:24 | operator= | 0 | const Class & |
| swap2.cpp:34:16:34:24 | operator= | 0 | Class && |
| swap2.cpp:40:16:40:26 | copy_assign | 0 | const Class & |
| swap2.cpp:47:16:47:26 | move_assign | 0 | Class && |
| swap2.cpp:53:14:53:17 | swap | 0 | Class & |
| swap2.cpp:61:10:61:13 | swap | 0 | Class & |
| swap2.cpp:61:10:61:13 | swap | 1 | Class & |
| swap.h:4:20:4:23 | swap | 0 | func:0 & |
| swap.h:4:20:4:23 | swap | 1 | func:0 & |
| taint.cpp:4:6:4:21 | arithAssignments | 0 | int |
| taint.cpp:4:6:4:21 | arithAssignments | 1 | int |
| taint.cpp:22:5:22:13 | increment | 0 | int |
| taint.cpp:23:5:23:8 | zero | 0 | int |
| taint.cpp:69:7:69:7 | MyClass | 0 | MyClass && |
| taint.cpp:69:7:69:7 | MyClass | 0 | const MyClass & |
| taint.cpp:69:7:69:7 | operator= | 0 | MyClass && |
| taint.cpp:69:7:69:7 | operator= | 0 | const MyClass & |
| taint.cpp:100:6:100:15 | array_test | 0 | int |
| taint.cpp:142:5:142:10 | select | 0 | int |
| taint.cpp:142:5:142:10 | select | 1 | int |
| taint.cpp:142:5:142:10 | select | 2 | int |
| taint.cpp:150:6:150:12 | fn_test | 0 | int |
| taint.cpp:156:7:156:12 | strcpy | 0 | char * |
| taint.cpp:156:7:156:12 | strcpy | 1 | const char * |
| taint.cpp:157:7:157:12 | strcat | 0 | char * |
| taint.cpp:157:7:157:12 | strcat | 1 | const char * |
| taint.cpp:180:7:180:12 | callee | 0 | int * |
| taint.cpp:190:7:190:12 | memcpy | 0 | void * |
| taint.cpp:190:7:190:12 | memcpy | 1 | void * |
| taint.cpp:190:7:190:12 | memcpy | 2 | int |
| taint.cpp:192:6:192:16 | test_memcpy | 0 | int * |
| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | const lambda [] type at line 233, col. 11 & |
| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | lambda [] type at line 233, col. 11 && |
| taint.cpp:228:11:228:11 | operator= | 0 | const lambda [] type at line 233, col. 11 & |
| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | const lambda [] type at line 240, col. 11 & |
| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | lambda [] type at line 240, col. 11 && |
| taint.cpp:235:11:235:11 | operator= | 0 | const lambda [] type at line 240, col. 11 & |
| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | const lambda [] type at line 248, col. 11 & |
| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | lambda [] type at line 248, col. 11 && |
| taint.cpp:243:11:243:11 | operator= | 0 | const lambda [] type at line 248, col. 11 & |
| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | const lambda [] type at line 254, col. 11 & |
| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | lambda [] type at line 254, col. 11 && |
| taint.cpp:249:11:249:11 | operator= | 0 | const lambda [] type at line 254, col. 11 & |
| taint.cpp:249:13:249:13 | _FUN | 0 | int |
| taint.cpp:249:13:249:13 | _FUN | 1 | int |
| taint.cpp:249:13:249:13 | operator() | 0 | int |
| taint.cpp:249:13:249:13 | operator() | 1 | int |
| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | const lambda [] type at line 260, col. 11 & |
| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | lambda [] type at line 260, col. 11 && |
| taint.cpp:255:11:255:11 | operator= | 0 | const lambda [] type at line 260, col. 11 & |
| taint.cpp:255:13:255:13 | _FUN | 0 | int & |
| taint.cpp:255:13:255:13 | _FUN | 1 | int & |
| taint.cpp:255:13:255:13 | _FUN | 2 | int & |
| taint.cpp:255:13:255:13 | operator() | 0 | int & |
| taint.cpp:255:13:255:13 | operator() | 1 | int & |
| taint.cpp:255:13:255:13 | operator() | 2 | int & |
| taint.cpp:266:5:266:6 | id | 0 | int |
| taint.cpp:297:6:297:14 | myAssign1 | 0 | int & |
| taint.cpp:297:6:297:14 | myAssign1 | 1 | int & |
| taint.cpp:302:6:302:14 | myAssign2 | 0 | int & |
| taint.cpp:302:6:302:14 | myAssign2 | 1 | int |
| taint.cpp:307:6:307:14 | myAssign3 | 0 | int * |
| taint.cpp:307:6:307:14 | myAssign3 | 1 | int |
| taint.cpp:312:6:312:14 | myAssign4 | 0 | int * |
| taint.cpp:312:6:312:14 | myAssign4 | 1 | int |
| taint.cpp:320:6:320:16 | myNotAssign | 0 | int & |
| taint.cpp:320:6:320:16 | myNotAssign | 1 | int & |
| taint.cpp:361:7:361:12 | strdup | 0 | const char * |
| taint.cpp:362:7:362:13 | strndup | 0 | const char * |
| taint.cpp:362:7:362:13 | strndup | 1 | size_t |
| taint.cpp:363:10:363:15 | wcsdup | 0 | const wchar_t * |
| taint.cpp:364:7:364:13 | strdupa | 0 | const char * |
| taint.cpp:365:7:365:14 | strndupa | 0 | const char * |
| taint.cpp:365:7:365:14 | strndupa | 1 | size_t |
| taint.cpp:367:6:367:16 | test_strdup | 0 | char * |
| taint.cpp:379:6:379:17 | test_strndup | 0 | int |
| taint.cpp:387:6:387:16 | test_wcsdup | 0 | wchar_t * |
| taint.cpp:397:6:397:17 | test_strdupa | 0 | char * |
| taint.cpp:409:6:409:18 | test_strndupa | 0 | int |
| taint.cpp:419:7:419:7 | MyClass2 | 0 | MyClass2 && |
| taint.cpp:419:7:419:7 | MyClass2 | 0 | const MyClass2 & |
| taint.cpp:419:7:419:7 | operator= | 0 | MyClass2 && |
| taint.cpp:419:7:419:7 | operator= | 0 | const MyClass2 & |
| taint.cpp:421:2:421:9 | MyClass2 | 0 | int |
| taint.cpp:422:7:422:15 | setMember | 0 | int |
| taint.cpp:428:7:428:7 | MyClass3 | 0 | MyClass3 && |
| taint.cpp:428:7:428:7 | MyClass3 | 0 | const MyClass3 & |
| taint.cpp:428:7:428:7 | operator= | 0 | MyClass3 && |
| taint.cpp:428:7:428:7 | operator= | 0 | const MyClass3 & |
| taint.cpp:430:2:430:9 | MyClass3 | 0 | const char * |
| taint.cpp:431:7:431:15 | setString | 0 | const char * |
| taint.cpp:474:6:474:9 | swop | 0 | int & |
| taint.cpp:474:6:474:9 | swop | 1 | int & |
| taint.cpp:500:5:500:12 | getdelim | 0 | char ** |
| taint.cpp:500:5:500:12 | getdelim | 1 | size_t * |
| taint.cpp:500:5:500:12 | getdelim | 2 | int |
| taint.cpp:500:5:500:12 | getdelim | 3 | FILE * |
| taint.cpp:502:6:502:18 | test_getdelim | 0 | FILE * |
| taint.cpp:512:7:512:12 | strtok | 0 | char * |
| taint.cpp:512:7:512:12 | strtok | 1 | const char * |
| taint.cpp:514:6:514:16 | test_strtok | 0 | char * |
| taint.cpp:523:7:523:13 | _strset | 0 | char * |
| taint.cpp:523:7:523:13 | _strset | 1 | int |
| taint.cpp:525:6:525:18 | test_strset_1 | 0 | char * |
| taint.cpp:525:6:525:18 | test_strset_1 | 1 | char |
| taint.cpp:531:6:531:18 | test_strset_2 | 0 | char * |
| taint.cpp:538:7:538:13 | mempcpy | 0 | void * |
| taint.cpp:538:7:538:13 | mempcpy | 1 | const void * |
| taint.cpp:538:7:538:13 | mempcpy | 2 | size_t |
| taint.cpp:540:6:540:17 | test_mempcpy | 0 | int * |
| taint.cpp:548:7:548:13 | memccpy | 0 | void * |
| taint.cpp:548:7:548:13 | memccpy | 1 | const void * |
| taint.cpp:548:7:548:13 | memccpy | 2 | int |
| taint.cpp:548:7:548:13 | memccpy | 3 | size_t |
| taint.cpp:550:6:550:17 | test_memccpy | 0 | int * |
