diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6f6dc549e04..9ce291fa33c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,3 +17,26 @@ updates: ignore: - dependency-name: '*' update-types: ['version-update:semver-patch', 'version-update:semver-minor'] + + - package-ecosystem: "gomod" + directory: "go/extractor" + schedule: + interval: "daily" + allow: + - dependency-name: "golang.org/x/mod" + - dependency-name: "golang.org/x/tools" + groups: + extractor-dependencies: + patterns: + - "golang.org/x/*" + reviewers: + - "github/codeql-go" + + - package-ecosystem: "gomod" + directory: "go/ql/test" + schedule: + interval: "monthly" + ignore: + - dependency-name: "*" + reviewers: + - "github/codeql-go" diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index 3967c0ec921..f80864ed019 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -15,20 +15,34 @@ on: jobs: check-change-note: + env: + REPO: ${{ github.repository }} + PULL_REQUEST_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: ubuntu-latest steps: + - name: Fail if no change note found. To fix, either add one, or add the `no-change-note-required` label. if: | github.event.pull_request.draft == false && !contains(github.event.pull_request.labels.*.name, 'no-change-note-required') - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' | - grep true -c + change_note_files=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))') + + if [ -z "$change_note_files" ]; then + echo "No change note found. Either add one, or add the 'no-change-note-required' label." + exit 1 + fi + + echo "Change notes found:" + echo "$change_note_files" + - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md', 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text, or released/x.y.z.md for released change-notes - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$"))' | - grep true -c + bad_change_note_file_names=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))][] | select((test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$")) | not)') + + if [ -n "$bad_change_note_file_names" ]; then + echo "The following change note file names are invalid:" + echo "$bad_change_note_file_names" + exit 1 + fi diff --git a/.github/workflows/compile-queries.yml b/.github/workflows/compile-queries.yml index f3600dc0c5e..c44aa56a753 100644 --- a/.github/workflows/compile-queries.yml +++ b/.github/workflows/compile-queries.yml @@ -29,9 +29,9 @@ jobs: # run with --check-only if running in a PR (github.sha != main) if : ${{ github.event_name == 'pull_request' }} shell: bash - run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" + run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 - name: compile queries - full # do full compile if running on main - this populates the cache if : ${{ github.event_name != 'pull_request' }} shell: bash - run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" + run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 diff --git a/.github/workflows/csharp-qltest.yml b/.github/workflows/csharp-qltest.yml index 2b2ead07e17..1dc62c49caf 100644 --- a/.github/workflows/csharp-qltest.yml +++ b/.github/workflows/csharp-qltest.yml @@ -91,7 +91,7 @@ jobs: run: | # Generate (Asp)NetCore stubs STUBS_PATH=stubs_output - python3 ql/src/Stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger latest "$STUBS_PATH" + python3 ql/src/Stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger 6.5.0 "$STUBS_PATH" rm -rf ql/test/resources/stubs/_frameworks # Update existing stubs in the repo with the freshly generated ones mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/ diff --git a/config/identical-files.json b/config/identical-files.json index 5c801c387a1..144031d5a68 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -498,22 +498,6 @@ "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll", "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll" ], - "TaintedFormatStringQuery Ruby/JS": [ - "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll", - "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll" - ], - "TaintedFormatStringCustomizations Ruby/JS": [ - "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringCustomizations.qll", - "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringCustomizations.qll" - ], - "HttpToFileAccessQuery JS/Ruby": [ - "javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll", - "ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll" - ], - "HttpToFileAccessCustomizations JS/Ruby": [ - "javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll", - "ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll" - ], "Typo database": [ "javascript/ql/src/Expressions/TypoDatabase.qll", "ql/ql/src/codeql_ql/style/TypoDatabase.qll" diff --git a/cpp/BUILD.bazel b/cpp/BUILD.bazel index 5341bd20390..fcd15f28581 100644 --- a/cpp/BUILD.bazel +++ b/cpp/BUILD.bazel @@ -1,12 +1,17 @@ -package(default_visibility = ["//visibility:public"]) - load("@rules_pkg//:mappings.bzl", "pkg_filegroup") +package(default_visibility = ["//visibility:public"]) + alias( name = "dbscheme", actual = "//cpp/ql/lib:dbscheme", ) +alias( + name = "dbscheme-stats", + actual = "//cpp/ql/lib:dbscheme-stats", +) + pkg_filegroup( name = "db-files", srcs = [ diff --git a/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/builtintypes.ql b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/builtintypes.ql new file mode 100644 index 00000000000..ee8aa6d7133 --- /dev/null +++ b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/builtintypes.ql @@ -0,0 +1,19 @@ +class BuiltinType extends @builtintype { + string toString() { none() } +} + +from BuiltinType type, string name, int kind, int kind_new, int size, int sign, int alignment +where + builtintypes(type, name, kind, size, sign, alignment) and + if + type instanceof @fp16 or + type instanceof @std_bfloat16 or + type instanceof @std_float16 or + type instanceof @complex_std_float32 or + type instanceof @complex_float32x or + type instanceof @complex_std_float64 or + type instanceof @complex_float64x or + type instanceof @complex_std_float128 + then kind_new = 2 + else kind_new = kind +select type, name, kind_new, size, sign, alignment diff --git a/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/old.dbscheme b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/old.dbscheme new file mode 100644 index 00000000000..5b388693c66 --- /dev/null +++ b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/old.dbscheme @@ -0,0 +1,2221 @@ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/** + * Information about packages that provide code used during compilation. + * The `id` is just a unique identifier. + * The `namespace` is typically the name of the package manager that + * provided the package (e.g. "dpkg" or "yum"). + * The `package_name` is the name of the package, and `version` is its + * version (as a string). + */ +external_packages( + unique int id: @external_package, + string namespace : string ref, + string package_name : string ref, + string version : string ref +); + +/** + * Holds if File `fileid` was provided by package `package`. + */ +header_to_external_package( + int fileid : @file ref, + int package : @external_package ref +); + +/* + * Version history + */ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/* + * C++ dbscheme + */ + +@location = @location_stmt | @location_expr | @location_default ; + +/** + * The location of an element that is not an expression or a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + /** The location of an element that is not an expression or a statement. */ + unique int id: @location_default, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_stmt( + /** The location of a statement. */ + unique int id: @location_stmt, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of an expression. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_expr( + /** The location of an expression. */ + unique int id: @location_expr, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +/* +case @function.kind of + 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk +; +*/ + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref, + int handle: @variable ref, + int promise: @variable ref +); + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @functionorblock ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +| 40 = @decimal32 // _Decimal32 +| 41 = @decimal64 // _Decimal64 +| 42 = @decimal128 // _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator. For example: + * ``` + * int a; + * decltype(1+a) b; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * would change the semantics of this decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +/* +case @usertype.kind of + 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +| 5 = @typedef // classic C: typedef typedef type name +| 6 = @template +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +| 14 = @using_alias // a using name = type style typedef +; +*/ + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +is_proxy_class_for( + unique int id: @usertype ref, + unique int templ_param_id: @usertype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +/* + Fixed point types + precision(1) = short, precision(2) = default, precision(3) = long + is_unsigned(1) = unsigned is_unsigned(2) = signed + is_fract_type(1) = declared with _Fract + saturating(1) = declared with _Sat +*/ +/* TODO +fixedpointtypes( + unique int id: @fixedpointtype, + int precision: int ref, + int is_unsigned: int ref, + int is_fract_type: int ref, + int saturating: int ref); +*/ + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + /* TODO | @fixedpointtype */ + | @routinetype + | @ptrtomember + | @decltype; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 3 = size_and_alignment + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_expr ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_expr ref +); + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + ; + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@runtime_sizeof_or_alignof = @runtime_sizeof | @runtime_alignof; + +sizeof_bind( + unique int expr: @runtime_sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_stmt ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +for_initialization( + unique int for_stmt: @stmt_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@functionorblock = @function | @stmt_block; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @functionorblock ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +link_targets( + unique int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/* XML Files */ + +xmlEncoding(unique int id: @file ref, string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters + | @xmlelement + | @xmlcomment + | @xmlattribute + | @xmldtd + | @file + | @xmlnamespace; diff --git a/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/semmlecode.cpp.dbscheme b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/semmlecode.cpp.dbscheme new file mode 100644 index 00000000000..dbe9c8eb5fc --- /dev/null +++ b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/semmlecode.cpp.dbscheme @@ -0,0 +1,2213 @@ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/** + * Information about packages that provide code used during compilation. + * The `id` is just a unique identifier. + * The `namespace` is typically the name of the package manager that + * provided the package (e.g. "dpkg" or "yum"). + * The `package_name` is the name of the package, and `version` is its + * version (as a string). + */ +external_packages( + unique int id: @external_package, + string namespace : string ref, + string package_name : string ref, + string version : string ref +); + +/** + * Holds if File `fileid` was provided by package `package`. + */ +header_to_external_package( + int fileid : @file ref, + int package : @external_package ref +); + +/* + * Version history + */ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/* + * C++ dbscheme + */ + +@location = @location_stmt | @location_expr | @location_default ; + +/** + * The location of an element that is not an expression or a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + /** The location of an element that is not an expression or a statement. */ + unique int id: @location_default, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_stmt( + /** The location of a statement. */ + unique int id: @location_stmt, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of an expression. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_expr( + /** The location of an expression. */ + unique int id: @location_expr, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +/* +case @function.kind of + 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk +; +*/ + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref, + int handle: @variable ref, + int promise: @variable ref +); + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @functionorblock ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +| 40 = @decimal32 // _Decimal32 +| 41 = @decimal64 // _Decimal64 +| 42 = @decimal128 // _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator. For example: + * ``` + * int a; + * decltype(1+a) b; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * would change the semantics of this decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +/* +case @usertype.kind of + 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +| 5 = @typedef // classic C: typedef typedef type name +| 6 = @template +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +| 14 = @using_alias // a using name = type style typedef +; +*/ + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +is_proxy_class_for( + unique int id: @usertype ref, + unique int templ_param_id: @usertype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +/* + Fixed point types + precision(1) = short, precision(2) = default, precision(3) = long + is_unsigned(1) = unsigned is_unsigned(2) = signed + is_fract_type(1) = declared with _Fract + saturating(1) = declared with _Sat +*/ +/* TODO +fixedpointtypes( + unique int id: @fixedpointtype, + int precision: int ref, + int is_unsigned: int ref, + int is_fract_type: int ref, + int saturating: int ref); +*/ + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + /* TODO | @fixedpointtype */ + | @routinetype + | @ptrtomember + | @decltype; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 3 = size_and_alignment + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_expr ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_expr ref +); + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + ; + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@runtime_sizeof_or_alignof = @runtime_sizeof | @runtime_alignof; + +sizeof_bind( + unique int expr: @runtime_sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_stmt ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +for_initialization( + unique int for_stmt: @stmt_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@functionorblock = @function | @stmt_block; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @functionorblock ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +link_targets( + unique int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/* XML Files */ + +xmlEncoding(unique int id: @file ref, string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters + | @xmlelement + | @xmlcomment + | @xmlattribute + | @xmldtd + | @file + | @xmlnamespace; diff --git a/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/upgrade.properties b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/upgrade.properties new file mode 100644 index 00000000000..bc44e185ff9 --- /dev/null +++ b/cpp/downgrades/5b388693c66db1e7dc2e76a90aa67a2b6eb74f0f/upgrade.properties @@ -0,0 +1,3 @@ +description: Introduce new floating-point types from C23 and C++23 +compatibility: backwards +builtintypes.rel: run builtintypes.qlo diff --git a/cpp/ql/lib/BUILD.bazel b/cpp/ql/lib/BUILD.bazel index 60f56a3ef7a..4d8cbd19563 100644 --- a/cpp/ql/lib/BUILD.bazel +++ b/cpp/ql/lib/BUILD.bazel @@ -1,7 +1,7 @@ -package(default_visibility = ["//cpp:__pkg__"]) - load("@rules_pkg//:mappings.bzl", "pkg_files") +package(default_visibility = ["//cpp:__pkg__"]) + pkg_files( name = "dbscheme", srcs = ["semmlecode.cpp.dbscheme"], diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 2bdc935dfac..5dec13e72b5 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,39 @@ +## 0.10.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. + +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. + +## 0.9.3 + +No user-facing changes. + +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. + ## 0.9.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 4baf9b770d6..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md b/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md deleted file mode 100644 index f3f3a59e8f0..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-delete-or-delete-array.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md b/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md deleted file mode 100644 index b9bb1fada5b..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-25-getAllocatorCall-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md b/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md deleted file mode 100644 index 2b8817c8d2b..00000000000 --- a/cpp/ql/lib/change-notes/2023-08-29-delete-ir.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md b/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md new file mode 100644 index 00000000000..9c30d6eddd8 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for new floating-point types in C23 and C++23. diff --git a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md b/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md deleted file mode 100644 index 11c3b736682..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md b/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md deleted file mode 100644 index 8f1b8e9be88..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Treat functions that reach the end of the function as returning in the IR. - They used to be treated as unreachable but it is allowed in C. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md b/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md deleted file mode 100644 index 6b2fff3d176..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as - non-returning in the IR and dataflow. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md b/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md new file mode 100644 index 00000000000..f87fba1f172 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Added a new class `AdditionalCallTarget` for specifying additional call targets. diff --git a/cpp/ql/lib/change-notes/released/0.10.0.md b/cpp/ql/lib/change-notes/released/0.10.0.md new file mode 100644 index 00000000000..9c4b95e37e0 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.10.0.md @@ -0,0 +1,9 @@ +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/change-notes/released/0.10.1.md b/cpp/ql/lib/change-notes/released/0.10.1.md new file mode 100644 index 00000000000..05d13789228 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.10.1.md @@ -0,0 +1,6 @@ +## 0.10.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/cpp/ql/lib/change-notes/released/0.9.2.md b/cpp/ql/lib/change-notes/released/0.9.2.md new file mode 100644 index 00000000000..93b36c8e40a --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.9.2.md @@ -0,0 +1,14 @@ +## 0.9.2 + +### Deprecated APIs + +* `getAllocatorCall` on `DeleteExpr` and `DeleteArrayExpr` has been deprecated. `getDeallocatorCall` should be used instead. + +### New Features + +* Added `DeleteOrDeleteArrayExpr` as a super type of `DeleteExpr` and `DeleteArrayExpr` + +### Minor Analysis Improvements + +* `delete` and `delete[]` are now modeled as calls to the relevant `operator delete` in the IR. In the case of a dynamic delete call a new instruction `VirtualDeleteFunctionAddress` is used to represent a function that dispatches to the correct delete implementation. +* Only the 2 level indirection of `argv` (corresponding to `**argv`) is consided for `FlowSource`. diff --git a/cpp/ql/lib/change-notes/released/0.9.3.md b/cpp/ql/lib/change-notes/released/0.9.3.md new file mode 100644 index 00000000000..1c859ebb6b3 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.9.3.md @@ -0,0 +1,3 @@ +## 0.9.3 + +No user-facing changes. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 6789dcd18b7..af7510b3cd6 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.10.1 diff --git a/cpp/ql/lib/experimental/cryptography/Concepts.qll b/cpp/ql/lib/experimental/cryptography/Concepts.qll new file mode 100644 index 00000000000..de29125614a --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/Concepts.qll @@ -0,0 +1,3 @@ +import experimental.cryptography.CryptoArtifact +import experimental.cryptography.CryptoAlgorithmNames +import experimental.cryptography.modules.OpenSSL as OpenSSL diff --git a/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll b/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll new file mode 100644 index 00000000000..5f29320ff14 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll @@ -0,0 +1,239 @@ +/** + * Names of known cryptographic algorithms. + * The names are standardized into upper-case, no spaces, dashes or underscores. + */ + +/** + * Returns a string to represent generally unknown algorithms. + * Predicate is to be used to get a consistent string representation + * for unknown algorithms. + */ +string unknownAlgorithm() { result = "UNKNOWN" } + +string getHashType() { result = "HASH" } + +string getSymmetricEncryptionType() { result = "SYMMETRIC_ENCRYPTION" } + +string getAsymmetricEncryptionType() { result = "ASYMMETRIC_ENCRYPTION" } + +string getKeyDerivationType() { result = "KEY_DERIVATION" } + +string getCipherBlockModeType() { result = "BLOCK_MODE" } + +string getSymmetricPaddingType() { result = "SYMMETRIC_PADDING" } + +string getAsymmetricPaddingType() { result = "ASYMMETRIC_PADDING" } + +string getEllipticCurveType() { result = "ELLIPTIC_CURVE" } + +string getSignatureType() { result = "SIGNATURE" } + +string getKeyExchangeType() { result = "KEY_EXCHANGE" } + +string getAsymmetricType() { + result in [ + getAsymmetricEncryptionType(), getSignatureType(), getKeyExchangeType(), + getEllipticCurveType() + ] +} + +predicate isKnownType(string algType) { + algType in [ + getHashType(), getSymmetricEncryptionType(), getAsymmetricEncryptionType(), + getKeyDerivationType(), getCipherBlockModeType(), getSymmetricPaddingType(), + getAsymmetricPaddingType(), getEllipticCurveType(), getSignatureType(), getKeyExchangeType() + ] +} + +predicate isKnownAlgorithm(string name) { isKnownAlgorithm(name, _) } + +predicate isKnownAlgorithm(string name, string algType) { + isHashingAlgorithm(name) and algType = "HASH" + or + isEncryptionAlgorithm(name, algType) and + algType in ["SYMMETRIC_ENCRYPTION", "ASYMMETRIC_ENCRYPTION"] + or + isKeyDerivationAlgorithm(name) and algType = "KEY_DERIVATION" + or + isCipherBlockModeAlgorithm(name) and algType = "BLOCK_MODE" + or + isPaddingAlgorithm(name, algType) and algType in ["SYMMETRIC_PADDING", "ASYMMETRIC_PADDING"] + or + isEllipticCurveAlgorithm(name) and algType = "ELLIPTIC_CURVE" + or + isSignatureAlgorithm(name) and algType = "SIGNATURE" + or + isKeyExchangeAlgorithm(name) and algType = "KEY_EXCHANGE" +} + +/** + * Holds if `name` is a known hashing algorithm in the model/library. + */ +predicate isHashingAlgorithm(string name) { + name = + [ + "BLAKE2", "BLAKE2B", "BLAKE2S", "SHA2", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512224", + "SHA512256", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512", "SHAKE128", "SHAKE256", + "SM3", "WHIRLPOOL", "POLY1305", "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", + "RIPEMD128", "RIPEMD256", "RIPEMD160", "RIPEMD320", "SHA0", "SHA1", "SHA", "MGF1", "MGF1SHA1", + "MDC2", "SIPHASH" + ] +} + +predicate isEncryptionAlgorithm(string name, string algType) { + isAsymmetricEncryptionAlgorithm(name) and algType = "ASYMMETRIC_ENCRYPTION" + or + isSymmetricEncryptionAlgorithm(name) and algType = "SYMMETRIC_ENCRYPTION" +} + +predicate isEncryptionAlgorithm(string name) { isEncryptionAlgorithm(name, _) } + +/** + * Holds if `name` corresponds to a known symmetric encryption algorithm. + */ +predicate isSymmetricEncryptionAlgorithm(string name) { + // NOTE: AES is meant to caputure all possible key lengths + name = + [ + "AES", "AES128", "AES192", "AES256", "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", + "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", "CHACHA", "CHACHA20", + "CHACHA20POLY1305", "GOST", "GOSTR34102001", "GOSTR341094", "GOSTR341194", "GOST2814789", + "GOSTR341194", "GOST2814789", "GOST28147", "GOSTR341094", "GOST89", "GOST94", "GOST34102012", + "GOST34112012", "IDEA", "RABBIT", "SEED", "SM4", "DES", "DESX", "3DES", "TDES", "2DES", + "DES3", "TRIPLEDES", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR", "ARC5", + "RC5", "MAGMA", "KUZNYECHIK" + ] +} + +/** + * Holds if `name` corresponds to a known key derivation algorithm. + */ +predicate isKeyDerivationAlgorithm(string name) { + name = + [ + "ARGON2", "CONCATKDF", "CONCATKDFHASH", "CONCATKDFHMAC", "KBKDFCMAC", "BCRYPT", "HKDF", + "HKDFEXPAND", "KBKDF", "KBKDFHMAC", "PBKDF1", "PBKDF2", "PBKDF2HMAC", "PKCS5", "SCRYPT", + "X963KDF", "EVPKDF" + ] +} + +/** + * Holds if `name` corresponds to a known cipher block mode + */ +predicate isCipherBlockModeAlgorithm(string name) { + name = ["CBC", "GCM", "CCM", "CFB", "OFB", "CFB8", "CTR", "OPENPGP", "XTS", "EAX", "SIV", "ECB"] +} + +/** + * Holds if `name` corresponds to a known padding algorithm + */ +predicate isPaddingAlgorithm(string name, string algType) { + isSymmetricPaddingAlgorithm(name) and algType = "SYMMETRIC_PADDING" + or + isAsymmetricPaddingAlgorithm(name) and algType = "ASYMMETRIC_PADDING" +} + +/** + * holds if `name` corresponds to a known symmetric padding algorithm + */ +predicate isSymmetricPaddingAlgorithm(string name) { name = ["PKCS7", "ANSIX923"] } + +/** + * Holds if `name` corresponds to a known asymmetric padding algorithm + */ +predicate isAsymmetricPaddingAlgorithm(string name) { name = ["OAEP", "PKCS1V15", "PSS", "KEM"] } + +predicate isBrainpoolCurve(string curveName, int keySize) { + // ALL BRAINPOOL CURVES + keySize in [160, 192, 224, 256, 320, 384, 512] and + ( + curveName = "BRAINPOOLP" + keySize.toString() + "R1" + or + curveName = "BRAINPOOLP" + keySize.toString() + "T1" + ) +} + +predicate isSecCurve(string curveName, int keySize) { + // ALL SEC CURVES + keySize in [112, 113, 128, 131, 160, 163, 192, 193, 224, 233, 239, 256, 283, 384, 409, 521, 571] and + exists(string suff | suff in ["R1", "R2", "K1"] | + curveName = "SECT" + keySize.toString() + suff or + curveName = "SECP" + keySize.toString() + suff + ) +} + +predicate isC2Curve(string curveName, int keySize) { + // ALL C2 CURVES + keySize in [163, 176, 191, 208, 239, 272, 304, 359, 368, 431] and + exists(string pre, string suff | + pre in ["PNB", "ONB", "TNB"] and suff in ["V1", "V2", "V3", "V4", "V5", "W1", "R1"] + | + curveName = "C2" + pre + keySize.toString() + suff + ) +} + +predicate isPrimeCurve(string curveName, int keySize) { + // ALL PRIME CURVES + keySize in [192, 239, 256] and + exists(string suff | suff in ["V1", "V2", "V3"] | curveName = "PRIME" + keySize.toString() + suff) +} + +predicate isEllipticCurveAlgorithm(string curveName) { isEllipticCurveAlgorithm(curveName, _) } + +/** + * Holds if `name` corresponds to a known elliptic curve. + */ +predicate isEllipticCurveAlgorithm(string curveName, int keySize) { + isSecCurve(curveName, keySize) + or + isBrainpoolCurve(curveName, keySize) + or + isC2Curve(curveName, keySize) + or + isPrimeCurve(curveName, keySize) + or + curveName = "ES256" and keySize = 256 + or + curveName = "CURVE25519" and keySize = 255 + or + curveName = "X25519" and keySize = 255 + or + curveName = "ED25519" and keySize = 255 + or + curveName = "CURVE448" and keySize = 448 // TODO: need to check the key size + or + curveName = "ED448" and keySize = 448 + or + curveName = "X448" and keySize = 448 + or + curveName = "NUMSP256T1" and keySize = 256 + or + curveName = "NUMSP384T1" and keySize = 384 + or + curveName = "NUMSP512T1" and keySize = 512 + or + curveName = "SM2" and keySize in [256, 512] +} + +/** + * Holds if `name` corresponds to a known signature algorithm. + */ +predicate isSignatureAlgorithm(string name) { + name = + [ + "DSA", "ECDSA", "EDDSA", "ES256", "ES256K", "ES384", "ES512", "ED25519", "ED448", "ECDSA256", + "ECDSA384", "ECDSA512" + ] +} + +/** + * Holds if `name` is a key exchange algorithm. + */ +predicate isKeyExchangeAlgorithm(string name) { + name = ["ECDH", "DH", "DIFFIEHELLMAN", "X25519", "X448"] +} + +/** + * Holds if `name` corresponds to a known asymmetric encryption. + */ +predicate isAsymmetricEncryptionAlgorithm(string name) { name = ["RSA"] } diff --git a/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll b/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll new file mode 100644 index 00000000000..0bb22d688ed --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll @@ -0,0 +1,316 @@ +import cpp +private import experimental.cryptography.CryptoAlgorithmNames +import semmle.code.cpp.ir.dataflow.TaintTracking + +/* + * A cryptographic artifact is a DataFlow::Node associated with some + * operation, algorithm, or any other aspect of cryptography. + */ + +abstract class CryptographicArtifact extends Expr { } + +// /** +// * Associates a symmetric encryption algorithm with a block mode. +// * The DataFlow::Node representing this association should be the +// * point where the algorithm and block mode are combined. +// * This may be at the call to encryption or in the construction +// * of an object prior to encryption. +// */ +// abstract class SymmetricCipher extends CryptographicArtifact{ +// abstract SymmetricEncryptionAlgorithm getEncryptionAlgorithm(); +// abstract BlockMode getBlockMode(); +// final predicate hasBlockMode(){ +// exists(this.getBlockMode()) +// } +// } +// /** +// * A cryptographic operation is a method call that invokes a cryptographic +// * algorithm (encrypt/decrypt) or a function in support of a cryptographic algorithm +// * (key generation). +// * +// * Since operations are related to or in support of algorithms, operations must +// * provide a reference to their associated algorithm. Often operataions themselves +// * encapsulate algorithms, so operations can also extend CryptographicAlgorithm +// * and refer to themselves as the target algorithm. +// */ +// abstract class CryptographicOperation extends CryptographicArtifact, Call{ +// // bindingset[paramName, ind] +// // final DataFlow::Node getParameterSource(int ind, string paramName){ +// // result = Utils::getUltimateSrcFromApiNode(this.(API::CallNode).getParameter(ind, paramName)) +// // } +// final string getAlgorithmName(){ +// if exists(this.getAlgorithm().getName()) +// then result = this.getAlgorithm().getName() +// else result = unknownAlgorithm() +// } +// final predicate hasAlgorithm(){ +// exists(this.getAlgorithm()) +// } +// final predicate isUnknownAlgorithm(){ +// this.getAlgorithmName() = unknownAlgorithm() +// or +// not this.hasAlgorithm() +// } +// // TODO: this might have to be parameterized by a configuration source for +// // situations where an operation is passed an algorithm +// abstract CryptographicAlgorithm getAlgorithm(); +// } +// /** A key generation operation for asymmetric keys */ +// abstract class KeyGen extends CryptographicOperation{ +// int getAKeySizeInBits(){ +// result = getKeySizeInBits(_) +// } +// final predicate hasKeySize(Expr configSrc){ +// exists(this.getKeySizeInBits(configSrc)) +// } +// final predicate hasKeySize(){ +// exists(this.getAKeySizeInBits()) +// } +// abstract Expr getKeyConfigSrc(); +// abstract int getKeySizeInBits(Expr configSrc); +// } +abstract class CryptographicOperation extends CryptographicArtifact, Call { } + +abstract class KeyGeneration extends CryptographicOperation { + // TODO: what if the algorithm is UNKNOWN? + abstract Expr getKeyConfigurationSource(CryptographicAlgorithm alg); + + abstract CryptographicAlgorithm getAlgorithm(); + + int getKeySizeInBits(CryptographicAlgorithm alg) { + result = this.getKeyConfigurationSource(alg).(Literal).getValue().toInt() + } + + predicate hasConstantKeySize(CryptographicAlgorithm alg) { exists(this.getKeySizeInBits(alg)) } + + predicate hasKeyConfigurationSource(CryptographicAlgorithm alg) { + exists(this.getKeyConfigurationSource(alg)) + } + + Expr getAKeyConfigurationSource() { result = this.getKeyConfigurationSource(_) } +} + +abstract class AsymmetricKeyGeneration extends KeyGeneration { } + +abstract class SymmetricKeyGeneration extends KeyGeneration { } + +/** + * A cryptographic algorithm is a `CryptographicArtifact` + * representing a cryptographic algorithm (see `CryptoAlgorithmNames.qll`). + * Cryptographic algorithms can be functions referencing common crypto algorithms (e.g., hashlib.md5) + * or strings that are used in cryptographic operation configurations (e.g., hashlib.new("md5")). + * Cryptogrpahic algorithms may also be operations that wrap or abstract one or + * more algorithms (e.g., cyrptography.fernet.Fernet and AES, CBC and PKCS7). + * + * In principle, this class should model the location where an algorithm enters the program, not + * necessarily where it is used. + */ +abstract class CryptographicAlgorithm extends CryptographicArtifact { + abstract string getName(); + + abstract string getAlgType(); + + // string getAlgType(){ + // if this instanceof HashAlgorithm then result = getHashType() + // else if this instanceof KeyDerivationAlgorithm then result = getKeyDerivationType() + // else if this instanceof SymmetricEncryptionAlgorithm then result = getSymmetricEncryptionType() + // else if this instanceof AsymmetricEncryptionAlgorithm then result = getAsymmetricEncryptionType() + // else if this instanceof SymmetricEncryptionAlgorithm then result = getSymmetricPaddingType() + // else if this instanceof AsymmetricEncryptionAlgorithm then result = getAsymmetricPaddingType() + // else if this instanceof EllipticCurveAlgorithm then result = getEllipticCurveType() + // else if this instanceof BlockMode then result = getCipherBlockModeType() + // else if this instanceof KeyExchangeAlgorithm then result = getKeyExchangeType() + // else if this instanceof SigningAlgorithm then result = getSignatureType() + // else result = unknownAlgorithm() + // } + // TODO: handle case where name isn't known, not just unknown? + /** + * Normalizes a raw name into a normalized name as found in `CryptoAlgorithmNames.qll`. + * Subclassess should override for more api-specific normalization. + * By deafult, converts a raw name to upper-case with no hyphen, underscore, hash, or space. + */ + bindingset[s] + string normalizeName(string s) { + exists(string normStr | normStr = s.toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + result = normStr and isKnownAlgorithm(result) + or + result = unknownAlgorithm() and not isKnownAlgorithm(normStr) + ) + } + + abstract Expr configurationSink(); + + predicate hasConfigurationSink() { exists(this.configurationSink()) } +} + +abstract class HashAlgorithm extends CryptographicAlgorithm { + final string getHashName() { + if exists(string n | n = this.getName() and isHashingAlgorithm(n)) + then isHashingAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getHashType() } +} + +abstract class KeyDerivationAlgorithm extends CryptographicAlgorithm { + final string getKDFName() { + if exists(string n | n = this.getName() and isKeyDerivationAlgorithm(n)) + then isKeyDerivationAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getKeyDerivationType() } +} + +// abstract class KeyDerivationOperation extends CryptographicOperation{ +// DataFlow::Node getIterationSizeSrc(){ +// none() +// } +// DataFlow::Node getSaltConfigSrc(){ +// none() +// } +// DataFlow::Node getHashConfigSrc(){ +// none() +// } +// // TODO: get encryption algorithm for CBC-based KDF? +// DataFlow::Node getDerivedKeySizeSrc(){ +// none() +// } +// DataFlow::Node getModeSrc(){ +// none() +// } +// // TODO: add more to cover all the parameters of most KDF operations? Perhaps subclass for each type? +// abstract predicate requiresIteration(); +// abstract predicate requiresSalt(); +// abstract predicate requiresHash(); +// //abstract predicate requiresKeySize(); // Going to assume all requires a size +// abstract predicate requiresMode(); +// } +abstract class EncryptionAlgorithm extends CryptographicAlgorithm { + final predicate isAsymmetric() { this instanceof AsymmetricEncryptionAlgorithm } + + final predicate isSymmetric() { not this.isAsymmetric() } + // NOTE: DO_NOT add getEncryptionName here, we rely on the fact the parent + // class does not have this common predicate. +} + +/** + * A parent class to represent any algorithm for which + * asymmetric cryptography is involved. + * Intended to be distinct from AsymmetricEncryptionAlgorithm + * which is intended only for asymmetric algorithms that specifically encrypt. + */ +abstract class AsymmetricAlgorithm extends CryptographicAlgorithm { } + +/** + * Algorithms directly or indirectly related to asymmetric encryption, + * e.g., RSA, DSA, but also RSA padding algorithms + */ +abstract class AsymmetricEncryptionAlgorithm extends AsymmetricAlgorithm, EncryptionAlgorithm { + final string getEncryptionName() { + if exists(string n | n = this.getName() and isAsymmetricEncryptionAlgorithm(n)) + then isAsymmetricEncryptionAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getAsymmetricEncryptionType() } +} + +/** + * Algorithms directly or indirectly related to symmetric encryption, + * e.g., AES, DES, but also block modes and padding + */ +abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm { + final string getEncryptionName() { + if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + // TODO: add a stream cipher predicate? + override string getAlgType() { result = getSymmetricEncryptionType() } +} + +// Used only to categorize all padding into a single object, +// DO_NOT add predicates here. Only for categorization purposes. +abstract class PaddingAlgorithm extends CryptographicAlgorithm { } + +abstract class SymmetricPadding extends PaddingAlgorithm { + final string getPaddingName() { + if exists(string n | n = this.getName() and isSymmetricPaddingAlgorithm(n)) + then isSymmetricPaddingAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getSymmetricPaddingType() } +} + +abstract class AsymmetricPadding extends PaddingAlgorithm { + final string getPaddingName() { + if exists(string n | n = this.getName() and isAsymmetricPaddingAlgorithm(n)) + then isAsymmetricPaddingAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getAsymmetricPaddingType() } +} + +abstract class EllipticCurveAlgorithm extends AsymmetricAlgorithm { + final string getCurveName() { + if exists(string n | n = this.getName() and isEllipticCurveAlgorithm(n)) + then isEllipticCurveAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + final int getCurveBitSize() { isEllipticCurveAlgorithm(this.getCurveName(), result) } + + override string getAlgType() { result = getEllipticCurveType() } +} + +abstract class BlockModeAlgorithm extends CryptographicAlgorithm { + final string getBlockModeName() { + if exists(string n | n = this.getName() and isCipherBlockModeAlgorithm(n)) + then isCipherBlockModeAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + /** + * Gets the source of the IV configuration. + */ + abstract Expr getIVorNonce(); + + final predicate hasIVorNonce() { exists(this.getIVorNonce()) } + + override string getAlgType() { result = getCipherBlockModeType() } +} + +// abstract class KeyWrapOperation extends CryptographicOperation{ +// } +abstract class AuthenticatedEncryptionAlgorithm extends SymmetricEncryptionAlgorithm { + final string getAuthticatedEncryptionName() { + if exists(string n | n = this.getName() and isSymmetricEncryptionAlgorithm(n)) + then isSymmetricEncryptionAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } +} + +abstract class KeyExchangeAlgorithm extends AsymmetricAlgorithm { + final string getKeyExchangeName() { + if exists(string n | n = this.getName() and isKeyExchangeAlgorithm(n)) + then isKeyExchangeAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getKeyExchangeType() } +} + +abstract class SigningAlgorithm extends AsymmetricAlgorithm { + final string getSigningName() { + if exists(string n | n = this.getName() and isSignatureAlgorithm(n)) + then isSignatureAlgorithm(result) and result = this.getName() + else result = unknownAlgorithm() + } + + override string getAlgType() { result = getSignatureType() } +} diff --git a/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll b/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll new file mode 100644 index 00000000000..c98967ed635 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll @@ -0,0 +1,718 @@ +import cpp +import experimental.cryptography.CryptoAlgorithmNames +import experimental.cryptography.CryptoArtifact +import experimental.cryptography.utils.OpenSSL.CryptoFunction +import experimental.cryptography.utils.OpenSSL.AlgorithmSink +import experimental.cryptography.utils.OpenSSL.PassthroughFunction +import experimental.cryptography.utils.OpenSSL.CryptoAlgorithm +import experimental.cryptography.CryptoArtifact +// import semmle.code.cpp.ir.dataflow.TaintTracking +import semmle.code.cpp.ir.dataflow.DataFlow + +/** + * Problematic case in OpenSSL speed.c + * static const char *names[ALGOR_NUM] = { + * "md2", "mdc2", "md4", "md5", "sha1", "rmd160", + * "sha256", "sha512", "whirlpool", "hmac(md5)", + * "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc", + * "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc", + * "aes-128-cbc", "aes-192-cbc", "aes-256-cbc", + * "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc", + * "evp", "ghash", "rand", "cmac" + * }; + * + * Every entry is considered a block mode, hash, and symmetric encryption algorithm + * getEncryptionName for example, will return unknown + */ +predicate nodeToExpr(DataFlow::Node node, Expr e) { + e = node.asExpr() or e = node.asIndirectArgument() +} + +Expr getExprFromNode(DataFlow::Node node) { nodeToExpr(node, result) } + +DataFlow::Node getNodeFromExpr(Expr e) { nodeToExpr(result, e) } + +predicate isEVP_PKEY_CTX(Type t) { t.getUnderlyingType().stripType().getName() = "evp_pkey_ctx_st" } + +/** + * An expression representing an EVP_PKEY_CTX* at the location of a + * known AlgorithmSinkArgument. + * The EVP_PKEY_CTX* represents the location where the CTX is tied to the algorithm, + * and can be used as a source for tracing EVP_PKEY_CTX to other operations. + */ +class Known_EVP_PKEY_CTX_Ptr_Source extends Expr { + Known_EVP_PKEY_CTX_Ptr_Source() { + isEVP_PKEY_CTX(this.getUnderlyingType()) and + this.getUnderlyingType() instanceof PointerType and + exists(AlgorithmSinkArgument arg, Call sinkCall | + arg.getSinkCall() = sinkCall and + sinkCall.getAnArgument() = this + or + this = sinkCall + ) + } +} + +// module CTXFlow implements DataFlow::ConfigSig{ +// predicate isSource(DataFlow::Node source) { +// // ASSUMPTION: at a sink, an algorithm is converted into a CTX through a return of the call only +// // and is the primary source of interest for CTX tracing +// source.asExpr() instanceof AlgorithmSinkArgument +// } +// predicate isSink(DataFlow::Node sink){ +// sink.asExpr() instanceof CTXSink +// } +// predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { +// // cls.getName() = "asn1_object_st" flow out on any EVP_PKEY_CTX which is "evp_pkey_ctx_st" +// exists(Call c | +// isEVP_PKEY_CTX(c.getUnderlyingType()) and +// node1.asExpr() = c.getAnArgument() and c = node2.asExpr()) +// } +// } +// module CTXFlowConfig = DataFlow::Global; +// TODO: currently only handles tracing from literals to sinks +module LiteralAlgorithmTracerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source.asExpr() instanceof Literal and + // Optimization to reduce literal tracing on integers to only those that are known/relevant NIDs. + ( + exists(source.asExpr().getValue().toInt()) + implies + source.asExpr().getValue().toInt() < getNIDMax() + ) and + // False positives observed inside OBJ_nid2* and OBJ_sn2* functions where NULL is a possible assignment. + // While this is a concern, it only occurs if the object being referenced is NULL to begin with + // Perhaps a different query should be used to find these caes if they represent a threat. + // Filter out any open ssl function source in a function namae Obj_* + // False positives in OpenSSL also observed for CRYPTO_strndup (filtering any CRYPTO_* function) + // due to setting a null byte in the string + ( + isPossibleOpenSSLFunction(source.getEnclosingCallable()) + implies + ( + not source.getEnclosingCallable().getName().matches("OBJ_%") and + not source.getEnclosingCallable().getName().matches("CRYPTO_%") + ) + ) + } + + predicate isSink(DataFlow::Node sink) { + // A sink is a call to a function that takes an algorithm as an argument + // must include checks for asIndirectArgument since the input may be a pointer to an object + // and the member of the object holds the algorithm on the trace. + getExprFromNode(sink) instanceof AlgorithmSinkArgument + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + knownPassThroughStep(node1, node2) + } + + predicate isBarrier(DataFlow::Node node) { + // If the node is the 'next' argument of a isCallPassThrough, it is only allowed if it is an out parameter + // i.e., a defining argument. This barrier says that if the node is an expression not an out parameter, it is filtered. + // Out arguments will not be filtered. + exists(Call c | knownPassthoughCall(c, _, node.asExpr()) and c.getAnArgument() = node.asExpr()) + or + // False positive reducer, don't flow out through argv + node.asVariable().hasName("argv") + or + node.asIndirectVariable().hasName("argv") + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { + // Assume a read on crypto identifying field for any object of type asn1_object_st (i.e., ASN1_OBJECT) + exists(Class cls | cls.getName() = "asn1_object_st" | + node.getType().getUnspecifiedType().stripType() = cls and + c.