| taint.cpp:558:7:558:12 | strcat | 0 | char * |
| taint.cpp:558:7:558:12 | strcat | 1 | const char * |
| taint.cpp:560:6:560:16 | test_strcat | 0 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 1 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 2 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 3 | char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 0 | unsigned char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 1 | const unsigned char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 2 | int |
| taint.cpp:570:16:570:25 | _mbsncat_l | 3 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 0 | unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 1 | const unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 2 | unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 3 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 4 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 5 | int |
| taint.cpp:589:7:589:12 | strsep | 0 | char ** |
| taint.cpp:589:7:589:12 | strsep | 1 | const char * |
| taint.cpp:591:6:591:16 | test_strsep | 0 | char * |
| taint.cpp:602:7:602:13 | _strinc | 0 | const char * |
| taint.cpp:602:7:602:13 | _strinc | 1 | _locale_t |
| taint.cpp:603:16:603:22 | _mbsinc | 0 | const unsigned char * |
| taint.cpp:604:16:604:22 | _strdec | 0 | const unsigned char * |
| taint.cpp:604:16:604:22 | _strdec | 1 | const unsigned char * |
| taint.cpp:606:6:606:17 | test__strinc | 0 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 1 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 2 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 3 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 4 | _locale_t |
| taint.cpp:616:6:616:17 | test__mbsinc | 0 | unsigned char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 1 | char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 2 | unsigned char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 3 | char * |
| taint.cpp:626:6:626:17 | test__strdec | 0 | const unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 1 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 2 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 3 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 4 | unsigned char * |
| taint.cpp:645:14:645:22 | _strnextc | 0 | const char * |
| taint.cpp:647:6:647:19 | test__strnextc | 0 | const char * |
| taint.cpp:659:7:659:7 | operator= | 0 | C_no_const_member_function && |
| taint.cpp:659:7:659:7 | operator= | 0 | const C_no_const_member_function & |
| taint.cpp:665:6:665:25 | test_no_const_member | 0 | char * |
| taint.cpp:671:7:671:7 | operator= | 0 | C_const_member_function && |
| taint.cpp:671:7:671:7 | operator= | 0 | const C_const_member_function & |
| taint.cpp:677:6:677:27 | test_with_const_member | 0 | char * |
| taint.cpp:683:6:683:20 | argument_source | 0 | void * |
| taint.cpp:685:8:685:8 | operator= | 0 | const two_members & |
| taint.cpp:685:8:685:8 | operator= | 0 | two_members && |
| taint.cpp:707:8:707:14 | strncpy | 0 | char * |
| taint.cpp:707:8:707:14 | strncpy | 1 | const char * |
| taint.cpp:707:8:707:14 | strncpy | 2 | unsigned long |
| taint.cpp:709:6:709:17 | test_strncpy | 0 | char * |
| taint.cpp:709:6:709:17 | test_strncpy | 1 | char * |
| taint.cpp:725:10:725:15 | strtol | 0 | const char * |
| taint.cpp:725:10:725:15 | strtol | 1 | char ** |
| taint.cpp:725:10:725:15 | strtol | 2 | int |
| taint.cpp:727:6:727:16 | test_strtol | 0 | char * |
| taint.cpp:735:7:735:12 | malloc | 0 | size_t |
| taint.cpp:736:7:736:13 | realloc | 0 | void * |
| taint.cpp:736:7:736:13 | realloc | 1 | size_t |
| taint.cpp:744:6:744:32 | test_realloc_2_indirections | 0 | int ** |
| taint.cpp:751:9:751:9 | operator= | 0 | A && |
| taint.cpp:751:9:751:9 | operator= | 0 | const A & |
| taint.cpp:758:5:758:11 | sprintf | 0 | char * |
| taint.cpp:758:5:758:11 | sprintf | 1 | const char * |
| taint.cpp:760:6:760:23 | call_sprintf_twice | 0 | char * |
| taint.cpp:760:6:760:23 | call_sprintf_twice | 1 | char * |
| taint.cpp:771:8:771:8 | operator= | 0 | TaintInheritingContentObject && |
| taint.cpp:771:8:771:8 | operator= | 0 | const TaintInheritingContentObject & |
| taint.cpp:775:30:775:35 | source | 0 | bool |
| taint.cpp:782:7:782:11 | fopen | 0 | const char * |
| taint.cpp:782:7:782:11 | fopen | 1 | const char * |
| taint.cpp:783:5:783:11 | fopen_s | 0 | FILE ** |
| taint.cpp:783:5:783:11 | fopen_s | 1 | const char * |
| taint.cpp:783:5:783:11 | fopen_s | 2 | const char * |
| taint.cpp:785:6:785:15 | fopen_test | 0 | char * |
| vector.cpp:13:6:13:9 | sink | 0 | int |
| vector.cpp:14:27:14:30 | sink | 0 | vector> & |
| vector.cpp:14:27:14:30 | sink | 0 | vector> & |
| vector.cpp:16:6:16:37 | test_range_based_for_loop_vector | 0 | int |
| vector.cpp:37:6:37:23 | test_element_taint | 0 | int |
| vector.cpp:145:8:145:8 | operator= | 0 | MyPair && |
| vector.cpp:145:8:145:8 | operator= | 0 | const MyPair & |
| vector.cpp:150:8:150:8 | MyVectorContainer | 0 | const MyVectorContainer & |
| vector.cpp:150:8:150:8 | operator= | 0 | MyVectorContainer && |
| vector.cpp:150:8:150:8 | operator= | 0 | const MyVectorContainer & |
| vector.cpp:216:6:216:9 | sink | 0 | iterator & |
| vector.cpp:231:6:231:9 | sink | 0 | vector> & |
| vector.cpp:232:6:232:9 | sink | 0 | vector> & |
| vector.cpp:279:6:279:9 | sink | 0 | int * |
| vector.cpp:295:6:295:9 | sink | 0 | iterator |
| vector.cpp:329:6:329:33 | taint_vector_output_iterator | 0 | iterator |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 0 | iterator |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 1 | int |
| vector.cpp:337:6:337:32 | test_vector_output_iterator | 0 | int |
| vector.cpp:417:6:417:25 | test_vector_inserter | 0 | char * |
| vector.cpp:454:7:454:12 | memcpy | 0 | void * |
| vector.cpp:454:7:454:12 | memcpy | 1 | const void * |
| vector.cpp:454:7:454:12 | memcpy | 2 | size_t |
| vector.cpp:461:6:461:9 | sink | 0 | vector> & |
| vector.cpp:462:6:462:9 | sink | 0 | string & |
| zmq.cpp:9:8:9:8 | operator= | 0 | const zmq_msg_t & |
| zmq.cpp:9:8:9:8 | operator= | 0 | zmq_msg_t && |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 0 | zmq_msg_t * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 1 | void * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 2 | size_t |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 3 | zmq_free_fn * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 4 | void * |
| zmq.cpp:15:7:15:18 | zmq_msg_data | 0 | zmq_msg_t * |
| zmq.cpp:17:6:17:13 | test_zmc | 0 | void * |
| zmq.cpp:17:6:17:13 | test_zmc | 1 | char * |
| zmq.cpp:17:6:17:13 | test_zmc | 2 | size_t |