(DataFlow::FieldContent).getField() = cls.getAMember() and + c.(DataFlow::FieldContent).getField().getName() in ["nid", "sn", "ln"] + ) + } +} + +module LiteralAlgorithmTracer = DataFlow::Global; + +/** + * `source` is an expression that is a source of an algorithm of type `algType`. + * `algType` may be `UNKONWN`. + * See CryptoAlgorithmNames for other possible values of `algType`. + */ +bindingset[sinkAlgType] +predicate hasLiteralPathToAlgSink(DataFlow::Node source, DataFlow::Node sink, string sinkAlgType) { + LiteralAlgorithmTracer::flow(source, sink) and + getExprFromNode(sink).(AlgorithmSinkArgument).algType() = sinkAlgType +} + +private predicate knownTracedAlgorithm(Literal e, string srcSinkType) { + knownTracedAlgorithm(e, srcSinkType, srcSinkType) +} + +private predicate knownTracedAlgorithm(Literal e, string srcType, string sinkType) { + resolveAlgorithmFromLiteral(e, _, srcType) and + hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) and + isKnownType(sinkType) and + isKnownType(srcType) +} + +private predicate unknownTracedLiteralAlgorithm(Literal e, string srcSinkType) { + // Asymmetric special case: + // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms + // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink + if getAsymmetricType() = srcSinkType + then forall(string t | t = getAsymmetricType() | unknownTracedLiteralAlgorithm(e, t, srcSinkType)) + else unknownTracedLiteralAlgorithm(e, srcSinkType, srcSinkType) +} + +private predicate unknownTracedLiteralAlgorithm(Literal e, string srcType, string sinkType) { + // the literal resolves to an algorithm, but not to the sinktype + // or generally doesn't resolve to any algorithm type + // this case covers 'nonsense' cases e.g., use RSA for symmetric encryption + not resolveAlgorithmFromLiteral(e, _, srcType) and + isValidAlgorithmLiteral(e) and + hasLiteralPathToAlgSink(DataFlow::exprNode(e), _, sinkType) and + isKnownType(sinkType) and + isKnownType(srcType) +} + +private predicate unknownTracedNonLiteralAlgorithm(AlgorithmSinkArgument e, string srcSinkType) { + // Asymmetric special case: + // Since asymmetric algorithm sinks are used for various categories of asymmetric algorithms + // an asymmetric algorithm is only unknown if there is no trace from any asymmetric type to the given srcSinkType sink + if getAsymmetricType() = srcSinkType + then + forall(string t | t = getAsymmetricType() | unknownTracedNonLiteralAlgorithm(e, t, srcSinkType)) + else unknownTracedNonLiteralAlgorithm(e, srcSinkType, srcSinkType) +} + +private predicate unknownTracedNonLiteralAlgorithm( + AlgorithmSinkArgument e, string srcType, string sinkType +) { + not hasLiteralPathToAlgSink(_, getNodeFromExpr(e), srcType) and + LiteralAlgorithmTracerConfig::isSink(getNodeFromExpr(e)) and + e.algType() = sinkType and + isKnownType(srcType) and + isKnownType(sinkType) +} + +private predicate functionAlgorithm(Call c, string algType) { + isOpenSSLCryptoFunctionCall(c, _, algType) +} + +abstract class OpenSSLTracedAlgorithm extends CryptographicAlgorithm { + override string getName() { resolveAlgorithmFromLiteral(this, result, this.getAlgType()) } + + override Expr configurationSink() { + exists(DataFlow::Node sink | + hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) + | + result = getExprFromNode(sink) + ) + } +} + +abstract class OpenSSLFunctionAlgorithm extends CryptographicAlgorithm { + override string getName() { isOpenSSLCryptoFunctionCall(this, result, this.getAlgType()) } + + override Expr configurationSink() { result = this } +} + +abstract class OpenSSLUnknownTracedLiteralAlgorithm extends CryptographicAlgorithm { + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { + exists(DataFlow::Node sink | + hasLiteralPathToAlgSink(DataFlow::exprNode(this), sink, this.getAlgType()) + | + result = getExprFromNode(sink) + ) + } +} + +abstract class OpenSSLUnknownTracedNonLiteralAlgorithm extends CryptographicAlgorithm { + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } +} + +module SymmetricEncryption { + abstract class OpenSSLSymmetricEncryptionAlgorithm extends SymmetricEncryptionAlgorithm { } + + class OpenSSLSymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionTracedAlgorithm() { + knownTracedAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionFunctionAlgorithm() { + functionAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getSymmetricEncryptionType()) + } + } + + class OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLSymmetricEncryptionUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getSymmetricEncryptionType()) + } + } +} + +module BlockModes { + /** + * In OpenSSL, block modes are associated directly with symmetric encryption algorithms. + * As such, OpenSSLBLockModes are modeled as extensions of any openssl symmetric encryption algorithm + */ + class OpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm + { + OpenSSLBlockModeAlgorithm() { + //two cases, either the block mode is a literal or it is a function call + resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") + or + isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") + } + + override string getName() { + resolveAlgorithmFromLiteral(this, result, "BLOCK_MODE") + or + isOpenSSLCryptoFunctionCall(this, result, "BLOCK_MODE") + } + + override Expr configurationSink() { + result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() + } + + override Expr getIVorNonce() { + // TODO + none() + } + } + + class UnknownOpenSSLBlockModeAlgorithm extends BlockModeAlgorithm, Expr instanceof SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm + { + UnknownOpenSSLBlockModeAlgorithm() { + //two cases, either the block mode is a literal or it is a function call + not resolveAlgorithmFromLiteral(this, _, "BLOCK_MODE") and + not isOpenSSLCryptoFunctionCall(this, _, "BLOCK_MODE") + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { + result = this.(SymmetricEncryption::OpenSSLSymmetricEncryptionAlgorithm).configurationSink() + } + + override Expr getIVorNonce() { none() } + } +} + +module Hashes { + abstract class OpenSSLHashAlgorithm extends HashAlgorithm { } + + class OpenSSLHashTracedAlgorithm extends OpenSSLTracedAlgorithm, OpenSSLHashAlgorithm { + OpenSSLHashTracedAlgorithm() { knownTracedAlgorithm(this, getHashType()) } + } + + class OpenSSLHashFunctionAlgorithm extends OpenSSLFunctionAlgorithm, OpenSSLHashAlgorithm { + OpenSSLHashFunctionAlgorithm() { functionAlgorithm(this, getHashType()) } + } + + class OpenSSLHashTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + OpenSSLHashAlgorithm + { + OpenSSLHashTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getHashType()) + } + } + + class OpenSSLHashUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + OpenSSLHashAlgorithm + { + OpenSSLHashUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getHashType()) + } + } + + class OpenSSLNullHash extends HashAlgorithm { + OpenSSLNullHash() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getTarget().getName() in ["EVP_md_null"] + ) + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } + } +} + +module EllipticCurves { + // TODO: need to address EVP_PKEY_Q_keygen where the type is "EC" but the curve is UNKNOWN? + class OpenSSLEllipticCurveTracedAlgorithm extends OpenSSLTracedAlgorithm, EllipticCurveAlgorithm { + OpenSSLEllipticCurveTracedAlgorithm() { knownTracedAlgorithm(this, getEllipticCurveType()) } + } + + class OpenSSLEllipticCurveFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurveFunctionAlgorithm() { functionAlgorithm(this, getEllipticCurveType()) } + } + + class OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurveTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getEllipticCurveType()) + } + } + + class OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + EllipticCurveAlgorithm + { + OpenSSLEllipticCurvehUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getEllipticCurveType()) + } + } + + // https://www.openssl.org/docs/manmaster/man3/EC_KEY_new_ex.html + class OpenSSLNullEllipticCurve extends EllipticCurveAlgorithm { + OpenSSLNullEllipticCurve() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getTarget().getName() in ["EC_KEY_new", "EC_KEY_new_ex"] + ) + } + + override string getName() { result = unknownAlgorithm() } + + override Expr configurationSink() { result = this } + } +} + +module AsymmetricEncryption { + class OpenSSLAsymmetricEncryptionTracedAlgorithm extends OpenSSLTracedAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionTracedAlgorithm() { + knownTracedAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionFunctionAlgorithm extends OpenSSLFunctionAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionFunctionAlgorithm() { + functionAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getAsymmetricEncryptionType()) + } + } + + class OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + AsymmetricEncryptionAlgorithm + { + OpenSSLAsymmetricEncryptionUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getAsymmetricEncryptionType()) + } + } +} + +module SigningAlgorithms { + class OpenSSLSignatureTracedAlgorithm extends OpenSSLTracedAlgorithm, SigningAlgorithm { + OpenSSLSignatureTracedAlgorithm() { knownTracedAlgorithm(this, getSignatureType()) } + } + + class OpenSSLSignatureFunctionAlgorithm extends OpenSSLFunctionAlgorithm, SigningAlgorithm { + OpenSSLSignatureFunctionAlgorithm() { functionAlgorithm(this, getSignatureType()) } + } + + class OpenSSLSignatureTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + SigningAlgorithm + { + OpenSSLSignatureTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getSignatureType()) + } + } + + class OpenSSLSignatureUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + SigningAlgorithm + { + OpenSSLSignatureUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getSignatureType()) + } + } +} + +module KeyExchange { + class OpenSSLKeyExchangeTracedAlgorithm extends OpenSSLTracedAlgorithm, KeyExchangeAlgorithm { + OpenSSLKeyExchangeTracedAlgorithm() { knownTracedAlgorithm(this, getKeyExchangeType()) } + } + + class OpenSSLKeyExchangeFunctionAlgorithm extends OpenSSLFunctionAlgorithm, KeyExchangeAlgorithm { + OpenSSLKeyExchangeFunctionAlgorithm() { functionAlgorithm(this, getKeyExchangeType()) } + } + + class OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm extends OpenSSLUnknownTracedLiteralAlgorithm, + KeyExchangeAlgorithm + { + OpenSSLKeyExchangeTracedUnknownLiteralAlgorithm() { + unknownTracedLiteralAlgorithm(this, getKeyExchangeType()) + } + } + + class OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm extends OpenSSLUnknownTracedNonLiteralAlgorithm, + KeyExchangeAlgorithm + { + OpenSSLKeyExchangeUnknownNonLiteralTracedAlgorithm() { + unknownTracedNonLiteralAlgorithm(this, getKeyExchangeType()) + } + } +} + +module KeyGeneration { + /** + * Functions that explicitly set key generation parameters. + * `sizeInd` is the parameter specifying the size of the key. + * `outInd` is the parameter or return value that the key is written to. + * `outInd` is -1 if the key is written to the return value. + */ + predicate isAsymmetricKeyGenExplicitAlgorithm(Function func, int sizeInd, int outInd) { + isPossibleOpenSSLFunction(func) and + exists(string name | func.hasGlobalName(name) | + name in [ + "EVP_PKEY_CTX_set_dsa_paramgen_bits", "DSA_generate_parameters_ex", + "EVP_PKEY_CTX_set_rsa_keygen_bits", "RSA_generate_key_ex", "RSA_generate_key_fips", + "EVP_PKEY_CTX_set_dh_paramgen_prime_len", "DH_generate_parameters_ex" + ] and + sizeInd = 1 and + outInd = 0 + or + name in ["DSA_generate_parameters", "RSA_generate_key", "DH_generate_parameters"] and + sizeInd = 0 and + outInd = -1 + ) and + exists(Type t | + ( + if sizeInd = -1 + then t = func.getType().getUnderlyingType() + else t = func.getParameter(sizeInd).getUnderlyingType() + ) and + t instanceof IntegralType and + not t instanceof CharType + ) + } + + module AsymExplicitAlgKeyLengthFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + // Optimizations to avoid tracing all integers + node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values + node.asExpr().(Literal).getValue().toInt() < 8500 + } + + predicate isSink(DataFlow::Node node) { + exists(FunctionCall c, int sizeInd | + isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), sizeInd, _) and + c.getArgument(sizeInd) = node.asExpr() + ) + } + } + + module AsymExplicitAlgKeyLengthFlow = DataFlow::Global; + + class OpenSSLAsymmetricKeyGenTiedToAlgorithm extends AsymmetricKeyGeneration { + OpenSSLAsymmetricKeyGenTiedToAlgorithm() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + isAsymmetricKeyGenExplicitAlgorithm(c.getTarget(), _, _) + ) + } + + override CryptographicAlgorithm getAlgorithm() { result = this } + + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { + alg = this and + exists(int sizeInd | + isAsymmetricKeyGenExplicitAlgorithm(this.getTarget(), sizeInd, _) and + AsymExplicitAlgKeyLengthFlow::flow(DataFlow::exprNode(result), + DataFlow::exprNode(this.getArgument(sizeInd))) + ) + } + } + + module Length_to_RSA_EVP_PKEY_Q_keygen_Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + // Optimizations to avoid tracing all integers + node.asExpr().(Literal).getValue().toInt() > 0 and // exclude sentinel values + node.asExpr().(Literal).getValue().toInt() < 5000 + } + + predicate isSink(DataFlow::Node node) { + exists(FunctionCall c | + c.getTarget().getName() = "EVP_PKEY_Q_keygen" and + isPossibleOpenSSLFunction(c.getTarget()) and + c.getArgument(3) = node.asExpr() + ) + } + } + + module Length_to_RSA_EVP_PKEY_Q_keygen_Flow = + DataFlow::Global; + + class OpenSSL_RSA_EVP_PKEY_Q_keygen extends AsymmetricKeyGeneration { + OpenSSL_RSA_EVP_PKEY_Q_keygen() { + exists(Call c | + this = c and + isPossibleOpenSSLFunction(c.getTarget()) and + this.getTarget().getName() = "EVP_PKEY_Q_keygen" and + this.getArgument(3).getUnderlyingType() instanceof IntegralType + ) + } + + override CryptographicAlgorithm getAlgorithm() { + result.configurationSink().(AlgorithmSinkArgument).getSinkCall() = this + } + + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { + alg = this.getAlgorithm() and + Length_to_RSA_EVP_PKEY_Q_keygen_Flow::flow(DataFlow::exprNode(result), + DataFlow::exprNode(this.getArgument(3))) + } + } + + predicate isKeyGenOperationWithNoSize(Function func) { + isPossibleOpenSSLFunction(func) and + exists(string name | func.hasGlobalName(name) | + name in ["EVP_PKEY_keygen", "DSA_generate_key", "DH_generate_key", "EVP_PKEY_generate"] + ) + } + + module KeyGenKeySizeInitToKeyGenConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + exists(Call c, Function func, int outInd | + isAsymmetricKeyGenExplicitAlgorithm(func, _, outInd) and + c.getTarget() = func + | + if outInd = -1 then node.asExpr() = c else node.asExpr() = c.getArgument(outInd) + ) + } + + predicate isSink(DataFlow::Node node) { + exists(Call c | + isKeyGenOperationWithNoSize(c.getTarget()) and c.getAnArgument() = node.asExpr() + ) + } + } + + module KeyGenKeySizeInitToKeyGenFlow = DataFlow::Global; + + predicate isEVP_PKEY_CTX_Source(DataFlow::Node node, CryptographicAlgorithm alg) { + exists(Call c | + alg.configurationSink().(AlgorithmSinkArgument).getSinkCall() = c and + ( + node.asExpr() = c + or + node.asExpr() = c.getAnArgument() + or + node.asDefiningArgument() = c.getAnArgument() + ) + ) and + ( + node.asExpr() instanceof Known_EVP_PKEY_CTX_Ptr_Source + or + node.asDefiningArgument() instanceof Known_EVP_PKEY_CTX_Ptr_Source + ) + } + + predicate isKeyGen_EVP_PKEY_CTX_Sink(DataFlow::Node node, Call c) { + isKeyGenOperationWithNoSize(c.getTarget()) and nodeToExpr(node, c.getAnArgument()) + } + + /** + * Trace from EVP_PKEY_CTX* at algorithm sink to keygen, + * users can then extrapolatae the matching algorithm from the alg sink to the keygen + */ + module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { isEVP_PKEY_CTX_Source(source, _) } + + predicate isSink(DataFlow::Node sink) { isKeyGen_EVP_PKEY_CTX_Sink(sink, _) } + } + + module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow = + DataFlow::Global; + + /** + * UNKNOWN key sizes to general purpose key generation functions (i.e., that take in no key size and assume + * is it set on context prior to the call). No path from a key configuration to these operations + * means the key size is UNKNOWN, or more precisely the key size is DEFAULT but + * the defaults can change with each version of OpenSSL, we simply assume the size is generally UNKNOWN. + * ASSUMPTION/TODO: we currently model all known locations where a key size is set explicitly. + * When a key is set implicitly, this usually means a key generation operation + * is called where the operation takes in no key size, and no flow to this operation + * initializes the context with a key size. + * Currently, without a definitive source (set of sources) to start tracing from, we cannot determine + * determine if a single path exists that initializes the context with a key size and another that doesn't. + * Rather than attempt to model all possible sources, we assume that if no path + * from a key config location reaches a generic key generation operation, then the key size is not set. + * NOTE: while this is true, it is possible a key size is set in one path, but not in another + * meaning this approach (and other similar approaches used in this model for UNKNOWN) + * can produce false negatives. + */ + class OpenSSLDefaultKeyGeneration extends AsymmetricKeyGeneration { + OpenSSLDefaultKeyGeneration() { + // this is a call to a function matching isKeyGenOperationWithNoSize + // and there is no flow from a key configuration source to this call + exists(Call c | + this = c and + isKeyGenOperationWithNoSize(this.getTarget()) and + not exists(DataFlow::Node src, DataFlow::Node sink | + KeyGenKeySizeInitToKeyGenFlow::flow(src, sink) and + nodeToExpr(sink, this.getAnArgument()) + ) + ) + } + + override CryptographicAlgorithm getAlgorithm() { + if this.getTarget().getName() in ["DSA_generate_key", "DH_generate_key"] + then result = this + else + // NOTE/ASSUMPTION: EVP_PKEY_keygen, EVP_PKEY_generate assume only other possibilities, + // each take in a CTX as the first arg, need to trace from an alg sink from this CTX param + // get every alg sink, get the corresponding call, trace out on any CTX type variable + // to the key gen + // NOTE: looking for any cryptographic algorithm tracing to the keygen to handle + // any odd cases we aren't awaare of where keygen can be used for other algorithm types + exists(DataFlow::Node src, DataFlow::Node sink | + EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow::flow(src, sink) and + isEVP_PKEY_CTX_Source(src, result) and + isKeyGen_EVP_PKEY_CTX_Sink(sink, this) + // TODO: what if there is no CTX source? then the keygen becomes an UNKNOWN sink + ) + } + + /** + * For this class, there is no known configuration source for any algorithm + */ + override Expr getKeyConfigurationSource(CryptographicAlgorithm alg) { none() } + } +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll new file mode 100644 index 00000000000..050dad29598 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll @@ -0,0 +1,296 @@ +/** + * Predicates/classes for identifying algorithm sinks. + * An Algorithm Sink is a function that takes an algorithm as an argument. + * In particular, any function that takes in an algorithm that until the call + * the algorithm is not definitely known to be an algorithm (e.g., an integer used as an identifier to fetch an algorithm) + */ + +//TODO: enforce a hierarchy of AlgorithmSinkArgument, e.g., so I can get all Asymmetric SinkArguments that includes all the strictly RSA etc. +import cpp +import experimental.cryptography.utils.OpenSSL.LibraryFunction +import experimental.cryptography.CryptoAlgorithmNames + +predicate isAlgorithmSink(AlgorithmSinkArgument arg, string algType) { arg.algType() = algType } + +abstract class AlgorithmSinkArgument extends Expr { + AlgorithmSinkArgument() { + exists(Call c | c.getAnArgument() = this and openSSLLibraryFunc(c.getTarget())) + } + + /** + * Gets the function call in which the argument exists + */ + Call getSinkCall() { result.getAnArgument() = this } + + abstract string algType(); +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_fetch.html +predicate cipherAlgorithmSink(string funcName, int argInd) { + funcName in ["EVP_get_cipherbyname", "EVP_get_cipherbynid", "EVP_get_cipherbyobj"] and argInd = 0 + or + funcName = "EVP_CIPHER_fetch" and argInd = 1 +} + +class CipherAlgorithmSink extends AlgorithmSinkArgument { + CipherAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + cipherAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getSymmetricEncryptionType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_MAC_fetch +predicate macAlgorithmSink(string funcName, int argInd) { + (funcName = "EVP_MAC_fetch" and argInd = 1) +} + +class MACAlgorithmSink extends AlgorithmSinkArgument { + MACAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + macAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = "TBD" } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_MD_fetch +predicate messageDigestAlgorithmSink(string funcName, int argInd) { + funcName in ["EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"] and argInd = 0 + or + funcName = "EVP_MD_fetch" and argInd = 1 +} + +class