32
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -24086,6 +24086,38 @@ ir.cpp:
# 2717| ValueCategory = prvalue
# 2717| getThen(): [BlockStmt] { ... }
# 2718| getStmt(16): [ReturnStmt] return ...
# 2720| [CopyAssignmentOperator] WithBracketOperator& WithBracketOperator::operator=(WithBracketOperator const&)
# 2720| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const WithBracketOperator &
# 2720| [MoveAssignmentOperator] WithBracketOperator& WithBracketOperator::operator=(WithBracketOperator&&)
# 2720| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] WithBracketOperator &&
# 2721| [ConstMemberFunction] char const& WithBracketOperator::operator[](int) const
# 2721| <params>:
# 2721| getParameter(0): [Parameter] pos
# 2721| Type = [IntType] int
# 2724| [TopLevelFunction] char UseBracketOperator(WithBracketOperator const, int)
# 2724| <params>:
# 2724| getParameter(0): [Parameter] x
# 2724| Type = [SpecifiedType] const WithBracketOperator
# 2724| getParameter(1): [Parameter] i
# 2724| Type = [IntType] int
# 2724| getEntryPoint(): [BlockStmt] { ... }
# 2725| getStmt(0): [ReturnStmt] return ...
# 2725| getExpr(): [OverloadedArrayExpr] call to operator[]
# 2725| Type = [LValueReferenceType] const char &
# 2725| ValueCategory = prvalue
# 2725| getArrayBase(): [VariableAccess] x
# 2725| Type = [SpecifiedType] const WithBracketOperator
# 2725| ValueCategory = lvalue
# 2725| getArrayOffset(): [VariableAccess] i
# 2725| Type = [IntType] int
# 2725| ValueCategory = prvalue(load)
# 2725| getExpr().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
# 2725| Type = [PlainCharType] char
# 2725| ValueCategory = prvalue(load)
many-defs-per-use.cpp:
# 34| [TopLevelFunction] void many_defs_per_use()
# 34| <params>:

85
cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
View File

@@ -2490,7 +2490,7 @@ destructors_for_temps.cpp:
# 47| v47_6(void) = ^IndirectReadSideEffect[-1] : &:r47_1, ~m47_5
# 47| m47_7(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r47_1
# 47| m47_8(unknown) = Chi : total:m47_5, partial:m47_7
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 47| Block 4
# 47| v47_9(void) = NoOp :
@@ -2574,7 +2574,7 @@ destructors_for_temps.cpp:
# 52| v52_6(void) = ^IndirectReadSideEffect[-1] : &:r52_1, ~m52_5
# 52| m52_7(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r52_1
# 52| m52_8(unknown) = Chi : total:m52_5, partial:m52_7
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 51| Block 4
# 51| r51_32(glval<ClassWithDestructor2>) = VariableAddress[#temp51:75] :
@@ -2656,7 +2656,7 @@ destructors_for_temps.cpp:
# 55| m55_29(ClassWithConstructor) = ^IndirectMayWriteSideEffect[-1] : &:r55_5
# 55| m55_30(unknown) = Chi : total:m55_28, partial:m55_29
# 55| v55_31(void) = ThrowValue : &:r55_5, ~m55_30
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 55| Block 4
# 55| r55_32(glval<ClassWithDestructor2>) = VariableAddress[#temp55:75] :
@@ -2721,7 +2721,7 @@ destructors_for_temps.cpp:
# 59| m59_20(unknown) = Chi : total:m59_17, partial:m59_19
# 59| m59_21(char) = Store[#throw59:9] : &:r59_4, r59_15
# 59| v59_22(void) = ThrowValue : &:r59_4, m59_21
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 59| Block 4
# 59| r59_23(char) = Constant[97] :
@@ -3120,7 +3120,7 @@ ir.c:
# 25| v25_4(void) = Call[ExRaiseAccessViolation] : func:r25_1, 0:r25_3
# 25| m25_5(unknown) = ^CallSideEffect : ~m21_4
# 25| m25_6(unknown) = Chi : total:m21_4, partial:m25_5
#-----| Exception -> Block 3
#-----| C++ Exception -> Block 3
# 26| Block 1
# 26| r26_1(int) = Constant[0] :
@@ -3167,7 +3167,7 @@ ir.c:
# 36| v36_3(void) = Call[ExRaiseAccessViolation] : func:r36_1, 0:r36_2
# 36| m36_4(unknown) = ^CallSideEffect : ~m32_4
# 36| m36_5(unknown) = Chi : total:m32_4, partial:m36_4
#-----| Exception -> Block 4
#-----| C++ Exception -> Block 4
# 32| Block 1
# 32| v32_5(void) = Unwind :
@@ -3202,7 +3202,7 @@ ir.c:
# 40| v40_3(void) = Call[ExRaiseAccessViolation] : func:r40_1, 0:r40_2
# 40| m40_4(unknown) = ^CallSideEffect : ~m36_5
# 40| m40_5(unknown) = Chi : total:m36_5, partial:m40_4
#-----| Exception -> Block 1
#-----| C++ Exception -> Block 1
# 32| Block 6
# 32| v32_8(void) = Unreached :
@@ -3241,7 +3241,7 @@ ir.c:
# 62| v62_3(void) = Call[ExRaiseAccessViolation] : func:r62_1, 0:r62_2
# 62| m62_4(unknown) = ^CallSideEffect : ~m57_4
# 62| m62_5(unknown) = Chi : total:m57_4, partial:m62_4
#-----| Exception -> Block 1
#-----| C++ Exception -> Block 1
# 66| Block 1
# 66| r66_1(int) = Constant[1] :
@@ -3263,7 +3263,7 @@ ir.c:
# 73| v73_3(void) = Call[ExRaiseAccessViolation] : func:r73_1, 0:r73_2
# 73| m73_4(unknown) = ^CallSideEffect : ~m70_4
# 73| m73_5(unknown) = Chi : total:m70_4, partial:m73_4
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 70| Block 1
# 70| v70_5(void) = Unwind :
@@ -3276,7 +3276,7 @@ ir.c:
# 76| v76_3(void) = Call[ExRaiseAccessViolation] : func:r76_1, 0:r76_2
# 76| m76_4(unknown) = ^CallSideEffect : ~m73_5
# 76| m76_5(unknown) = Chi : total:m73_5, partial:m76_4
#-----| Exception -> Block 1
#-----| C++ Exception -> Block 1
# 80| void raise_access_violation()
# 80| Block 0
@@ -3289,7 +3289,7 @@ ir.c:
# 81| v81_3(void) = Call[ExRaiseAccessViolation] : func:r81_1, 0:r81_2
# 81| m81_4(unknown) = ^CallSideEffect : ~m80_4
# 81| m81_5(unknown) = Chi : total:m80_4, partial:m81_4
#-----| Exception -> Block 1
#-----| C++ Exception -> Block 1
# 80| Block 1
# 80| v80_5(void) = Unwind :
@@ -6976,7 +6976,7 @@ ir.cpp:
# 728| r728_3(char *) = Convert : r728_2
# 728| m728_4(char *) = Store[#throw728:7] : &:r728_1, r728_3
# 728| v728_5(void) = ThrowValue : &:r728_1, m728_4
#-----| Exception -> Block 6
#-----| C++ Exception -> Block 6
# 730| Block 4
# 730| r730_1(glval<int>) = VariableAddress[x] :
@@ -6995,7 +6995,7 @@ ir.cpp:
# 735| Block 6
# 735| v735_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 8
#-----| C++ Exception -> Block 8
#-----| Goto -> Block 7
# 735| Block 7
@@ -7017,11 +7017,11 @@ ir.cpp:
# 736| m736_11(String) = ^IndirectMayWriteSideEffect[-1] : &:r736_1
# 736| m736_12(unknown) = Chi : total:m736_9, partial:m736_11
# 736| v736_13(void) = ThrowValue : &:r736_1, ~m736_12
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 738| Block 8
# 738| v738_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 10
#-----| C++ Exception -> Block 10
#-----| Goto -> Block 9
# 738| Block 9
@@ -7035,7 +7035,7 @@ ir.cpp:
# 740| Block 10
# 740| v740_1(void) = CatchAny :
# 741| v741_1(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 743| Block 11
# 743| v743_1(void) = NoOp :
@@ -9943,7 +9943,7 @@ ir.cpp:
# 1195| r1195_3(char *) = Convert : r1195_2
# 1195| m1195_4(char *) = Store[#throw1195:7] : &:r1195_1, r1195_3
# 1195| v1195_5(void) = ThrowValue : &:r1195_1, m1195_4
#-----| Exception -> Block 6
#-----| C++ Exception -> Block 6
# 1197| Block 4
# 1197| r1197_1(glval<int>) = VariableAddress[x] :
@@ -9962,7 +9962,7 @@ ir.cpp:
# 1202| Block 6
# 1202| v1202_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 8
#-----| C++ Exception -> Block 8
#-----| Goto -> Block 7
# 1202| Block 7
@@ -9984,11 +9984,11 @@ ir.cpp:
# 1203| m1203_11(String) = ^IndirectMayWriteSideEffect[-1] : &:r1203_1
# 1203| m1203_12(unknown) = Chi : total:m1203_9, partial:m1203_11
# 1203| v1203_13(void) = ThrowValue : &:r1203_1, ~m1203_12
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 1205| Block 8
# 1205| v1205_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
#-----| Goto -> Block 9
# 1205| Block 9
@@ -16924,7 +16924,7 @@ ir.cpp:
# 2281| v2281_6(void) = ^IndirectReadSideEffect[-1] : &:r2281_1, ~m2281_5
# 2281| m2281_7(String) = ^IndirectMayWriteSideEffect[-1] : &:r2281_1
# 2281| m2281_8(unknown) = Chi : total:m2281_5, partial:m2281_7
#-----| Exception -> Block 5
#-----| C++ Exception -> Block 5
# 2280| Block 4
# 2280| r2280_1(glval<String>) = VariableAddress[s2] :
@@ -16956,7 +16956,7 @@ ir.cpp:
# 2282| Block 5
# 2282| v2282_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 7
#-----| C++ Exception -> Block 7
#-----| Goto -> Block 6
# 2282| Block 6
@@ -16978,11 +16978,11 @@ ir.cpp:
# 2283| m2283_11(String) = ^IndirectMayWriteSideEffect[-1] : &:r2283_1
# 2283| m2283_12(unknown) = Chi : total:m2283_9, partial:m2283_11
# 2283| v2283_13(void) = ThrowValue : &:r2283_1, ~m2283_12
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2285| Block 7
# 2285| v2285_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
#-----| Goto -> Block 8
# 2285| Block 8
@@ -16996,7 +16996,7 @@ ir.cpp:
# 2287| Block 9
# 2287| v2287_1(void) = CatchAny :
# 2288| v2288_1(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2290| Block 10
# 2290| m2290_1(unknown) = Phi : from 4:~m2281_24, from 8:~m2281_8
@@ -18266,7 +18266,7 @@ ir.cpp:
# 2454| v2454_6(void) = ^IndirectReadSideEffect[-1] : &:r2454_1, m2452_8
# 2454| m2454_7(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2454_1
# 2454| m2454_8(ClassWithDestructor) = Chi : total:m2452_8, partial:m2454_7
#-----| Exception -> Block 1
#-----| C++ Exception -> Block 1
# 2451| Block 1
# 2451| v2451_7(void) = Unwind :
@@ -18693,7 +18693,7 @@ ir.cpp:
# 2537| r2537_2(int) = Constant[42] :
# 2537| m2537_3(int) = Store[#throw2537:5] : &:r2537_1, r2537_2
# 2537| v2537_4(void) = ThrowValue : &:r2537_1, m2537_3
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2534| Block 1
# 2534| m2534_5(unknown) = Phi : from 3:~m2541_6, from 4:~m2541_14
@@ -18702,7 +18702,7 @@ ir.cpp:
# 2539| Block 2
# 2539| v2539_1(void) = CatchByType[char] :
#-----| Exception -> Block 4
#-----| C++ Exception -> Block 4
#-----| Goto -> Block 3
# 2539| Block 3
@@ -19713,6 +19713,33 @@ ir.cpp:
# 2698| v2698_10(void) = AliasedUse : m2698_3
# 2698| v2698_11(void) = ExitFunction :
# 2724| char UseBracketOperator(WithBracketOperator const, int)
# 2724| Block 0
# 2724| v2724_1(void) = EnterFunction :
# 2724| m2724_2(unknown) = AliasedDefinition :
# 2724| m2724_3(unknown) = InitializeNonLocal :
# 2724| m2724_4(unknown) = Chi : total:m2724_2, partial:m2724_3
# 2724| r2724_5(glval<WithBracketOperator>) = VariableAddress[x] :
# 2724| m2724_6(WithBracketOperator) = InitializeParameter[x] : &:r2724_5
# 2724| m2724_7(unknown) = Chi : total:m2724_4, partial:m2724_6
# 2724| r2724_8(glval<int>) = VariableAddress[i] :
# 2724| m2724_9(int) = InitializeParameter[i] : &:r2724_8
# 2725| r2725_1(glval<char>) = VariableAddress[#return] :
# 2725| r2725_2(glval<WithBracketOperator>) = VariableAddress[x] :
# 2725| r2725_3(glval<unknown>) = FunctionAddress[operator[]] :
# 2725| r2725_4(glval<int>) = VariableAddress[i] :
# 2725| r2725_5(int) = Load[i] : &:r2725_4, m2724_9
# 2725| r2725_6(char &) = Call[operator[]] : func:r2725_3, this:r2725_2, 0:r2725_5
# 2725| m2725_7(unknown) = ^CallSideEffect : ~m2724_7
# 2725| m2725_8(unknown) = Chi : total:m2724_7, partial:m2725_7
# 2725| v2725_9(void) = ^IndirectReadSideEffect[-1] : &:r2725_2, ~m2725_8
# 2725| r2725_10(char) = Load[?] : &:r2725_6, ~m2725_8
# 2725| m2725_11(char) = Store[#return] : &:r2725_1, r2725_10
# 2724| r2724_10(glval<char>) = VariableAddress[#return] :
# 2724| v2724_11(void) = ReturnValue : &:r2724_10, m2725_11
# 2724| v2724_12(void) = AliasedUse : ~m2725_8
# 2724| v2724_13(void) = ExitFunction :
many-defs-per-use.cpp:
# 34| void many_defs_per_use()
# 34| Block 0
@@ -38962,7 +38989,7 @@ try_except.cpp:
# 48| r48_2(int) = Constant[1] :
# 48| m48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, m48_3
#-----| Exception -> Block 4
#-----| C++ Exception -> Block 4
# 51| Block 2
# 51| r51_1(int) = Constant[0] :

8
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -2717,4 +2717,12 @@ void branch_on_integral_in_cpp(int x1, int x2) {
if(!x_1_and_2) {}
}
struct WithBracketOperator {
const char& operator[](int pos) const;
};
char UseBracketOperator(const WithBracketOperator x, int i) {
return x[i];
}
// semmle-extractor-options: -std=c++20 --clang

98
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -822,7 +822,7 @@ coroutines.cpp:
#-----| Block 6
#-----| v0_24(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 87| Block 7
# 87| r87_52(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -1001,7 +1001,7 @@ coroutines.cpp:
#-----| Block 6
#-----| v0_28(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 91| Block 7
# 91| r91_54(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -1239,7 +1239,7 @@ coroutines.cpp:
#-----| Block 8
#-----| v0_34(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 95| Block 9
# 95| r95_54(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -1469,7 +1469,7 @@ coroutines.cpp:
#-----| Block 8
#-----| v0_27(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 99| Block 9
# 99| r99_54(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -1707,7 +1707,7 @@ coroutines.cpp:
#-----| Block 8
#-----| v0_34(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 103| Block 9
# 103| r103_54(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -1949,7 +1949,7 @@ coroutines.cpp:
#-----| Block 8
#-----| v0_34(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 108| Block 9
# 108| r108_54(glval<promise_type>) = VariableAddress[(unnamed local variable)] :
@@ -2350,7 +2350,7 @@ destructors_for_temps.cpp:
# 47| mu47_4(unknown) = ^CallSideEffect : ~m?
# 47| v47_5(void) = ^IndirectReadSideEffect[-1] : &:r47_1, ~m?
# 47| mu47_6(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r47_1
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 47| Block 4
# 47| v47_7(void) = NoOp :
@@ -2417,7 +2417,7 @@ destructors_for_temps.cpp:
# 52| mu52_4(unknown) = ^CallSideEffect : ~m?
# 52| v52_5(void) = ^IndirectReadSideEffect[-1] : &:r52_1, ~m?
# 52| mu52_6(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r52_1
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 51| Block 4
# 51| r51_24(glval<ClassWithDestructor2>) = VariableAddress[#temp51:75] :
@@ -2484,7 +2484,7 @@ destructors_for_temps.cpp:
# 55| mu55_21(unknown) = ^CallSideEffect : ~m?
# 55| mu55_22(ClassWithConstructor) = ^IndirectMayWriteSideEffect[-1] : &:r55_5
# 55| v55_23(void) = ThrowValue : &:r55_5, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 55| Block 4
# 55| r55_24(glval<ClassWithDestructor2>) = VariableAddress[#temp55:75] :
@@ -2539,7 +2539,7 @@ destructors_for_temps.cpp:
# 59| mu59_15(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r59_5
# 59| mu59_16(char) = Store[#throw59:9] : &:r59_4, r59_12
# 59| v59_17(void) = ThrowValue : &:r59_4, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 59| Block 4
# 59| r59_18(char) = Constant[97] :
@@ -2884,7 +2884,7 @@ ir.c:
# 25| r25_3(int) = Load[x] : &:r25_2, ~m?
# 25| v25_4(void) = Call[ExRaiseAccessViolation] : func:r25_1, 0:r25_3
# 25| mu25_5(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 6
#-----| C++ Exception -> Block 6
# 21| Block 1
# 21| v21_6(void) = AliasedUse : ~m?
@@ -2941,7 +2941,7 @@ ir.c:
# 36| r36_2(int) = Constant[0] :
# 36| v36_3(void) = Call[ExRaiseAccessViolation] : func:r36_1, 0:r36_2
# 36| mu36_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 5
#-----| C++ Exception -> Block 5
# 32| Block 1
# 32| v32_4(void) = AliasedUse : ~m?
@@ -2977,7 +2977,7 @@ ir.c:
# 40| r40_2(int) = Constant[1] :
# 40| v40_3(void) = Call[ExRaiseAccessViolation] : func:r40_1, 0:r40_2
# 40| mu40_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 42| Block 7
# 42| v42_1(void) = NoOp :
@@ -3022,7 +3022,7 @@ ir.c:
# 62| r62_2(int) = Constant[0] :
# 62| v62_3(void) = Call[ExRaiseAccessViolation] : func:r62_1, 0:r62_2
# 62| mu62_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 3
#-----| C++ Exception -> Block 3
# 57| Block 1
# 57| v57_4(void) = AliasedUse : ~m?
@@ -3049,7 +3049,7 @@ ir.c:
# 73| r73_2(int) = Constant[0] :
# 73| v73_3(void) = Call[ExRaiseAccessViolation] : func:r73_1, 0:r73_2
# 73| mu73_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 3
#-----| C++ Exception -> Block 3
# 70| Block 1
# 70| v70_4(void) = AliasedUse : ~m?
@@ -3064,7 +3064,7 @@ ir.c:
# 76| r76_2(int) = Constant[0] :
# 76| v76_3(void) = Call[ExRaiseAccessViolation] : func:r76_1, 0:r76_2
# 76| mu76_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 78| Block 4
# 78| v78_1(void) = NoOp :
@@ -3080,7 +3080,7 @@ ir.c:
# 81| r81_2(int) = Constant[1] :
# 81| v81_3(void) = Call[ExRaiseAccessViolation] : func:r81_1, 0:r81_2
# 81| mu81_4(unknown) = ^CallSideEffect : ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 80| Block 1
# 80| v80_4(void) = AliasedUse : ~m?
@@ -6615,7 +6615,7 @@ ir.cpp:
# 728| r728_3(char *) = Convert : r728_2
# 728| mu728_4(char *) = Store[#throw728:7] : &:r728_1, r728_3
# 728| v728_5(void) = ThrowValue : &:r728_1, ~m?
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
# 730| Block 4
# 730| r730_1(glval<int>) = VariableAddress[x] :
@@ -6654,7 +6654,7 @@ ir.cpp:
# 731| v731_18(void) = ^BufferReadSideEffect[0] : &:r731_15, ~m?
# 731| mu731_19(String) = ^IndirectMayWriteSideEffect[-1] : &:r731_11
# 731| v731_20(void) = ThrowValue : &:r731_11, ~m?
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
# 733| Block 8
# 733| r733_1(int) = Constant[7] :
@@ -6664,7 +6664,7 @@ ir.cpp:
# 735| Block 9
# 735| v735_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 11
#-----| C++ Exception -> Block 11