MessageDigestAlgorithmSink extends AlgorithmSinkArgument { + MessageDigestAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + messageDigestAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getHashType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_KEYEXCH_fetch +// https://www.openssl.org/docs/manmaster/man3/EVP_KEM_fetch +predicate keyExchangeAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KEYEXCH_fetch" and argInd = 1 + or + funcName = "EVP_KEM_fetch" and argInd = 1 +} + +class KeyExchangeAlgorithmSink extends AlgorithmSinkArgument { + KeyExchangeAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyExchangeAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getKeyExchangeType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_KEYMGMT_fetch +predicate keyManagementAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KEYMGMT_fetch" and argInd = 1 +} + +class KeyManagementAlgorithmSink extends AlgorithmSinkArgument { + KeyManagementAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyManagementAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = "TBD" } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_KDF +predicate keyDerivationAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_KDF_fetch" and argInd = 1 +} + +class KeyDerivationAlgorithmSink extends AlgorithmSinkArgument { + KeyDerivationAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + keyDerivationAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getKeyDerivationType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_ASYM_CIPHER_fetch +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_new_id +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_new_CMAC_key.html +predicate asymmetricCipherAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_ASYM_CIPHER_fetch" and argInd = 1 + or + funcName = "EVP_PKEY_new_CMAC_key" and argInd = 3 + // NOTE: other cases are handled by AsymmetricAlgorithmSink +} + +class AsymmetricCipherAlgorithmSink extends AlgorithmSinkArgument { + AsymmetricCipherAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + asymmetricCipherAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = "ASYMMETRIC_ENCRYPTION" } +} + +class AsymmetricCipherAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { + AsymmetricCipherAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(3) + | + funcName = "EVP_PKEY_Q_keygen" and + c.getArgument(3).getType().getUnderlyingType() instanceof IntegralType + ) + } + + override string algType() { result = "ASYMMETRIC_ENCRYPTION" } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_RAND_fetch +predicate randomAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_RAND_fetch" and argInd = 1 +} + +class RandomAlgorithmSink extends AlgorithmSinkArgument { + RandomAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + randomAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = "TBD" } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_SIGNATURE_fetch +predicate signatureAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_SIGNATURE_fetch" and argInd = 1 +} + +class SignatureAlgorithmSink extends AlgorithmSinkArgument { + SignatureAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + signatureAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getSignatureType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EC_KEY_new_by_curve_name.html +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.html +predicate ellipticCurveAlgorithmSink(string funcName, int argInd) { + funcName in ["EC_KEY_new_by_curve_name", "EVP_EC_gen"] and argInd = 0 + or + funcName = "EC_KEY_new_by_curve_name_ex" and argInd = 2 + or + funcName in ["EVP_PKEY_CTX_set_ec_paramgen_curve_nid"] and argInd = 1 +} + +class EllipticCurveAlgorithmSink extends AlgorithmSinkArgument { + EllipticCurveAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + ellipticCurveAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getEllipticCurveType() } +} + +/** + * Special cased to address the fact that arg index 3 (zero offset based) is the curve name. + * ASSUMPTION: if the arg ind 3 is a char* assume it is an elliptic curve + */ +class EllipticCurveAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { + EllipticCurveAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(3) + | + funcName = "EVP_PKEY_Q_keygen" and + c.getArgument(3).getType().getUnderlyingType() instanceof PointerType and + c.getArgument(3).getType().getUnderlyingType().stripType() instanceof CharType + ) + } + + override string algType() { result = getEllipticCurveType() } +} + +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_new_id.html +// https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_new_raw_private_key.html +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_new.html +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_ctrl.html +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_Q_keygen.html +// https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_ctrl.html +predicate asymmetricAlgorithmSink(string funcName, int argInd) { + funcName = "EVP_PKEY_CTX_new_id" and argInd = 0 + or + funcName = "EVP_PKEY_CTX_new_from_name" and argInd = 1 + or + funcName in [ + "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key", "EVP_PKEY_new_mac_key" + ] and + argInd = 0 + or + funcName in ["EVP_PKEY_new_raw_private_key_ex", "EVP_PKEY_new_raw_public_key_ex"] and argInd = 1 + or + // special casing this as arg index 3 must be specified depending on if RSA or ECC, and otherwise not specified for other algs + // funcName = "EVP_PKEY_Q_keygen" and argInd = 2 + funcName in ["EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name"] and argInd = 1 + // TODO consider void cases EVP_PKEY_new +} + +class AsymmetricAlgorithmSink extends AlgorithmSinkArgument { + AsymmetricAlgorithmSink() { + exists(Call c, string funcName, int argInd | + funcName = c.getTarget().getName() and this = c.getArgument(argInd) + | + asymmetricAlgorithmSink(funcName, argInd) + ) + } + + override string algType() { result = getAsymmetricType() } +} + +class AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen extends AlgorithmSinkArgument { + AsymmetricAlgorithmSink_EVP_PKEY_Q_keygen() { + exists(Call c, string funcName | + funcName = c.getTarget().getName() and + this = c.getArgument(2) + | + funcName = "EVP_PKEY_Q_keygen" and + not exists(c.getArgument(3)) + ) + } + + override string algType() { result = getAsymmetricType() } +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll new file mode 100644 index 00000000000..a744efa4bee --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll @@ -0,0 +1,2764 @@ +import cpp +import experimental.cryptography.CryptoAlgorithmNames + +predicate isValidAlgorithmLiteral(Literal e) { + exists(getPossibleNidFromLiteral(e)) or e instanceof StringLiteral +} + +int getNIDMax() { + result = 2000 + // result = max(int nid | knownOpenSSLAlgorithm(_, nid, _, _)) +} + +/** + * Resolves literal `e` to a known algorithm name, nid, normalized name, and algType + * if `e` resolves to a known algorithm. + * If this predicate does not hold, then `e` can be interpreted as being of `UNKNOWN` type. + */ +predicate resolveAlgorithmFromLiteral(Literal e, string normalized, string algType) { + exists(int nid | + nid = getPossibleNidFromLiteral(e) and knownOpenSSLAlgorithm(_, nid, normalized, algType) + ) + or + exists(string name | + name = resolveAlgorithmAlias(e) and knownOpenSSLAlgorithm(name, _, normalized, algType) + ) + or + // if the algorithm name directly matches a known normalized algorithm name, assume it is an algorithm + exists(string name | + name = e.getValue().toUpperCase() and isKnownAlgorithm(name, algType) and normalized = name + ) +} + +string resolveAlgorithmAlias(StringLiteral name) { + exists(string lower | lower = name.getValue().toLowerCase() | + // The result is an alias algorithm name if known + result = getAlgorithmAlias(lower) + or + // or the name is itself a known algorithm + knownOpenSSLAlgorithm(lower, _, _, _) and result = lower + ) +} + +private int getPossibleNidFromLiteral(Literal e) { + result = e.getValue().toInt() and + not e instanceof CharLiteral and + not e instanceof StringLiteral and + // ASSUMPTION, no negative numbers are allowed + // RATIONALE: this is a performance improvement to avoid having to trace every number + not exists(UnaryMinusExpr u | u.getOperand() = e) and + // OPENSSL has a special macro for getting every line, ignore it + not exists(MacroInvocation mi | mi.getExpr() = e and mi.getMacroName() = "OPENSSL_LINE") and + // Filter out cases where an int is assigned into a pointer, e.g., char* x = NULL; + not exists(Assignment a | + a.getRValue() = e and a.getLValue().getType().getUnspecifiedType() instanceof PointerType + ) and + not exists(Initializer i | + i.getExpr() = e and + i.getDeclaration().getADeclarationEntry().getUnspecifiedType() instanceof PointerType + ) and + // Filter out cases where an int is returned into a pointer, e.g., return NULL; + not exists(ReturnStmt r | + r.getExpr() = e and + r.getEnclosingFunction().getType().getUnspecifiedType() instanceof PointerType + ) +} + +string getAlgorithmAlias(string alias) { + customAliases(result, alias) + or + defaultAliases(result, alias) +} + +/** + * Finds aliases of known alagorithms defined by users (through obj_name_add and various macros pointing to this function) + * + * The `target` and `alias` are converted to lowercase to be of a standard form. + */ +predicate customAliases(string target, string alias) { + exists(Call c | c.getTarget().getName().toLowerCase() = "obj_name_add" | + target = c.getArgument(2).getValue().toLowerCase() and + alias = c.getArgument(0).getValue().toLowerCase() + ) +} + +/** + * A hard-coded mapping of known algorithm aliases in OpenSSL. + * This was derived by applying the same kind of logic foun din `customAliases` to the + * OpenSSL code base directly. + * + * The `target` and `alias` are converted to lowercase to be of a standard form. + */ +predicate defaultAliases(string target, string alias) { + alias = "aes128" and target = "aes-128-cbc" + or + alias = "aes192" and target = "aes-192-cbc" + or + alias = "aes256" and target = "aes-256-cbc" + or + alias = "aes128-wrap" and target = "id-aes128-wrap" + or + alias = "aes192-wrap" and target = "id-aes192-wrap" + or + alias = "aes256-wrap" and target = "id-aes256-wrap" + or + alias = "aes128-wrap-pad" and target = "id-aes128-wrap-pad" + or + alias = "aes192-wrap-pad" and target = "id-aes192-wrap-pad" + or + alias = "aes256-wrap-pad" and target = "id-aes256-wrap-pad" + or + alias = "aes-128-wrap" and target = "id-aes128-wrap" + or + alias = "aes-192-wrap" and target = "id-aes192-wrap" + or + alias = "aes-256-wrap" and target = "id-aes256-wrap" + or + alias = "aria128" and target = "aria-128-cbc" + or + alias = "aria192" and target = "aria-192-cbc" + or + alias = "aria256" and target = "aria-256-cbc" + or + alias = "aes128" and target = "aes-128-cbc" + or + alias = "bf" and target = "bf-cbc" + or + alias = "blowfish" and target = "bf-cbc" + or + alias = "camellia128" and target = "camellia-128-cbc" + or + alias = "camellia192" and target = "camellia-192-cbc" + or + alias = "camellia256" and target = "camellia-256-cbc" + or + alias = "cast" and target = "cast5-cbc" + or + alias = "cast-cbc" and target = "cast5-cbc" + or + alias = "des" and target = "des-cbc" + or + alias = "des-ede-ecb" and target = "des-ede" + or + alias = "des-ede3-ecb" and target = "des-ede3" + or + alias = "des3" and target = "des-ede3-cbc" + or + alias = "des3-wrap" and target = "id-smime-alg-cms3deswrap" + or + alias = "desx" and target = "desx-cbc" + or + alias = "idea" and target = "idea-cbc" + or + alias = "rc2" and target = "rc2-cbc" + or + alias = "rc2-128" and target = "rc2-cbc" + or + alias = "rc2-40" and target = "rc2-40-cbc" + or + alias = "rc2-64" and target = "rc2-64-cbc" + or + alias = "ripemd" and target = "ripemd160" + or + alias = "rmd160" and target = "ripemd160" + or + alias = "rsa-sha1-2" and target = "rsa-sha1" + or + alias = "seed" and target = "seed-cbc" + or + alias = "sm4" and target = "sm4-cbc" + or + alias = "ssl3-md5" and target = "md5" + or + alias = "ssl3-sha1" and target = "sha1" +} + +/** + * Enumeration of all known crypto algorithms for openSSL + * `name` is all lower case (caller's must ensure they pass in lower case) + * `nid` is the numeric id of the algorithm, + * `normalized` is the normalized name of the algorithm (e.g., "AES128" for "aes-128-cbc") + * `algType` is the type of algorithm (e.g., "SYMMETRIC_ENCRYPTION") + */ +predicate knownOpenSSLAlgorithm(string name, int nid, string normalized, string algType) { + name = "rsa" and nid = 19 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "prime192v1" and nid = 409 and normalized = "PRIME192V1" and algType = "ELLIPTIC_CURVE" + or + name = "prime256v1" and nid = 415 and normalized = "PRIME256V1" and algType = "ELLIPTIC_CURVE" + or + name = "pbkdf2" and nid = 69 and normalized = "PBKDF2" and algType = "KEY_DERIVATION" + or + name = "dsa" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "gost2001" and nid = 811 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2012_256" and nid = 979 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2012_512" and nid = 980 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "ed25519" and nid = 1087 and normalized = "ED25519" and algType = "ELLIPTIC_CURVE" + or + name = "ed448" and nid = 1088 and normalized = "ED448" and algType = "ELLIPTIC_CURVE" + or + name = "md2" and nid = 3 and normalized = "MD2" and algType = "HASH" + or + name = "sha" and nid = 41 and normalized = "SHA" and algType = "HASH" + or + name = "sha1" and nid = 64 and normalized = "SHA1" and algType = "HASH" + or + name = "scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" + or + name = "pkcs7" and nid = 20 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "md4" and nid = 257 and normalized = "MD4" and algType = "HASH" + or + name = "md5" and nid = 4 and normalized = "MD5" and algType = "HASH" + or + name = "sha224" and nid = 675 and normalized = "SHA224" and algType = "HASH" + or + name = "sha256" and nid = 672 and normalized = "SHA256" and algType = "HASH" + or + name = "sha384" and nid = 673 and normalized = "SHA384" and algType = "HASH" + or + name = "sha512" and nid = 674 and normalized = "SHA512" and algType = "HASH" + or + name = "sha512-224" and nid = 1094 and normalized = "SHA512224" and algType = "HASH" + or + name = "sha512-256" and nid = 1095 and normalized = "SHA512256" and algType = "HASH" + or + name = "sha3-224" and nid = 1096 and normalized = "SHA3224" and algType = "HASH" + or + name = "sha3-256" and nid = 1097 and normalized = "SHA3256" and algType = "HASH" + or + name = "sha3-384" and nid = 1098 and normalized = "SHA3384" and algType = "HASH" + or + name = "sha3-512" and nid = 1099 and normalized = "SHA3512" and algType = "HASH" + or + name = "shake128" and nid = 1100 and normalized = "SHAKE128" and algType = "HASH" + or + name = "shake256" and nid = 1101 and normalized = "SHAKE256" and algType = "HASH" + or + name = "mdc2" and nid = 95 and normalized = "MDC2" and algType = "HASH" + or + name = "blake2b512" and nid = 1056 and normalized = "BLAKE2B" and algType = "HASH" + or + name = "blake2s256" and nid = 1057 and normalized = "BLAKE2S" and algType = "HASH" + or + name = "sm3" and nid = 1143 and normalized = "SM3" and algType = "HASH" + or + name = "aes-128-cbc" and nid = 419 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc" and nid = 419 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-ecb" and nid = 418 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ecb" and nid = 418 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc" and nid = 423 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc" and nid = 423 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-ecb" and nid = 422 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ecb" and nid = 422 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc" and nid = 427 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc" and nid = 427 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-ecb" and nid = 426 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ecb" and nid = 426 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-128-cbc" and nid = 1066 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-128-cbc" and nid = 1066 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb" and nid = 1067 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-128-cfb" and nid = 1067 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ctr" and nid = 1069 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-128-ctr" and nid = 1069 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ecb" and nid = 1065 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-128-ecb" and nid = 1065 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-ofb" and nid = 1068 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-128-ofb" and nid = 1068 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb1" and nid = 1080 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-128-cfb1" and nid = 1080 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb8" and nid = 1083 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-cfb8" and nid = 1083 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aria-192-cbc" and nid = 1071 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-192-cbc" and nid = 1071 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb" and nid = 1072 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-192-cfb" and nid = 1072 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ctr" and nid = 1074 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-192-ctr" and nid = 1074 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ecb" and nid = 1070 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-192-ecb" and nid = 1070 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ofb" and nid = 1073 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-192-ofb" and nid = 1073 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb1" and nid = 1081 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-192-cfb1" and nid = 1081 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb8" and nid = 1084 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-cfb8" and nid = 1084 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aria-256-cbc" and nid = 1076 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aria-256-cbc" and nid = 1076 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb" and nid = 1077 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-256-cfb" and nid = 1077 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ctr" and nid = 1079 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aria-256-ctr" and nid = 1079 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ecb" and nid = 1075 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "aria-256-ecb" and nid = 1075 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ofb" and nid = 1078 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aria-256-ofb" and nid = 1078 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb1" and nid = 1082 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aria-256-cfb1" and nid = 1082 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb8" and nid = 1085 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-cfb8" and nid = 1085 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-128-cbc" and + nid = 751 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cbc" and nid = 751 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-128-ecb" and + nid = 754 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ecb" and nid = 754 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cbc" and + nid = 752 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cbc" and nid = 752 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-192-ecb" and + nid = 755 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ecb" and nid = 755 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cbc" and + nid = 753 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cbc" and nid = 753 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "camellia-256-ecb" and + nid = 756 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ecb" and nid = 756 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc4" and nid = 5 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc4-40" and nid = 97 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ecb" and nid = 29 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ecb" and nid = 29 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-ede" and nid = 32 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3" and nid = 33 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3" and nid = 33 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-cbc" and nid = 31 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cbc" and nid = 31 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-ede-cbc" and nid = 43 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-cbc" and nid = 43 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "des-ede-cbc" and nid = 43 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-ede3-cbc" and nid = 44 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cbc" and nid = 44 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "des-cfb" and nid = 30 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb" and nid = 30 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede-cfb" and nid = 60 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-cfb" and nid = 60 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb" and nid = 61 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb" and nid = 61 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ofb" and nid = 45 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ofb" and nid = 45 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "des-ede-ofb" and nid = 62 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede-ofb" and nid = 62 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-ofb" and nid = 63 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-ofb" and nid = 63 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "idea-cbc" and nid = 34 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-cbc" and nid = 34 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "idea-ecb" and nid = 36 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-ecb" and nid = 36 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "idea-cfb" and nid = 35 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-cfb" and nid = 35 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "idea-ofb" and nid = 46 and normalized = "IDEA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "idea-ofb" and nid = 46 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "seed-cbc" and nid = 777 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-cbc" and nid = 777 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "seed-ecb" and nid = 776 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-ecb" and nid = 776 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "seed-cfb" and nid = 779 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-cfb" and nid = 779 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "seed-ofb" and nid = 778 and normalized = "SEED" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "seed-ofb" and nid = 778 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc2-cbc" and nid = 37 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-cbc" and nid = 37 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc2-ecb" and nid = 38 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-ecb" and nid = 38 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc2-cfb" and nid = 39 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-cfb" and nid = 39 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "rc2-ofb" and nid = 40 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-ofb" and nid = 40 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc2-64-cbc" and nid = 166 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-64-cbc" and nid = 166 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc2-40-cbc" and nid = 98 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc2-40-cbc" and nid = 98 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "bf-cbc" and nid = 91 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-cbc" and nid = 91 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "bf-ecb" and nid = 92 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-ecb" and nid = 92 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "bf-cfb" and nid = 93 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-cfb" and nid = 93 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "bf-ofb" and nid = 94 and normalized = "BF" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "bf-ofb" and nid = 94 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "cast5-cbc" and nid = 108 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "cast5-cbc" and nid = 108 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-ecb" and nid = 109 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "cast5-ecb" and nid = 109 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-cfb" and nid = 110 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "cast5-cfb" and nid = 110 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "cast5-ofb" and nid = 111 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "cast5-ofb" and nid = 111 and normalized = "CAST5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cbc" and nid = 1134 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cbc" and nid = 1134 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "sm4-ecb" and nid = 1133 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ecb" and nid = 1133 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "sm4-cfb" and nid = 1137 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb" and nid = 1137 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "sm4-ofb" and nid = 1135 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ofb" and nid = 1135 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "sm4-ctr" and nid = 1139 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ctr" and nid = 1139 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-128-gcm" and nid = 895 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "secp160r1" and nid = 709 and normalized = "SECP160R1" and algType = "ELLIPTIC_CURVE" + or + name = "ripemd160" and nid = 117 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "whirlpool" and nid = 804 and normalized = "WHIRLPOOL" and algType = "HASH" + or + name = "rc5-cbc" and nid = 120 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "rc5-cbc" and nid = 120 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pss" and nid = 435 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "id-aes128-wrap" and + nid = 788 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-wrap" and + nid = 789 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-wrap" and + nid = 790 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-wrap-pad" and + nid = 897 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-wrap-pad" and + nid = 900 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-wrap-pad" and + nid = 903 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "chacha20" and nid = 1019 and normalized = "CHACHA20" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "secp112r1" and nid = 704 and normalized = "SECP112R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp112r2" and nid = 705 and normalized = "SECP112R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp128r1" and nid = 706 and normalized = "SECP128R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp128r2" and nid = 707 and normalized = "SECP128R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp160k1" and nid = 708 and normalized = "SECP160K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp160r2" and nid = 710 and normalized = "SECP160R2" and algType = "ELLIPTIC_CURVE" + or + name = "secp192k1" and nid = 711 and normalized = "SECP192K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp224k1" and nid = 712 and normalized = "SECP224K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp224r1" and nid = 713 and normalized = "SECP224R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp256k1" and nid = 714 and normalized = "SECP256K1" and algType = "ELLIPTIC_CURVE" + or + name = "secp384r1" and nid = 715 and normalized = "SECP384R1" and algType = "ELLIPTIC_CURVE" + or + name = "secp521r1" and nid = 716 and normalized = "SECP521R1" and algType = "ELLIPTIC_CURVE" + or + name = "prime192v2" and nid = 410 and normalized = "PRIME192V2" and algType = "ELLIPTIC_CURVE" + or + name = "prime192v3" and nid = 411 and normalized = "PRIME192V3" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v1" and nid = 412 and normalized = "PRIME239V1" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v2" and nid = 413 and normalized = "PRIME239V2" and algType = "ELLIPTIC_CURVE" + or + name = "prime239v3" and nid = 414 and normalized = "PRIME239V3" and algType = "ELLIPTIC_CURVE" + or + name = "sect113r1" and nid = 717 and normalized = "SECT113R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect113r2" and nid = 718 and normalized = "SECT113R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect131r1" and nid = 719 and normalized = "SECT131R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect131r2" and nid = 720 and normalized = "SECT131R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect163k1" and nid = 721 and normalized = "SECT163K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect163r1" and nid = 722 and normalized = "SECT163R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect163r2" and nid = 723 and normalized = "SECT163R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect193r1" and nid = 724 and normalized = "SECT193R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect193r2" and nid = 725 and normalized = "SECT193R2" and algType = "ELLIPTIC_CURVE" + or + name = "sect233k1" and nid = 726 and normalized = "SECT233K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect233r1" and nid = 727 and normalized = "SECT233R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect239k1" and nid = 728 and normalized = "SECT239K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect283k1" and nid = 729 and normalized = "SECT283K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect283r1" and nid = 730 and normalized = "SECT283R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect409k1" and nid = 731 and normalized = "SECT409K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect409r1" and nid = 732 and normalized = "SECT409R1" and algType = "ELLIPTIC_CURVE" + or + name = "sect571k1" and nid = 733 and normalized = "SECT571K1" and algType = "ELLIPTIC_CURVE" + or + name = "sect571r1" and nid = 734 and normalized = "SECT571R1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v1" and nid = 684 and normalized = "C2PNB163V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v2" and nid = 685 and normalized = "C2PNB163V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb163v3" and nid = 686 and normalized = "C2PNB163V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb176v1" and nid = 687 and normalized = "C2PNB176V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v1" and nid = 688 and normalized = "C2TNB191V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v2" and nid = 689 and normalized = "C2TNB191V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb191v3" and nid = 690 and normalized = "C2TNB191V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb208w1" and nid = 693 and normalized = "C2PNB208W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v1" and nid = 694 and normalized = "C2TNB239V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v2" and nid = 695 and normalized = "C2TNB239V2" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb239v3" and nid = 696 and normalized = "C2TNB239V3" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb272w1" and nid = 699 and normalized = "C2PNB272W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb304w1" and nid = 700 and normalized = "C2PNB304W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb359v1" and nid = 701 and normalized = "C2TNB359V1" and algType = "ELLIPTIC_CURVE" + or + name = "c2pnb368w1" and nid = 702 and normalized = "C2PNB368W1" and algType = "ELLIPTIC_CURVE" + or + name = "c2tnb431r1" and nid = 703 and normalized = "C2TNB431R1" and algType = "ELLIPTIC_CURVE" + or + name = "pkcs5" and nid = 187 and normalized = "PKCS5" and algType = "KEY_DERIVATION" + or + name = "aes-256-gcm" and nid = 901 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "chacha20-poly1305" and nid = 1018 and normalized = "POLY1305" and algType = "HASH" + or + name = "chacha20-poly1305" and + nid = 1018 and + normalized = "CHACHA20POLY1305" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsadsi" and nid = 1 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "pkcs7-data" and nid = 21 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "desx-cbc" and nid = 80 and normalized = "DESX" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "desx-cbc" and nid = 80 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "md5-sha1" and nid = 114 and normalized = "SHA1" and algType = "HASH" + or + name = "rc5-ecb" and nid = 121 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "rc5-ecb" and nid = 121 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc5-cfb" and nid = 122 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "rc5-cfb" and nid = 122 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rc5-ofb" and nid = 123 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "rc5-ofb" and nid = 123 and normalized = "RC5" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-alg-des40" and nid = 323 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-alg-dh-sig-hmac-sha1" and nid = 325 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-128-ofb" and nid = 420 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ofb" and nid = 420 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-128-cfb" and nid = 421 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb" and nid = 421 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-192-ofb" and nid = 424 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ofb" and nid = 424 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb" and nid = 425 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb" and nid = 425 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-256-ofb" and nid = 428 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ofb" and nid = 428 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb" and nid = 429 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb" and nid = 429 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-cdmf" and nid = 643 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb1" and nid = 650 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb1" and nid = 650 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb1" and nid = 651 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb1" and nid = 651 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb1" and nid = 652 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb1" and nid = 652 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "aes-128-cfb8" and nid = 653 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cfb8" and nid = 653 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aes-192-cfb8" and nid = 654 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cfb8" and nid = 654 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "aes-256-cfb8" and nid = 655 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cfb8" and nid = 655 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "des-cfb1" and nid = 656 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb1" and nid = 656 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-cfb8" and nid = 657 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-cfb8" and nid = 657 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb1" and nid = 658 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb1" and nid = 658 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "des-ede3-cfb8" and nid = 659 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "des-ede3-cfb8" and nid = 659 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "c2onb191v4" and nid = 691 and normalized = "C2ONB191V4" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb191v5" and nid = 692 and normalized = "C2ONB191V5" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb239v4" and nid = 697 and normalized = "C2ONB239V4" and algType = "ELLIPTIC_CURVE" + or + name = "c2onb239v5" and nid = 698 and normalized = "C2ONB239V5" and algType = "ELLIPTIC_CURVE" + or + name = "camellia-128-cfb" and + nid = 757 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb" and nid = 757 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb" and + nid = 758 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb" and nid = 758 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb" and + nid = 759 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb" and nid = 759 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-128-cfb1" and + nid = 760 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb1" and nid = 760 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb1" and + nid = 761 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb1" and nid = 761 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb1" and + nid = 762 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb1" and nid = 762 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "camellia-128-cfb8" and + nid = 763 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-cfb8" and nid = 763 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-192-cfb8" and + nid = 764 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-cfb8" and nid = 764 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-256-cfb8" and + nid = 765 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-cfb8" and nid = 765 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "camellia-128-ofb" and + nid = 766 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ofb" and nid = 766 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "camellia-192-ofb" and + nid = 767 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ofb" and nid = 767 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "camellia-256-ofb" and + nid = 768 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ofb" and nid = 768 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "hmac-md5" and nid = 780 and normalized = "MD5" and algType = "HASH" + or + name = "hmac-sha1" and nid = 781 and normalized = "SHA1" and algType = "HASH" + or + name = "md_gost94" and nid = 809 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost94" and nid = 812 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89" and nid = 813 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-cnt" and nid = 814 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost-mac" and nid = 815 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "prf-gostr3411-94" and + nid = 816 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost94cc" and nid = 850 and normalized = "GOST94" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost2001cc" and nid = 851 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ccm" and nid = 896 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-192-gcm" and nid = 898 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aes-192-ccm" and nid = 899 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-256-ccm" and nid = 902 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aes-128-ctr" and nid = 904 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-ctr" and nid = 904 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-192-ctr" and nid = 905 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ctr" and nid = 905 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "aes-256-ctr" and nid = 906 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ctr" and nid = 906 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "id-camellia128-wrap" and + nid = 907 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-camellia192-wrap" and + nid = 908 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-camellia256-wrap" and + nid = 909 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "mgf1" and nid = 911 and normalized = "MGF1" and algType = "HASH" + or + name = "aes-128-xts" and nid = 913 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-xts" and nid = 913 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "aes-256-xts" and nid = 914 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-xts" and nid = 914 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "rc4-hmac-md5" and nid = 915 and normalized = "MD5" and algType = "HASH" + or + name = "rc4-hmac-md5" and nid = 915 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-128-cbc-hmac-sha1" and + nid = 916 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha1" and nid = 916 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "SHA1" and algType = "HASH" + or + name = "aes-192-cbc-hmac-sha1" and + nid = 917 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc-hmac-sha1" and nid = 917 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc-hmac-sha1" and + nid = 918 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc-hmac-sha1" and nid = 918 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-128-cbc-hmac-sha256" and + nid = 948 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-cbc-hmac-sha256" and nid = 948 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-192-cbc-hmac-sha256" and + nid = 949 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-cbc-hmac-sha256" and nid = 949 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "SHA256" and algType = "HASH" + or + name = "aes-256-cbc-hmac-sha256" and + nid = 950 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-cbc-hmac-sha256" and nid = 950 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "aes-128-ocb" and nid = 958 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-ocb" and nid = 959 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-ocb" and nid = 960 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-gcm" and + nid = 961 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-gcm" and nid = 961 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-128-ccm" and + nid = 962 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ccm" and nid = 962 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-128-ctr" and + nid = 963 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-128-ctr" and nid = 963 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-128-cmac" and + nid = 964 and + normalized = "CAMELLIA128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-gcm" and + nid = 965 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-gcm" and nid = 965 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-192-ccm" and + nid = 966 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ccm" and nid = 966 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-192-ctr" and + nid = 967 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-192-ctr" and nid = 967 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-192-cmac" and + nid = 968 and + normalized = "CAMELLIA192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-gcm" and + nid = 969 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-gcm" and nid = 969 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "camellia-256-ccm" and + nid = 970 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ccm" and nid = 970 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "camellia-256-ctr" and + nid = 971 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "camellia-256-ctr" and nid = 971 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "camellia-256-cmac" and + nid = 972 and + normalized = "CAMELLIA256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-scrypt" and nid = 973 and normalized = "SCRYPT" and algType = "KEY_DERIVATION" + or + name = "gost89-cnt-12" and + nid = 975 and + normalized = "GOST89" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost-mac-12" and nid = 976 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "md_gost12_256" and nid = 982 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "md_gost12_512" and nid = 983 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-signwithdigest-gost3410-2012-256" and + nid = 985 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-signwithdigest-gost3410-2012-512" and + nid = 986 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-hmac-gost-3411-2012-256" and + nid = 988 and + normalized = "GOST34112012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-hmac-gost-3411-2012-512" and + nid = 989 and + normalized = "GOST34112012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-agreement-gost-3410-2012-256" and + nid = 992 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-agreement-gost-3410-2012-512" and + nid = 993 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-constants" and + nid = 996 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-28147-constants" and + nid = 1002 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-cbc" and nid = 1009 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "gost89-cbc" and nid = 1009 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-ecb" and nid = 1010 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "gost89-ecb" and nid = 1010 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost89-ctr" and nid = 1011 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "gost89-ctr" and nid = 1011 and normalized = "GOST89" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ecb" and nid = 1012 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ecb" and + nid = 1012 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr" and nid = 1013 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr" and + nid = 1013 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ofb" and nid = 1014 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ofb" and + nid = 1014 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-cbc" and nid = 1015 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "kuznyechik-cbc" and + nid = 1015 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-cfb" and nid = 1016 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "kuznyechik-cfb" and + nid = 1016 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-mac" and + nid = 1017 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hkdf" and nid = 1036 and normalized = "HKDF" and algType = "KEY_DERIVATION" + or + name = "kx-rsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kx-ecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kx-ecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kx-rsa-psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kx-gost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "auth-rsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "auth-ecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "auth-gost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "auth-gost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "poly1305" and nid = 1061 and normalized = "POLY1305" and algType = "HASH" + or + name = "hmac-sha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" + or + name = "hmac-sha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" + or + name = "hmac-sha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" + or + name = "hmac-sha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-dsa-with-sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" + or + name = "id-dsa-with-sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" + or + name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "id-dsa-with-sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "id-ecdsa-with-sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-224" and + nid = 1116 and + normalized = "SHA3224" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-256" and + nid = 1117 and + normalized = "SHA3256" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-384" and + nid = 1118 and + normalized = "SHA3384" and + algType = "HASH" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "PKCS1V15" and + algType = "ASYMMETRIC_PADDING" + or + name = "id-rsassa-pkcs1-v1_5-with-sha3-512" and + nid = 1119 and + normalized = "SHA3512" and + algType = "HASH" + or + name = "aria-128-ccm" and nid = 1120 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-128-ccm" and nid = 1120 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-ccm" and nid = 1121 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-192-ccm" and nid = 1121 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-ccm" and nid = 1122 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "aria-256-ccm" and nid = 1122 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-128-gcm" and nid = 1123 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-128-gcm" and nid = 1123 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-192-gcm" and nid = 1124 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-192-gcm" and nid = 1124 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aria-256-gcm" and nid = 1125 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "aria-256-gcm" and nid = 1125 and normalized = "ARIA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb1" and nid = 1136 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb1" and nid = 1136 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "sm4-cfb8" and nid = 1138 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-cfb8" and nid = 1138 and normalized = "CFB8" and algType = "BLOCK_MODE" + or + name = "id-tc26-gost-3410-2012-256-constants" and + nid = 1147 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "dstu28147-ofb" and nid = 1153 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "dstu28147-cfb" and nid = 1154 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "id-tc26-cipher-gostr3412-2015-magma" and + nid = 1173 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr-acpkm" and nid = 1174 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr-acpkm" and + nid = 1174 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr-acpkm-omac" and nid = 1175 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr-acpkm-omac" and + nid = 1175 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-cipher-gostr3412-2015-kuznyechik" and + nid = 1176 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr-acpkm" and nid = 1177 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr-acpkm" and + nid = 1177 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-ctr-acpkm-omac" and + nid = 1178 and + normalized = "CTR" and + algType = "BLOCK_MODE" + or + name = "kuznyechik-ctr-acpkm-omac" and + nid = 1178 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-wrap-gostr3412-2015-magma" and + nid = 1180 and + normalized = "MAGMA" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-kexp15" and nid = 1181 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-wrap-gostr3412-2015-kuznyechik" and + nid = 1182 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kuznyechik-kexp15" and + nid = 1183 and + normalized = "KUZNYECHIK" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ecb" and nid = 1187 and normalized = "ECB" and algType = "BLOCK_MODE" + or + name = "magma-ecb" and nid = 1187 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ctr" and nid = 1188 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "magma-ctr" and nid = 1188 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-ofb" and nid = 1189 and normalized = "OFB" and algType = "BLOCK_MODE" + or + name = "magma-ofb" and nid = 1189 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-cbc" and nid = 1190 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "magma-cbc" and nid = 1190 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-cfb" and nid = 1191 and normalized = "CFB" and algType = "BLOCK_MODE" + or + name = "magma-cfb" and nid = 1191 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "magma-mac" and nid = 1192 and normalized = "MAGMA" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-siv" and nid = 1198 and normalized = "AES128" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-128-siv" and nid = 1198 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "aes-192-siv" and nid = 1199 and normalized = "AES192" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-192-siv" and nid = 1199 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "aes-256-siv" and nid = 1200 and normalized = "AES256" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "aes-256-siv" and nid = 1200 and normalized = "SIV" and algType = "BLOCK_MODE" + or + name = "blake2bmac" and nid = 1201 and normalized = "BLAKE2B" and algType = "HASH" + or + name = "blake2smac" and nid = 1202 and normalized = "BLAKE2S" and algType = "HASH" + or + name = "sshkdf" and nid = 1203 and normalized = "HKDF" and algType = "KEY_DERIVATION" + or + name = "x963kdf" and nid = 1206 and normalized = "X963KDF" and algType = "KEY_DERIVATION" + or + name = "kx-gost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-gcm" and nid = 1248 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-gcm" and nid = 1248 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "sm4-ccm" and nid = 1249 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-ccm" and nid = 1249 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "sm4-xts" and nid = 1290 and normalized = "SM4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "sm4-xts" and nid = 1290 and normalized = "XTS" and algType = "BLOCK_MODE" + or + name = "x448" and nid = 1035 and normalized = "X448" and algType = "ELLIPTIC_CURVE" + or + name = "x25519" and nid = 1034 and normalized = "X25519" and algType = "ELLIPTIC_CURVE" + or + name = "authecdsa" and nid = 1047 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "authgost01" and nid = 1050 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "authgost12" and nid = 1051 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "authrsa" and nid = 1046 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "brainpoolp160r1" and + nid = 921 and + normalized = "BRAINPOOLP160R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp160t1" and + nid = 922 and + normalized = "BRAINPOOLP160T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp192r1" and + nid = 923 and + normalized = "BRAINPOOLP192R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp192t1" and + nid = 924 and + normalized = "BRAINPOOLP192T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp224r1" and + nid = 925 and + normalized = "BRAINPOOLP224R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp224t1" and + nid = 926 and + normalized = "BRAINPOOLP224T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256r1" and + nid = 927 and + normalized = "BRAINPOOLP256R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256r1tls13" and + nid = 1285 and + normalized = "BRAINPOOLP256R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp256t1" and + nid = 928 and + normalized = "BRAINPOOLP256T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp320r1" and + nid = 929 and + normalized = "BRAINPOOLP320R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp320t1" and + nid = 930 and + normalized = "BRAINPOOLP320T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384r1" and + nid = 931 and + normalized = "BRAINPOOLP384R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384r1tls13" and + nid = 1286 and + normalized = "BRAINPOOLP384R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp384t1" and + nid = 932 and + normalized = "BRAINPOOLP384T1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512r1" and + nid = 933 and + normalized = "BRAINPOOLP512R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512r1tls13" and + nid = 1287 and + normalized = "BRAINPOOLP512R1" and + algType = "ELLIPTIC_CURVE" + or + name = "brainpoolp512t1" and + nid = 934 and + normalized = "BRAINPOOLP512T1" and + algType = "ELLIPTIC_CURVE" + or + name = "dhsinglepass-cofactordh-sha1kdf-scheme" and + nid = 941 and + normalized = "SHA1" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha224kdf-scheme" and + nid = 942 and + normalized = "SHA224" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha256kdf-scheme" and + nid = 943 and + normalized = "SHA256" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha384kdf-scheme" and + nid = 944 and + normalized = "SHA384" and + algType = "HASH" + or + name = "dhsinglepass-cofactordh-sha512kdf-scheme" and + nid = 945 and + normalized = "SHA512" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha1kdf-scheme" and + nid = 936 and + normalized = "SHA1" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha224kdf-scheme" and + nid = 937 and + normalized = "SHA224" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha256kdf-scheme" and + nid = 938 and + normalized = "SHA256" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha384kdf-scheme" and + nid = 939 and + normalized = "SHA384" and + algType = "HASH" + or + name = "dhsinglepass-stddh-sha512kdf-scheme" and + nid = 940 and + normalized = "SHA512" and + algType = "HASH" + or + name = "dsa-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha" and nid = 66 and normalized = "SHA" and algType = "HASH" + or + name = "dsa-sha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" + or + name = "dsa-sha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa-sha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" + or + name = "dsa_with_sha224" and nid = 802 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha224" and nid = 802 and normalized = "SHA224" and algType = "HASH" + or + name = "dsa_with_sha256" and nid = 803 and normalized = "SHA256" and algType = "HASH" + or + name = "dsa_with_sha256" and nid = 803 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-224" and nid = 1108 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-224" and nid = 1108 and normalized = "SHA3224" and algType = "HASH" + or + name = "dsa_with_sha3-256" and nid = 1109 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-256" and nid = 1109 and normalized = "SHA3256" and algType = "HASH" + or + name = "dsa_with_sha3-384" and nid = 1110 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-384" and nid = 1110 and normalized = "SHA3384" and algType = "HASH" + or + name = "dsa_with_sha3-512" and nid = 1111 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha3-512" and nid = 1111 and normalized = "SHA3512" and algType = "HASH" + or + name = "dsa_with_sha384" and nid = 1106 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha384" and nid = 1106 and normalized = "SHA384" and algType = "HASH" + or + name = "dsa_with_sha512" and nid = 1107 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsa_with_sha512" and nid = 1107 and normalized = "SHA512" and algType = "HASH" + or + name = "dsaencryption" and nid = 116 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsaencryption-old" and nid = 67 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsaquality" and nid = 495 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha" and nid = 66 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha" and nid = 66 and normalized = "SHA" and algType = "HASH" + or + name = "dsawithsha1" and nid = 113 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha1" and nid = 113 and normalized = "SHA1" and algType = "HASH" + or + name = "dsawithsha1-old" and nid = 70 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "dsawithsha1-old" and nid = 70 and normalized = "SHA1" and algType = "HASH" + or + name = "dstu gost 28147-2009 cfb mode" and + nid = 1154 and + normalized = "CFB" and + algType = "BLOCK_MODE" + or + name = "dstu gost 28147-2009 cfb mode" and + nid = 1154 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "dstu gost 28147-2009 ofb mode" and + nid = 1153 and + normalized = "OFB" and + algType = "BLOCK_MODE" + or + name = "dstu gost 28147-2009 ofb mode" and + nid = 1153 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "ecdsa-with-recommended" and nid = 791 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha1" and nid = 416 and normalized = "SHA1" and algType = "HASH" + or + name = "ecdsa-with-sha1" and nid = 416 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha224" and nid = 793 and normalized = "SHA224" and algType = "HASH" + or + name = "ecdsa-with-sha224" and nid = 793 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha256" and nid = 794 and normalized = "SHA256" and algType = "HASH" + or + name = "ecdsa-with-sha256" and nid = 794 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha384" and nid = 795 and normalized = "SHA384" and algType = "HASH" + or + name = "ecdsa-with-sha384" and nid = 795 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-sha512" and nid = 796 and normalized = "SHA512" and algType = "HASH" + or + name = "ecdsa-with-sha512" and nid = 796 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa-with-specified" and nid = 792 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-224" and nid = 1112 and normalized = "SHA3224" and algType = "HASH" + or + name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-256" and nid = 1113 and normalized = "SHA3256" and algType = "HASH" + or + name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-384" and nid = 1114 and normalized = "SHA3384" and algType = "HASH" + or + name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "ECDSA" and algType = "SIGNATURE" + or + name = "ecdsa_with_sha3-512" and nid = 1115 and normalized = "SHA3512" and algType = "HASH" + or + name = "gost 28147-89" and + nid = 813 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 cryptocom paramset" and + nid = 849 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 mac" and + nid = 815 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 28147-89 tc26 parameter set" and + nid = 1003 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 34.10-2001 cryptocom" and + nid = 851 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost 34.10-94 cryptocom" and + nid = 850 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2001" and + nid = 811 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2001 dh" and + nid = 817 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset a" and + nid = 1148 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset b" and + nid = 1184 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset c" and + nid = 1185 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (256 bit) paramset d" and + nid = 1186 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset a" and + nid = 998 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset b" and + nid = 999 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) paramset c" and + nid = 1149 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 (512 bit) testing parameter set" and + nid = 997 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with 256 bit modulus" and + nid = 979 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with 512 bit modulus" and + nid = 980 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with gost r 34.11-2012 (256 bit)" and + nid = 985 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-2012 with gost r 34.11-2012 (512 bit)" and + nid = 986 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-94" and + nid = 812 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.10-94 dh" and + nid = 818 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-2012 with 256 bit hash" and + nid = 982 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-2012 with 512 bit hash" and + nid = 983 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94" and + nid = 809 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 prf" and + nid = 816 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-2001" and + nid = 807 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-2001 cryptocom" and + nid = 853 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-94" and + nid = 808 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 34.11-94 with gost r 34.10-94 cryptocom" and + nid = 852 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "gost r 3410-2001 parameter set cryptocom" and + nid = 854 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-2012 256 bit" and + nid = 988 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-2012 512 bit" and + nid = 989 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmac gost 34.11-94" and + nid = 810 and + normalized = "GOST" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "hmacwithmd5" and nid = 797 and normalized = "MD5" and algType = "HASH" + or + name = "hmacwithsha1" and nid = 163 and normalized = "SHA1" and algType = "HASH" + or + name = "hmacwithsha224" and nid = 798 and normalized = "SHA224" and algType = "HASH" + or + name = "hmacwithsha256" and nid = 799 and normalized = "SHA256" and algType = "HASH" + or + name = "hmacwithsha384" and nid = 800 and normalized = "SHA384" and algType = "HASH" + or + name = "hmacwithsha512" and nid = 801 and normalized = "SHA512" and algType = "HASH" + or + name = "hmacwithsha512-224" and nid = 1193 and normalized = "SHA512224" and algType = "HASH" + or + name = "hmacwithsha512-256" and nid = 1194 and normalized = "SHA512256" and algType = "HASH" + or + name = "hmacwithsm3" and nid = 1281 and normalized = "SM3" and algType = "HASH" + or + name = "id-aes128-ccm" and + nid = 896 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-ccm" and nid = 896 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes128-gcm" and + nid = 895 and + normalized = "AES128" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes128-gcm" and nid = 895 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-aes192-ccm" and + nid = 899 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-ccm" and nid = 899 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes192-gcm" and + nid = 898 and + normalized = "AES192" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes192-gcm" and nid = 898 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-aes256-ccm" and + nid = 902 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-ccm" and nid = 902 and normalized = "CCM" and algType = "BLOCK_MODE" + or + name = "id-aes256-gcm" and + nid = 901 and + normalized = "AES256" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-aes256-gcm" and nid = 901 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-gost28147-89-cc" and + nid = 849 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-a-paramset" and + nid = 824 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-b-paramset" and + nid = 825 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-c-paramset" and + nid = 826 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-d-paramset" and + nid = 827 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-keymeshing" and + nid = 819 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-oscar-1-0-paramset" and + nid = 829 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-oscar-1-1-paramset" and + nid = 828 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-cryptopro-ric-1-paramset" and + nid = 830 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-none-keymeshing" and + nid = 820 