#-----| Goto -> Block 10
# 735| Block 10
@@ -6682,11 +6682,11 @@ ir.cpp:
# 736| v736_8(void) = ^BufferReadSideEffect[0] : &:r736_5, ~m?
# 736| mu736_9(String) = ^IndirectMayWriteSideEffect[-1] : &:r736_1
# 736| v736_10(void) = ThrowValue : &:r736_1, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 738| Block 11
# 738| v738_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 13
#-----| C++ Exception -> Block 13
#-----| Goto -> Block 12
# 738| Block 12
@@ -6700,7 +6700,7 @@ ir.cpp:
# 740| Block 13
# 740| v740_1(void) = CatchAny :
# 741| v741_1(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 743| Block 14
# 743| v743_1(void) = NoOp :
@@ -9285,7 +9285,7 @@ ir.cpp:
# 1195| r1195_3(char *) = Convert : r1195_2
# 1195| mu1195_4(char *) = Store[#throw1195:7] : &:r1195_1, r1195_3
# 1195| v1195_5(void) = ThrowValue : &:r1195_1, ~m?
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
# 1197| Block 4
# 1197| r1197_1(glval<int>) = VariableAddress[x] :
@@ -9324,7 +9324,7 @@ ir.cpp:
# 1198| v1198_18(void) = ^BufferReadSideEffect[0] : &:r1198_15, ~m?
# 1198| mu1198_19(String) = ^IndirectMayWriteSideEffect[-1] : &:r1198_11
# 1198| v1198_20(void) = ThrowValue : &:r1198_11, ~m?
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
# 1200| Block 8
# 1200| r1200_1(int) = Constant[7] :
@@ -9334,7 +9334,7 @@ ir.cpp:
# 1202| Block 9
# 1202| v1202_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 11
#-----| C++ Exception -> Block 11
#-----| Goto -> Block 10
# 1202| Block 10
@@ -9352,11 +9352,11 @@ ir.cpp:
# 1203| v1203_8(void) = ^BufferReadSideEffect[0] : &:r1203_5, ~m?
# 1203| mu1203_9(String) = ^IndirectMayWriteSideEffect[-1] : &:r1203_1
# 1203| v1203_10(void) = ThrowValue : &:r1203_1, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 1205| Block 11
# 1205| v1205_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
#-----| Goto -> Block 12
# 1205| Block 12
@@ -15571,7 +15571,7 @@ ir.cpp:
# 2281| mu2281_4(unknown) = ^CallSideEffect : ~m?
# 2281| v2281_5(void) = ^IndirectReadSideEffect[-1] : &:r2281_1, ~m?
# 2281| mu2281_6(String) = ^IndirectMayWriteSideEffect[-1] : &:r2281_1
#-----| Exception -> Block 5
#-----| C++ Exception -> Block 5
# 2280| Block 4
# 2280| r2280_1(glval<String>) = VariableAddress[s2] :
@@ -15596,7 +15596,7 @@ ir.cpp:
# 2282| Block 5
# 2282| v2282_1(void) = CatchByType[const char *] :
#-----| Exception -> Block 7
#-----| C++ Exception -> Block 7
#-----| Goto -> Block 6
# 2282| Block 6
@@ -15614,11 +15614,11 @@ ir.cpp:
# 2283| v2283_8(void) = ^BufferReadSideEffect[0] : &:r2283_5, ~m?
# 2283| mu2283_9(String) = ^IndirectMayWriteSideEffect[-1] : &:r2283_1
# 2283| v2283_10(void) = ThrowValue : &:r2283_1, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2285| Block 7
# 2285| v2285_1(void) = CatchByType[const String &] :
#-----| Exception -> Block 9
#-----| C++ Exception -> Block 9
#-----| Goto -> Block 8
# 2285| Block 8
@@ -15632,7 +15632,7 @@ ir.cpp:
# 2287| Block 9
# 2287| v2287_1(void) = CatchAny :
# 2288| v2288_1(void) = ReThrow :
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2290| Block 10
# 2290| v2290_1(void) = NoOp :
@@ -16699,7 +16699,7 @@ ir.cpp:
# 2454| mu2454_4(unknown) = ^CallSideEffect : ~m?
# 2454| v2454_5(void) = ^IndirectReadSideEffect[-1] : &:r2454_1, ~m?
# 2454| mu2454_6(ClassWithDestructor) = ^IndirectMayWriteSideEffect[-1] : &:r2454_1
#-----| Exception -> Block 3
#-----| C++ Exception -> Block 3
# 2451| Block 1
# 2451| v2451_6(void) = AliasedUse : ~m?
@@ -17102,7 +17102,7 @@ ir.cpp:
# 2537| r2537_2(int) = Constant[42] :
# 2537| mu2537_3(int) = Store[#throw2537:5] : &:r2537_1, r2537_2
# 2537| v2537_4(void) = ThrowValue : &:r2537_1, ~m?
#-----| Exception -> Block 2
#-----| C++ Exception -> Block 2
# 2534| Block 1
# 2534| v2534_4(void) = AliasedUse : ~m?
@@ -17110,7 +17110,7 @@ ir.cpp:
# 2539| Block 2
# 2539| v2539_1(void) = CatchByType[char] :
#-----| Exception -> Block 4
#-----| C++ Exception -> Block 4
#-----| Goto -> Block 3
# 2539| Block 3
@@ -18031,6 +18031,30 @@ ir.cpp:
# 2698| v2698_9(void) = AliasedUse : ~m?
# 2698| v2698_10(void) = ExitFunction :
# 2724| char UseBracketOperator(WithBracketOperator const, int)
# 2724| Block 0
# 2724| v2724_1(void) = EnterFunction :
# 2724| mu2724_2(unknown) = AliasedDefinition :
# 2724| mu2724_3(unknown) = InitializeNonLocal :
# 2724| r2724_4(glval<WithBracketOperator>) = VariableAddress[x] :
# 2724| mu2724_5(WithBracketOperator) = InitializeParameter[x] : &:r2724_4
# 2724| r2724_6(glval<int>) = VariableAddress[i] :
# 2724| mu2724_7(int) = InitializeParameter[i] : &:r2724_6
# 2725| r2725_1(glval<char>) = VariableAddress[#return] :
# 2725| r2725_2(glval<WithBracketOperator>) = VariableAddress[x] :
# 2725| r2725_3(glval<unknown>) = FunctionAddress[operator[]] :
# 2725| r2725_4(glval<int>) = VariableAddress[i] :
# 2725| r2725_5(int) = Load[i] : &:r2725_4, ~m?
# 2725| r2725_6(char &) = Call[operator[]] : func:r2725_3, this:r2725_2, 0:r2725_5
# 2725| mu2725_7(unknown) = ^CallSideEffect : ~m?
# 2725| v2725_8(void) = ^IndirectReadSideEffect[-1] : &:r2725_2, ~m?
# 2725| r2725_9(char) = Load[?] : &:r2725_6, ~m?
# 2725| mu2725_10(char) = Store[#return] : &:r2725_1, r2725_9
# 2724| r2724_8(glval<char>) = VariableAddress[#return] :
# 2724| v2724_9(void) = ReturnValue : &:r2724_8, ~m?
# 2724| v2724_10(void) = AliasedUse : ~m?
# 2724| v2724_11(void) = ExitFunction :
many-defs-per-use.cpp:
# 34| void many_defs_per_use()
# 34| Block 0
@@ -37343,7 +37367,7 @@ try_except.cpp:
# 48| r48_2(int) = Constant[1] :
# 48| mu48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, ~m?
#-----| Exception -> Block 6
#-----| C++ Exception -> Block 6
# 51| Block 4
# 51| r51_1(int) = Constant[0] :