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gost28147-89-testparamset" and + nid = 823 and + normalized = "GOST2814789" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-a-paramset" and + nid = 840 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-b-paramset" and + nid = 841 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-c-paramset" and + nid = 842 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-xcha-paramset" and + nid = 843 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-cryptopro-xchb-paramset" and + nid = 844 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-paramset-cc" and + nid = 854 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001-testparamset" and + nid = 839 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-2001dh" and + nid = 817 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-a" and + nid = 845 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-abis" and + nid = 846 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-b" and + nid = 847 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-bbis" and + nid = 848 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-a-paramset" and + nid = 832 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-b-paramset" and + nid = 833 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-c-paramset" and + nid = 834 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-d-paramset" and + nid = 835 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xcha-paramset" and + nid = 836 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xchb-paramset" and + nid = 837 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-cryptopro-xchc-paramset" and + nid = 838 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94-testparamset" and + nid = 831 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3410-94dh" and + nid = 818 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-cryptoproparamset" and + nid = 822 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-testparamset" and + nid = 821 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-2001" and + nid = 807 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-2001-cc" and + nid = 853 and + normalized = "GOSTR34102001" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94" and + nid = 808 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94" and + nid = 808 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94-cc" and + nid = 852 and + normalized = "GOSTR341094" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-gostr3411-94-with-gostr3410-94-cc" and + nid = 852 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-hmacgostr3411-94" and + nid = 810 and + normalized = "GOSTR341194" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-hmacwithsha3-224" and nid = 1102 and normalized = "SHA3224" and algType = "HASH" + or + name = "id-hmacwithsha3-256" and nid = 1103 and normalized = "SHA3256" and algType = "HASH" + or + name = "id-hmacwithsha3-384" and nid = 1104 and normalized = "SHA3384" and algType = "HASH" + or + name = "id-hmacwithsha3-512" and nid = 1105 and normalized = "SHA3512" and algType = "HASH" + or + name = "id-regctrl" and nid = 313 and normalized = "CTR" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-3deswrap" and + nid = 243 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cms3deswrap" and nid = 246 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-cms3deswrap" and + nid = 246 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cmsrc2wrap" and + nid = 247 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-cmsrc2wrap" and nid = 247 and normalized = "GCM" and algType = "BLOCK_MODE" + or + name = "id-smime-alg-esdhwith3des" and + nid = 241 and + normalized = "3DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-esdhwithrc2" and + nid = 242 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-smime-alg-rc2wrap" and + nid = 244 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-28147-param-z" and + nid = 1003 and + normalized = "GOST28147" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramseta" and + nid = 1148 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetb" and + nid = 1184 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetc" and + nid = 1185 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-256-paramsetd" and + nid = 1186 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramseta" and + nid = 998 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsetb" and + nid = 999 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsetc" and + nid = 1149 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "id-tc26-gost-3410-2012-512-paramsettest" and + nid = 997 and + normalized = "GOST34102012" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxecdhe" and nid = 1038 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kxecdhe-psk" and nid = 1040 and normalized = "ECDH" and algType = "KEY_EXCHANGE" + or + name = "kxgost" and nid = 1045 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxgost18" and nid = 1218 and normalized = "GOST" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "kxrsa" and nid = 1037 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "kxrsa_psk" and nid = 1042 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md2withrsaencryption" and + nid = 7 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md2withrsaencryption" and nid = 7 and normalized = "MD2" and algType = "HASH" + or + name = "md4withrsaencryption" and + nid = 396 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md4withrsaencryption" and nid = 396 and normalized = "MD4" and algType = "HASH" + or + name = "md5withrsa" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md5withrsa" and nid = 104 and normalized = "MD5" and algType = "HASH" + or + name = "md5withrsaencryption" and + nid = 8 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "md5withrsaencryption" and nid = 8 and normalized = "MD5" and algType = "HASH" + or + name = "mdc2withrsa" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "mdc2withrsa" and nid = 96 and normalized = "MDC2" and algType = "HASH" + or + name = "pbe-md2-des" and nid = 9 and normalized = "MD2" and algType = "HASH" + or + name = "pbe-md2-des" and nid = 9 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md2-rc2-64" and nid = 168 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md2-rc2-64" and nid = 168 and normalized = "MD2" and algType = "HASH" + or + name = "pbe-md5-des" and nid = 10 and normalized = "MD5" and algType = "HASH" + or + name = "pbe-md5-des" and nid = 10 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-md5-rc2-64" and nid = 169 and normalized = "MD5" and algType = "HASH" + or + name = "pbe-md5-rc2-64" and nid = 169 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-2des" and nid = 147 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-2des" and nid = 147 and normalized = "2DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-3des" and nid = 146 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-3des" and nid = 146 and normalized = "3DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-des" and nid = 170 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-des" and nid = 170 and normalized = "DES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-128" and nid = 148 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-128" and + nid = 148 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-40" and nid = 149 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc2-64" and nid = 68 and normalized = "RC2" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc4-128" and nid = 144 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc4-128" and + nid = 144 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "SHA1" and algType = "HASH" + or + name = "pbe-sha1-rc4-40" and nid = 145 and normalized = "RC4" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2anddes-cbc" and + nid = 9 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd2anddes-cbc" and nid = 9 and normalized = "MD2" and algType = "HASH" + or + name = "pbewithmd2andrc2-cbc" and + nid = 168 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd2andrc2-cbc" and nid = 168 and normalized = "MD2" and algType = "HASH" + or + name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5andcast5cbc" and nid = 112 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd5andcast5cbc" and + nid = 112 and + normalized = "CAST5" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5anddes-cbc" and + nid = 10 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5anddes-cbc" and nid = 10 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "MD5" and algType = "HASH" + or + name = "pbewithmd5andrc2-cbc" and + nid = 169 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithmd5andrc2-cbc" and nid = 169 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithsha1and128bitrc2-cbc" and nid = 148 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and128bitrc2-cbc" and + nid = 148 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and128bitrc2-cbc" and + nid = 148 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and128bitrc4" and nid = 144 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and128bitrc4" and + nid = 144 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "SHA1" and + algType = "HASH" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and2-keytripledes-cbc" and + nid = 147 and + normalized = "TRIPLEDES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "SHA1" and + algType = "HASH" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and3-keytripledes-cbc" and + nid = 146 and + normalized = "TRIPLEDES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and40bitrc2-cbc" and nid = 149 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and40bitrc2-cbc" and + nid = 149 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1and40bitrc2-cbc" and + nid = 149 and + normalized = "CBC" and + algType = "BLOCK_MODE" + or + name = "pbewithsha1and40bitrc4" and nid = 145 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1and40bitrc4" and + nid = 145 and + normalized = "RC4" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1anddes-cbc" and + nid = 170 and + normalized = "DES" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1anddes-cbc" and nid = 170 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "SHA1" and algType = "HASH" + or + name = "pbewithsha1andrc2-cbc" and + nid = 68 and + normalized = "RC2" and + algType = "SYMMETRIC_ENCRYPTION" + or + name = "pbewithsha1andrc2-cbc" and nid = 68 and normalized = "CBC" and algType = "BLOCK_MODE" + or + name = "pilotdsa" and nid = 456 and normalized = "DSA" and algType = "SIGNATURE" + or + name = "pkcs7-digestdata" and nid = 25 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-encrypteddata" and + nid = 26 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-envelopeddata" and + nid = 23 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-signedandenvelopeddata" and + nid = 24 and + normalized = "PKCS7" and + algType = "SYMMETRIC_PADDING" + or + name = "pkcs7-signeddata" and nid = 22 and normalized = "PKCS7" and algType = "SYMMETRIC_PADDING" + or + name = "ripemd160withrsa" and + nid = 119 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "ripemd160withrsa" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "rsa-md2" and nid = 7 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md2" and nid = 7 and normalized = "MD2" and algType = "HASH" + or + name = "rsa-md4" and nid = 396 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md4" and nid = 396 and normalized = "MD4" and algType = "HASH" + or + name = "rsa-md5" and nid = 8 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-md5" and nid = 8 and normalized = "MD5" and algType = "HASH" + or + name = "rsa-mdc2" and nid = 96 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-mdc2" and nid = 96 and normalized = "MDC2" and algType = "HASH" + or + name = "rsa-np-md5" and nid = 104 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-np-md5" and nid = 104 and normalized = "MD5" and algType = "HASH" + or + name = "rsa-ripemd160" and nid = 119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-ripemd160" and nid = 119 and normalized = "RIPEMD160" and algType = "HASH" + or + name = "rsa-sha" and nid = 42 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha" and nid = 42 and normalized = "SHA" and algType = "HASH" + or + name = "rsa-sha1" and nid = 65 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha1" and nid = 65 and normalized = "SHA1" and algType = "HASH" + or + name = "rsa-sha1-2" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha1-2" and nid = 115 and normalized = "SHA1" and algType = "HASH" + or + name = "rsa-sha224" and nid = 671 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha224" and nid = 671 and normalized = "SHA224" and algType = "HASH" + or + name = "rsa-sha256" and nid = 668 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha256" and nid = 668 and normalized = "SHA256" and algType = "HASH" + or + name = "rsa-sha3-224" and nid = 1116 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-224" and nid = 1116 and normalized = "SHA3224" and algType = "HASH" + or + name = "rsa-sha3-256" and nid = 1117 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-256" and nid = 1117 and normalized = "SHA3256" and algType = "HASH" + or + name = "rsa-sha3-384" and nid = 1118 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-384" and nid = 1118 and normalized = "SHA3384" and algType = "HASH" + or + name = "rsa-sha3-512" and nid = 1119 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha3-512" and nid = 1119 and normalized = "SHA3512" and algType = "HASH" + or + name = "rsa-sha384" and nid = 669 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha384" and nid = 669 and normalized = "SHA384" and algType = "HASH" + or + name = "rsa-sha512" and nid = 670 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512" and nid = 670 and normalized = "SHA512" and algType = "HASH" + or + name = "rsa-sha512/224" and + nid = 1145 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512/224" and nid = 1145 and normalized = "SHA512224" and algType = "HASH" + or + name = "rsa-sha512/256" and + nid = 1146 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sha512/256" and nid = 1146 and normalized = "SHA512256" and algType = "HASH" + or + name = "rsa-sm3" and nid = 1144 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsa-sm3" and nid = 1144 and normalized = "SM3" and algType = "HASH" + or + name = "rsaencryption" and nid = 6 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsaes-oaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" + or + name = "rsaesoaep" and nid = 919 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaesoaep" and nid = 919 and normalized = "AES" and algType = "SYMMETRIC_ENCRYPTION" + or + name = "rsaesoaep" and nid = 919 and normalized = "OAEP" and algType = "ASYMMETRIC_PADDING" + or + name = "rsaoaepencryptionset" and + nid = 644 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsaoaepencryptionset" and + nid = 644 and + normalized = "OAEP" and + algType = "ASYMMETRIC_PADDING" + or + name = "rsasignature" and nid = 377 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassa-pss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassa-pss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "rsassapss" and nid = 912 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "rsassapss" and nid = 912 and normalized = "PSS" and algType = "ASYMMETRIC_PADDING" + or + name = "sha1withrsa" and nid = 115 and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha1withrsa" and nid = 115 and normalized = "SHA1" and algType = "HASH" + or + name = "sha1withrsaencryption" and + nid = 65 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha1withrsaencryption" and nid = 65 and normalized = "SHA1" and algType = "HASH" + or + name = "sha224withrsaencryption" and + nid = 671 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha224withrsaencryption" and nid = 671 and normalized = "SHA224" and algType = "HASH" + or + name = "sha256withrsaencryption" and + nid = 668 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha256withrsaencryption" and nid = 668 and normalized = "SHA256" and algType = "HASH" + or + name = "sha384withrsaencryption" and + nid = 669 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha384withrsaencryption" and nid = 669 and normalized = "SHA384" and algType = "HASH" + or + name = "sha512-224withrsaencryption" and + nid = 1145 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512-224withrsaencryption" and + nid = 1145 and + normalized = "SHA512224" and + algType = "HASH" + or + name = "sha512-256withrsaencryption" and + nid = 1146 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512-256withrsaencryption" and + nid = 1146 and + normalized = "SHA512256" and + algType = "HASH" + or + name = "sha512withrsaencryption" and + nid = 670 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sha512withrsaencryption" and nid = 670 and normalized = "SHA512" and algType = "HASH" + or + name = "shawithrsaencryption" and + nid = 42 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "shawithrsaencryption" and nid = 42 and normalized = "SHA" and algType = "HASH" + or + name = "sm2" and nid = 1172 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm2-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" + or + name = "sm2-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm2-with-sm3" and nid = 1204 and normalized = "SM3" and algType = "HASH" + or + name = "sm2-with-sm3" and nid = 1204 and normalized = "SM2" and algType = "ELLIPTIC_CURVE" + or + name = "sm3withrsaencryption" and + nid = 1144 and + normalized = "RSA" and + algType = "ASYMMETRIC_ENCRYPTION" + or + name = "sm3withrsaencryption" and nid = 1144 and normalized = "SM3" and algType = "HASH" +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll new file mode 100644 index 00000000000..2c46a7c0674 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll @@ -0,0 +1,121 @@ +import cpp +import experimental.cryptography.utils.OpenSSL.LibraryFunction +import experimental.cryptography.CryptoAlgorithmNames + +predicate inferredOpenSSLCryptoFunctionCall(Call c, string normalized, string algType) { + inferredOpenSSLCryptoFunction(c.getTarget(), normalized, algType) +} + +predicate inferredOpenSSLCryptoFunction(Function f, string normalized, string algType) { + isPossibleOpenSSLFunction(f) and + normalizeFunctionName(f, algType) = normalized +} + +predicate isOpenSSLCryptoFunction(Function f, string normalized, string algType) { + // NOTE: relying on inference as there are thousands of functions for crypto + // enumerating them all and maintaining the list seems problematic. + // For now, we will rely on dynamically inferring algorithms for function names. + // This has been seen to be reasonably efficient and accurate. + inferredOpenSSLCryptoFunction(f, normalized, algType) +} + +predicate isOpenSSLCryptoFunctionCall(Call c, string normalized, string algType) { + isOpenSSLCryptoFunction(c.getTarget(), normalized, algType) +} + +private string basicNormalizeFunctionName(Function f, string algType) { + isPossibleOpenSSLFunction(f) and + isKnownAlgorithm(result, algType) and + exists(string normStr | normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + normStr.matches("%" + result + "%") + ) +} + +/** + * Converts a raw OpenSSL algorithm to a normalized algorithm name. + * + * If more than one match occurs for a given algorithm type, normalize attempts to find the "max" + * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. + * + * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. + * + * `f` is the function name to normalize. + * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) + */ +private string privateNormalizeFunctionName(Function f, string algType) { + isPossibleOpenSSLFunction(f) and + result = basicNormalizeFunctionName(f, algType) and + not exists(string res2 | + result != res2 and + res2 = basicNormalizeFunctionName(f, algType) and + res2.length() > result.length() + ) +} + +/** + * Normalizes a function name to a known algorithm name, similar to `normalizeName`. + * A function is not, however, allowed to be UNKNOWN. The function either + * normalizes to a known algorithm name, or the predicate does not hold (no result). + * + * The predicate attempts to restrict normalization to what looks like an openssl + * library by looking for functions only in an openssl path (see `isPossibleOpenSSLFunction`). + * This may give false postive functions if a directory erronously appears to be openssl; + * however, we take the stance that if a function + * exists strongly mapping to a known function name in a directory such as these, + * regardless of whether its actually a part of openSSL or not, we will analyze it as though it were. + */ +private string normalizeFunctionName(Function f, string algType) { + algType != "UNKNOWN" and + isPossibleOpenSSLFunction(f) and + result = privateNormalizeFunctionName(f, algType) and + // Addressing false positives + // For algorithm names less than or equal to 4, we must see the algorithm name + // in the original function as upper case (it can't be split between tokens) + // One exception found is DES_xcbc_encrypt, this is DESX + ( + (result.length() <= 4 and result != "DESX") + implies + f.getName().toUpperCase().matches("%" + result + "%") + ) and + ( + (result.length() <= 4 and result = "DESX") + implies + (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%")) + ) and + // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) + // and + // DES specific false positives + ( + result.matches("DES") + implies + not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*") + ) and + // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | + // f.getName().toUpperCase().matches("%" + s + "%"))) and + // SEED specific false positives + ( + result.matches("SEED") + implies + not exists(string s | + s in [ + "SEED_SRC_GENERATE", "RAND", "NEW_SEED", "GEN_SEED", "SEED_GEN", "SET_SEED", "GET_SEED", + "GET0_SEED", "RESEED", "SEEDING" + ] + | + f.getName().toUpperCase().matches("%" + s + "%") + ) + ) and + // ARIA specific false positives + (result.matches("ARIA") implies not f.getName().toUpperCase().matches("%VARIANT%")) and + // CTR false positives + (result.matches("CTR") implies not f.getName().toUpperCase().matches("%CTRL%")) and + // ES false positives (e.g., ES256 from AES256) + (result.matches("ES%") implies not f.getName().toUpperCase().matches("%AES%")) and + // RSA false positives + (result.matches("RSA") implies