2
cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql
View File

@@ -7,7 +7,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysi
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisImpl
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module ModulusAnalysisInstantiated = ModulusAnalysis<SemLocation, Sem, FloatDelta, ConstantBounds>;

2
cpp/ql/test/library-tests/ir/points_to/points_to.ql
View File

@@ -1,5 +1,5 @@
import cpp
private import TestUtilities.InlineExpectationsTest
private import utils.test.InlineExpectationsTest
private import semmle.code.cpp.ir.internal.IntegerConstant as Ints
private predicate ignoreAllocation(string name) {

2
cpp/ql/test/library-tests/ir/range-analysis/Overflow.ql
View File

@@ -1,6 +1,6 @@
import cpp
import semmle.code.cpp.rangeanalysis.new.SimpleRangeAnalysis
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module RangeAnalysisTest implements TestSig {
string getARelevantTag() { result = "overflow" }

2
cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql
View File

@@ -3,7 +3,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysi
import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module RangeAnalysisTest implements TestSig {
string getARelevantTag() { result = "range" }

2
cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql
View File

@@ -5,7 +5,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisRelativeSpecific
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module SignAnalysisInstantiated = SignAnalysis<FloatDelta>;

2
cpp/ql/test/library-tests/ir/types/irtypes.ql
View File

@@ -1,6 +1,6 @@
private import cpp
private import semmle.code.cpp.ir.implementation.raw.IR
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
module IRTypesTest implements TestSig {
string getARelevantTag() { result = "irtype" }

2
cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck.qlref
View File

@@ -1,2 +1,2 @@
query: Critical/SizeCheck.ql
postprocess: TestUtilities/InlineExpectationsTestQuery.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

1
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
View File

@@ -5,6 +5,7 @@
| macros.cpp:14:2:14:37 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 |
| macros.cpp:21:2:21:36 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 |
| macros.cpp:32:2:32:25 | call to printf | Format for printf (in a macro expansion) expects 1 arguments but given 0 |
| syntax_errors.c:15:5:15:10 | call to printf | Format for printf expects 2 arguments but given 0 |
| test.c:9:2:9:7 | call to printf | Format for printf expects 1 arguments but given 0 |
| test.c:12:2:12:7 | call to printf | Format for printf expects 2 arguments but given 1 |
| test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 |

13
cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c
View File

@@ -3,5 +3,16 @@
extern int printf(const char *fmt, ...);
void test_syntax_error() {
printf("Error code %d: " FMT_MSG, 0, "");
// GOOD
printf("Error code %d: " UNDEFINED_MACRO, 0, "");
// GOOD
printf("%d%d",
(UNDEFINED_MACRO)1,
(UNDEFINED_MACRO)2);
// GOOD [FALSE POSITIVE]
printf("%d%d"
UNDEFINED_MACRO,
1, 2);
}

3
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/tests.c
View File

@@ -3,9 +3,10 @@
int printf(const char * format, ...);
int fprintf();
void f() {
void f(UNKNOWN_CHAR * str) {
printf("%s", 1); // BAD
printf("%s", implicit_function()); // GOOD - we should ignore the type
sprintf(0, "%s", ""); // GOOD
fprintf(0, "%s", ""); // GOOD
printf("%s", str); // GOOD - erroneous type is ignored
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.qlref
View File

@@ -1,2 +1,2 @@
query: Security/CWE/CWE-022/TaintedPath.ql
postprocess: TestUtilities/InlineExpectationsTestQuery.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

11
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/errors.c Normal file
View File

@@ -0,0 +1,11 @@
// semmle-extractor-options: --expect_errors
typedef unsigned long size_t;
typedef int wchar_t;
int swprintf(wchar_t *s, size_t n, const wchar_t *format, ...);
void test_extraction_errors() {
WCHAR buffer[3];
swprintf(buffer, 3, L"abc");
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-193/AllocationToInvalidPointer.ql
View File

@@ -1,6 +1,6 @@
import cpp
import semmle.code.cpp.security.InvalidPointerDereference.AllocationToInvalidPointer
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.ir.IR
import semmle.code.cpp.dataflow.new.DataFlow

2
cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerToDereference.ql
View File

@@ -1,6 +1,6 @@
import cpp
import semmle.code.cpp.security.InvalidPointerDereference.InvalidPointerToDereference
import TestUtilities.InlineExpectationsTest
import utils.test.InlineExpectationsTest
import semmle.code.cpp.ir.IR
import semmle.code.cpp.dataflow.new.DataFlow

4
csharp/.config/dotnet-tools.json
View File

@@ -3,10 +3,10 @@
"isRoot": true,
"tools": {
"paket": {
"version": "9.0.1",
"version": "9.0.2",
"commands": [
"paket"
]
}
}
}
}

1
csharp/.vscode/launch.json vendored
View File

@@ -75,6 +75,7 @@
"env": {},
"stopAtEntry": true,
"justMyCode": false,
"requireExactSource": false,
"suppressJITOptimizations": true
},
]

Some files were not shown because too many files have changed in this diff Show More