not f.getName().toUpperCase().matches("%UNIVERSAL%")) and + //rsaz functions deemed to be too low level, and can be ignored + not f.getLocation().getFile().getBaseName().matches("rsaz_exp.c") and + // General False positives + // Functions that 'get' do not set an algorithm, and therefore are considered ignorable + not f.getName().toLowerCase().matches("%get%") +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll new file mode 100644 index 00000000000..ba83de34597 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll @@ -0,0 +1,153 @@ +/** + * This file contains predicates create to build up initial data sets for OpenSSL + * predicates. E.g., These predicates were used to assist in associating all + * openSSL functions with their known crypto algorithms. + */ + +import cpp +import experimental.cryptography.CryptoAlgorithmNames +import experimental.cryptography.utils.OpenSSL.CryptoFunction + +private string basicNormalizeFunctionName(Function f, string algType) { + isKnownAlgorithm(result, algType) and + exists(string normStr | normStr = f.getName().toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + normStr.matches("%" + result + "%") + ) +} + +/** + * Converts a raw OpenSSL algorithm to a normalized algorithm name. + * + * If more than one match occurs for a given algorithm type, normalize attempts to find the "max" + * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. + * + * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. + * + * `f` is the function name to normalize. + * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) + */ +private string privateNormalizeFunctionName(Function f, string algType) { + result = basicNormalizeFunctionName(f, algType) and + not exists(string res2 | + result != res2 and + res2 = basicNormalizeFunctionName(f, algType) and + res2.length() > result.length() + ) and + // Addressing bad normalization case-by-case + // CASE: ES256 being identified when the algorithm is AES256 + ( + result.matches("ES256") + implies + not exists(string res2 | res2 = basicNormalizeFunctionName(f, _) and res2.matches("AES%")) + ) +} + +/** + * Normalizes a function name to a known algorithm name, similar to `normalizeName`. + * A function is not, however, allowed to be UNKNOWN. The function either + * normalizes to a known algorithm name, or the predicate does not hold (no result). + * + * The predicate attempts to restrict normalization to what looks like an openssl + * library by looking for functions only in an openssl path (see `isPossibleOpenSSLFunction`). + * This may give false postive functions if a directory erronously appears to be openssl; + * however, we take the stance that if a function + * exists strongly mapping to a known function name in a directory such as these, + * regardless of whether its actually a part of openSSL or not, we will analyze it as though it were. + */ +string normalizeFunctionName(Function f, string algType) { + algType != "UNKNOWN" and + result = privateNormalizeFunctionName(f, algType) and + openSSLLibraryFunc(f) and + // Addressing false positives + // For algorithm names less than or equal to 4, we must see the algorithm name + // in the original function as upper case (it can't be split between tokens) + // One exception found is DES_xcbc_encrypt, this is DESX + ( + (result.length() <= 4 and result != "DESX") + implies + f.getName().toUpperCase().matches("%" + result + "%") + ) and + ( + (result.length() <= 4 and result = "DESX") + implies + (f.getName().toUpperCase().matches("%DESX%") or f.getName().toUpperCase().matches("%DES_X%")) + ) and + // (result.length() <= 3 implies (not f.getName().toUpperCase().regexpMatch(".*" + result + "[a-zA-Z0-9].*|.*[a-zA-Z0-9]" + result + ".*"))) + // and + // DES specific false positives + ( + result.matches("DES") + implies + not f.getName().toUpperCase().regexpMatch(".*DES[a-zA-Z0-9].*|.*[a-zA-Z0-9]DES.*") + ) and + // ((result.matches("%DES%")) implies not exists(string s | s in ["DESCRIBE", "DESTROY", "DESCRIPTION", "DESCRIPTOR", "NODES"] | + // f.getName().toUpperCase().matches("%" + s + "%"))) and + // SEED specific false positives + ( + result.matches("%SEED%") + implies + not not exists(string s | + s in ["NEW_SEED", "GEN_SEED", "SET_SEED", "GET_SEED", "GET0_SEED", "RESEED", "SEEDING"] + | + f.getName().toUpperCase().matches("%" + s + "%") + ) + ) and + // ARIA specific false positives + (result.matches("%ARIA%") implies not f.getName().toUpperCase().matches("%VARIANT%")) +} + +/** + * Predicate to support name normalization. + * Converts the raw name upper-case with no hyphen, slash, underscore, hash, or space. + * Looks for substrings that are known algorithms, and normalizes the name. + * If the algorithm cannot be determined or is in the ignorable list (`isIgnorableOpenSSLAlgorithm`) + * this predicate will not resolve a name. + * + * Rationale for private: For normalization, we want to get the longest string for a normalized name match + * for a given algorithm type. I found this easier to express if the public normalizeName + * checks that the name is the longest, and that UNKNOWN is reserved if there exists no + * result from this predicate that is known. + */ +bindingset[name] +string privateNormalizeName(string name, string algType) { + //not isIgnorableOpenSSLAlgorithm(name, _, _) and + // targetOpenSSLAlgorithm(name, _) and + isKnownAlgorithm(result, algType) and + exists(string normStr | normStr = name.toUpperCase().regexpReplaceAll("[-_ ]|/", "") | + normStr.matches("%" + result + "%") + ) +} + +/** + * Converts a raw OpenSSL algorithm to a normalized algorithm name. + * + * If more than one match occurs for a given algorithm type, normalize attempts to find the "max" + * string (max in terms of string length) e.g., matching AES128 to AES128 and not simply AES. + * + * An unknown algorithm is only identified if there exists no known algorithm found for any algorithm type. + * + * `name` is the name to normalize. + * `algType` is a string representing the classification of the algorithm (see `CryptoAlgorithmNames`) + */ +bindingset[name] +string normalizeName(string name, string algType) { + ( + if exists(privateNormalizeName(name, _)) + then result = privateNormalizeName(name, algType) + else ( + result = unknownAlgorithm() and algType = "UNKNOWN" + ) + ) and + not exists(string res2 | + result != res2 and + res2 = privateNormalizeName(name, algType) and + res2.length() > result.length() + ) and + // Addressing bad normalization case-by-case + // CASE: ES256 being identified when the algorithm is AES256 + ( + result.matches("ES256") + implies + not exists(string res2 | res2 = privateNormalizeName(name, _) and res2.matches("AES%")) + ) +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll new file mode 100644 index 00000000000..a70b91e5e9e --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll @@ -0,0 +1,11292 @@ +import cpp + +/** + * A function is a possibleOpenSSLFunction + * if the function's declaration exists in a subdirectory of any directory matching 'openssl' as a substring. + */ +predicate isPossibleOpenSSLFunction(Function f) { + f.getADeclarationLocation().toString().toLowerCase().matches("%openssl%") +} + +predicate openSSLLibraryFunc(Function f) { + openSSLAPIFuncName(f.getName()) and + isPossibleOpenSSLFunction(f) +} + +/** + * OpenSSL functions as defined in the OpenSSL docs + * https://www.openssl.org/docs/manmaster/man3/ + */ +predicate openSSLAPIFuncName(string name) { + name = "ACCESS_DESCRIPTION_free" + or + name = "ACCESS_DESCRIPTION_new" + or + name = "ADMISSIONS" + or + name = "ADMISSIONS_free" + or + name = "ADMISSIONS_get0_admissionAuthority" + or + name = "ADMISSIONS_get0_namingAuthority" + or + name = "ADMISSIONS_get0_professionInfos" + or + name = "ADMISSIONS_new" + or + name = "ADMISSIONS_set0_admissionAuthority" + or + name = "ADMISSIONS_set0_namingAuthority" + or + name = "ADMISSIONS_set0_professionInfos" + or + name = "ADMISSION_SYNTAX" + or + name = "ADMISSION_SYNTAX_free" + or + name = "ADMISSION_SYNTAX_get0_admissionAuthority" + or + name = "ADMISSION_SYNTAX_get0_contentsOfAdmissions" + or + name = "ADMISSION_SYNTAX_new" + or + name = "ADMISSION_SYNTAX_set0_admissionAuthority" + or + name = "ADMISSION_SYNTAX_set0_contentsOfAdmissions" + or + name = "ASIdOrRange_free" + or + name = "ASIdOrRange_new" + or + name = "ASIdentifierChoice_free" + or + name = "ASIdentifierChoice_new" + or + name = "ASIdentifiers_free" + or + name = "ASIdentifiers_new" + or + name = "ASN1_AUX" + or + name = "ASN1_ENUMERATED_get" + or + name = "ASN1_ENUMERATED_get_int64" + or + name = "ASN1_ENUMERATED_set" + or + name = "ASN1_ENUMERATED_set_int64" + or + name = "ASN1_ENUMERATED_to_BN" + or + name = "ASN1_EXTERN_FUNCS" + or + name = "ASN1_GENERALIZEDTIME_adj" + or + name = "ASN1_GENERALIZEDTIME_check" + or + name = "ASN1_GENERALIZEDTIME_dup" + or + name = "ASN1_GENERALIZEDTIME_print" + or + name = "ASN1_GENERALIZEDTIME_set" + or + name = "ASN1_GENERALIZEDTIME_set_string" + or + name = "ASN1_INTEGER_free" + or + name = "ASN1_INTEGER_get" + or + name = "ASN1_INTEGER_get_int64" + or + name = "ASN1_INTEGER_get_uint64" + or + name = "ASN1_INTEGER_new" + or + name = "ASN1_INTEGER_set" + or + name = "ASN1_INTEGER_set_int64" + or + name = "ASN1_INTEGER_set_uint64" + or + name = "ASN1_INTEGER_to_BN" + or + name = "ASN1_ITEM" + or + name = "ASN1_ITEM_get" + or + name = "ASN1_ITEM_lookup" + or + name = "ASN1_OBJECT_free" + or + name = "ASN1_OBJECT_new" + or + name = "ASN1_PRINT_ARG" + or + name = "ASN1_STREAM_ARG" + or + name = "ASN1_STRING_TABLE" + or + name = "ASN1_STRING_TABLE_add" + or + name = "ASN1_STRING_TABLE_cleanup" + or + name = "ASN1_STRING_TABLE_get" + or + name = "ASN1_STRING_cmp" + or + name = "ASN1_STRING_data" + or + name = "ASN1_STRING_dup" + or + name = "ASN1_STRING_free" + or + name = "ASN1_STRING_get0_data" + or + name = "ASN1_STRING_length" + or + name = "ASN1_STRING_length_set" + or + name = "ASN1_STRING_new" + or + name = "ASN1_STRING_print" + or + name = "ASN1_STRING_print_ex" + or + name = "ASN1_STRING_print_ex_fp" + or + name = "ASN1_STRING_set" + or + name = "ASN1_STRING_to_UTF8" + or + name = "ASN1_STRING_type" + or + name = "ASN1_STRING_type_new" + or + name = "ASN1_TIME_adj" + or + name = "ASN1_TIME_check" + or + name = "ASN1_TIME_cmp_time_t" + or + name = "ASN1_TIME_compare" + or + name = "ASN1_TIME_diff" + or + name = "ASN1_TIME_dup" + or + name = "ASN1_TIME_normalize" + or + name = "ASN1_TIME_print" + or + name = "ASN1_TIME_print_ex" + or + name = "ASN1_TIME_set" + or + name = "ASN1_TIME_set_string" + or + name = "ASN1_TIME_set_string_X509" + or + name = "ASN1_TIME_to_generalizedtime" + or + name = "ASN1_TIME_to_tm" + or + name = "ASN1_TYPE_cmp" + or + name = "ASN1_TYPE_get" + or + name = "ASN1_TYPE_pack_sequence" + or + name = "ASN1_TYPE_set" + or + name = "ASN1_TYPE_set1" + or + name = "ASN1_TYPE_unpack_sequence" + or + name = "ASN1_UTCTIME_adj" + or + name = "ASN1_UTCTIME_check" + or + name = "ASN1_UTCTIME_cmp_time_t" + or + name = "ASN1_UTCTIME_dup" + or + name = "ASN1_UTCTIME_print" + or + name = "ASN1_UTCTIME_set" + or + name = "ASN1_UTCTIME_set_string" + or + name = "ASN1_add_oid_module" + or + name = "ASN1_aux_cb" + or + name = "ASN1_aux_const_cb" + or + name = "ASN1_ex_d2i" + or + name = "ASN1_ex_d2i_ex" + or + name = "ASN1_ex_free_func" + or + name = "ASN1_ex_i2d" + or + name = "ASN1_ex_new_ex_func" + or + name = "ASN1_ex_new_func" + or + name = "ASN1_ex_print_func" + or + name = "ASN1_generate_nconf" + or + name = "ASN1_generate_v3" + or + name = "ASN1_item_d2i" + or + name = "ASN1_item_d2i_bio" + or + name = "ASN1_item_d2i_bio_ex" + or + name = "ASN1_item_d2i_ex" + or + name = "ASN1_item_d2i_fp" + or + name = "ASN1_item_d2i_fp_ex" + or + name = "ASN1_item_i2d_mem_bio" + or + name = "ASN1_item_new" + or + name = "ASN1_item_new_ex" + or + name = "ASN1_item_pack" + or + name = "ASN1_item_sign" + or + name = "ASN1_item_sign_ctx" + or + name = "ASN1_item_sign_ex" + or + name = "ASN1_item_unpack" + or + name = "ASN1_item_unpack_ex" + or + name = "ASN1_item_verify" + or + name = "ASN1_item_verify_ctx" + or + name = "ASN1_item_verify_ex" + or + name = "ASN1_tag2str" + or + name = "ASRange_free" + or + name = "ASRange_new" + or + name = "ASYNC_STATUS_EAGAIN" + or + name = "ASYNC_STATUS_ERR" + or + name = "ASYNC_STATUS_OK" + or + name = "ASYNC_STATUS_UNSUPPORTED" + or + name = "ASYNC_WAIT_CTX_clear_fd" + or + name = "ASYNC_WAIT_CTX_free" + or + name = "ASYNC_WAIT_CTX_get_all_fds" + or + name = "ASYNC_WAIT_CTX_get_callback" + or + name = "ASYNC_WAIT_CTX_get_changed_fds" + or + name = "ASYNC_WAIT_CTX_get_fd" + or + name = "ASYNC_WAIT_CTX_get_status" + or + name = "ASYNC_WAIT_CTX_new" + or + name = "ASYNC_WAIT_CTX_set_callback" + or + name = "ASYNC_WAIT_CTX_set_status" + or + name = "ASYNC_WAIT_CTX_set_wait_fd" + or + name = "ASYNC_block_pause" + or + name = "ASYNC_callback_fn" + or + name = "ASYNC_cleanup_thread" + or + name = "ASYNC_get_current_job" + or + name = "ASYNC_get_mem_functions" + or + name = "ASYNC_get_wait_ctx" + or + name = "ASYNC_init_thread" + or + name = "ASYNC_is_capable" + or + name = "ASYNC_pause_job" + or + name = "ASYNC_set_mem_functions" + or + name = "ASYNC_stack_alloc_fn" + or + name = "ASYNC_stack_free_fn" + or + name = "ASYNC_start_job" + or + name = "ASYNC_unblock_pause" + or + name = "AUTHORITY_INFO_ACCESS_free" + or + name = "AUTHORITY_INFO_ACCESS_new" + or + name = "AUTHORITY_KEYID_free" + or + name = "AUTHORITY_KEYID_new" + or + name = "BASIC_CONSTRAINTS_free" + or + name = "BASIC_CONSTRAINTS_new" + or + name = "BF_cbc_encrypt" + or + name = "BF_cfb64_encrypt" + or + name = "BF_decrypt" + or + name = "BF_ecb_encrypt" + or + name = "BF_encrypt" + or + name = "BF_ofb64_encrypt" + or + name = "BF_options" + or + name = "BF_set_key" + or + name = "BIO_ADDR" + or + name = "BIO_ADDRINFO" + or + name = "BIO_ADDRINFO_address" + or + name = "BIO_ADDRINFO_family" + or + name = "BIO_ADDRINFO_free" + or + name = "BIO_ADDRINFO_next" + or + name = "BIO_ADDRINFO_protocol" + or + name = "BIO_ADDRINFO_socktype" + or + name = "BIO_ADDR_clear" + or + name = "BIO_ADDR_dup" + or + name = "BIO_ADDR_family" + or + name = "BIO_ADDR_free" + or + name = "BIO_ADDR_hostname_string" + or + name = "BIO_ADDR_new" + or + name = "BIO_ADDR_path_string" + or + name = "BIO_ADDR_rawaddress" + or + name = "BIO_ADDR_rawmake" + or + name = "BIO_ADDR_rawport" + or + name = "BIO_ADDR_service_string" + or + name = "BIO_accept_ex" + or + name = "BIO_append_filename" + or + name = "BIO_bind" + or + name = "BIO_callback_ctrl" + or + name = "BIO_callback_fn" + or + name = "BIO_callback_fn_ex" + or + name = "BIO_closesocket" + or + name = "BIO_connect" + or + name = "BIO_ctrl" + or + name = "BIO_ctrl_dgram_connect" + or + name = "BIO_ctrl_get_read_request" + or + name = "BIO_ctrl_get_write_guarantee" + or + name = "BIO_ctrl_pending" + or + name = "BIO_ctrl_reset_read_request" + or + name = "BIO_ctrl_set_connected" + or + name = "BIO_ctrl_wpending" + or + name = "BIO_debug_callback" + or + name = "BIO_debug_callback_ex" + or + name = "BIO_destroy_bio_pair" + or + name = "BIO_dgram_get_caps" + or + name = "BIO_dgram_get_effective_caps" + or + name = "BIO_dgram_get_local_addr_cap" + or + name = "BIO_dgram_get_local_addr_enable" + or + name = "BIO_dgram_get_mtu" + or + name = "BIO_dgram_get_mtu_overhead" + or + name = "BIO_dgram_get_no_trunc" + or + name = "BIO_dgram_get_peer" + or + name = "BIO_dgram_recv_timedout" + or + name = "BIO_dgram_send_timedout" + or + name = "BIO_dgram_set_caps" + or + name = "BIO_dgram_set_local_addr_enable" + or + name = "BIO_dgram_set_mtu" + or + name = "BIO_dgram_set_no_trunc" + or + name = "BIO_dgram_set_peer" + or + name = "BIO_do_accept" + or + name = "BIO_do_connect" + or + name = "BIO_do_connect_retry" + or + name = "BIO_do_handshake" + or + name = "BIO_eof" + or + name = "BIO_err_is_non_fatal" + or + name = "BIO_f_base64" + or + name = "BIO_f_brotli" + or + name = "BIO_f_buffer" + or + name = "BIO_f_cipher" + or + name = "BIO_f_md" + or + name = "BIO_f_null" + or + name = "BIO_f_prefix" + or + name = "BIO_f_readbuffer" + or + name = "BIO_f_ssl" + or + name = "BIO_f_zlib" + or + name = "BIO_f_zstd" + or + name = "BIO_find_type" + or + name = "BIO_flush" + or + name = "BIO_free" + or + name = "BIO_free_all" + or + name = "BIO_get_accept_ip_family" + or + name = "BIO_get_accept_name" + or + name = "BIO_get_accept_port" + or + name = "BIO_get_app_data" + or + name = "BIO_get_bind_mode" + or + name = "BIO_get_buffer_num_lines" + or + name = "BIO_get_callback" + or + name = "BIO_get_callback_arg" + or + name = "BIO_get_callback_ex" + or + name = "BIO_get_cipher_ctx" + or + name = "BIO_get_cipher_status" + or + name = "BIO_get_close" + or + name = "BIO_get_conn_address" + or + name = "BIO_get_conn_hostname" + or + name = "BIO_get_conn_int_port" + or + name = "BIO_get_conn_ip" + or + name = "BIO_get_conn_ip_family" + or + name = "BIO_get_conn_mode" + or + name = "BIO_get_conn_port" + or + name = "BIO_get_data" + or + name = "BIO_get_ex_data" + or + name = "BIO_get_ex_new_index" + or + name = "BIO_get_fd" + or + name = "BIO_get_fp" + or + name = "BIO_get_indent" + or + name = "BIO_get_info_callback" + or + name = "BIO_get_init" + or + name = "BIO_get_ktls_recv" + or + name = "BIO_get_ktls_send" + or + name = "BIO_get_line" + or + name = "BIO_get_md" + or + name = "BIO_get_md_ctx" + or + name = "BIO_get_mem_data" + or + name = "BIO_get_mem_ptr" + or + name = "BIO_get_new_index" + or + name = "BIO_get_num_renegotiates" + or + name = "BIO_get_peer_name" + or + name = "BIO_get_peer_port" + or + name = "BIO_get_read_request" + or + name = "BIO_get_retry_BIO" + or + name = "BIO_get_retry_reason" + or + name = "BIO_get_rpoll_descriptor" + or + name = "BIO_get_shutdown" + or + name = "BIO_get_ssl" + or + name = "BIO_get_wpoll_descriptor" + or + name = "BIO_get_write_buf_size" + or + name = "BIO_get_write_guarantee" + or + name = "BIO_gets" + or + name = "BIO_hostserv_priorities" + or + name = "BIO_info_cb" + or + name = "BIO_int_ctrl" + or + name = "BIO_listen" + or + name = "BIO_lookup" + or + name = "BIO_lookup_ex" + or + name = "BIO_lookup_type" + or + name = "BIO_make_bio_pair" + or + name = "BIO_meth_free" + or + name = "BIO_meth_get_callback_ctrl" + or + name = "BIO_meth_get_create" + or + name = "BIO_meth_get_ctrl" + or + name = "BIO_meth_get_destroy" + or + name = "BIO_meth_get_gets" + or + name = "BIO_meth_get_puts" + or + name = "BIO_meth_get_read" + or + name = "BIO_meth_get_read_ex" + or + name = "BIO_meth_get_recvmmsg" + or + name = "BIO_meth_get_sendmmsg" + or + name = "BIO_meth_get_write" + or + name = "BIO_meth_get_write_ex" + or + name = "BIO_meth_new" + or + name = "BIO_meth_set_callback_ctrl" + or + name = "BIO_meth_set_create" + or + name = "BIO_meth_set_ctrl" + or + name = "BIO_meth_set_destroy" + or + name = "BIO_meth_set_gets" + or + name = "BIO_meth_set_puts" + or + name = "BIO_meth_set_read" + or + name = "BIO_meth_set_read_ex" + or + name = "BIO_meth_set_recvmmsg" + or + name = "BIO_meth_set_sendmmsg" + or + name = "BIO_meth_set_write" + or + name = "BIO_meth_set_write_ex" + or + name = "BIO_method_type" + or + name = "BIO_new" + or + name = "BIO_new_CMS" + or + name = "BIO_new_accept" + or + name = "BIO_new_bio_dgram_pair" + or + name = "BIO_new_bio_pair" + or + name = "BIO_new_buffer_ssl_connect" + or + name = "BIO_new_connect" + or + name = "BIO_new_dgram" + or + name = "BIO_new_ex" + or + name = "BIO_new_fd" + or + name = "BIO_new_file" + or + name = "BIO_new_fp" + or + name = "BIO_new_from_core_bio" + or + name = "BIO_new_mem_buf" + or + name = "BIO_new_socket" + or + name = "BIO_new_ssl" + or + name = "BIO_new_ssl_connect" + or + name = "BIO_next" + or + name = "BIO_parse_hostserv" + or + name = "BIO_pending" + or + name = "BIO_pop" + or + name = "BIO_printf" + or + name = "BIO_ptr_ctrl" + or + name = "BIO_push" + or + name = "BIO_puts" + or + name = "BIO_read" + or + name = "BIO_read_ex" + or + name = "BIO_read_filename" + or + name = "BIO_recvmmsg" + or + name = "BIO_reset" + or + name = "BIO_retry_type" + or + name = "BIO_rw_filename" + or + name = "BIO_s_accept" + or + name = "BIO_s_bio" + or + name = "BIO_s_connect" + or + name = "BIO_s_core" + or + name = "BIO_s_datagram" + or + name = "BIO_s_dgram_mem" + or + name = "BIO_s_dgram_pair" + or + name = "BIO_s_fd" + or + name = "BIO_s_file" + or + name = "BIO_s_mem" + or + name = "BIO_s_null" + or + name = "BIO_s_secmem" + or + name = "BIO_s_socket" + or + name = "BIO_seek" + or + name = "BIO_sendmmsg" + or + name = "BIO_set" + or + name = "BIO_set_accept_bios" + or + name = "BIO_set_accept_ip_family" + or + name = "BIO_set_accept_name" + or + name = "BIO_set_accept_port" + or + name = "BIO_set_app_data" + or + name = "BIO_set_bind_mode" + or + name = "BIO_set_buffer_read_data" + or + name = "BIO_set_buffer_size" + or + name = "BIO_set_callback" + or + name = "BIO_set_callback_arg" + or + name = "BIO_set_callback_ex" + or + name = "BIO_set_cipher" + or + name = "BIO_set_close" + or + name = "BIO_set_conn_address" + or + name = "BIO_set_conn_hostname" + or + name = "BIO_set_conn_int_port" + or + name = "BIO_set_conn_ip" + or + name = "BIO_set_conn_ip_family" + or + name = "BIO_set_conn_mode" + or + name = "BIO_set_conn_port" + or + name = "BIO_set_data" + or + name = "BIO_set_ex_data" + or + name = "BIO_set_fd" + or + name = "BIO_set_fp" + or + name = "BIO_set_indent" + or + name = "BIO_set_info_callback" + or + name = "BIO_set_init" + or + name = "BIO_set_md" + or + name = "BIO_set_mem_buf" + or + name = "BIO_set_mem_eof_return" + or + name = "BIO_set_nbio" + or + name = "BIO_set_nbio_accept" + or + name = "BIO_set_next" + or + name = "BIO_set_prefix" + or + name = "BIO_set_read_buffer_size" + or + name = "BIO_set_retry_reason" + or + name = "BIO_set_shutdown" + or + name = "BIO_set_ssl" + or + name = "BIO_set_ssl_mode" + or + name = "BIO_set_ssl_renegotiate_bytes" + or + name = "BIO_set_ssl_renegotiate_timeout" + or + name = "BIO_set_tfo" + or + name = "BIO_set_tfo_accept" + or + name = "BIO_set_write_buf_size" + or + name = "BIO_set_write_buffer_size" + or + name = "BIO_should_io_special" + or + name = "BIO_should_read" + or + name = "BIO_should_retry" + or + name = "BIO_should_write" + or + name = "BIO_shutdown_wr" + or + name = "BIO_snprintf" + or + name = "BIO_socket" + or + name = "BIO_socket_wait" + or + name = "BIO_ssl_copy_session_id" + or + name = "BIO_ssl_shutdown" + or + name = "BIO_tell" + or + name = "BIO_up_ref" + or + name = "BIO_vfree" + or + name = "BIO_vprintf" + or + name = "BIO_vsnprintf" + or + name = "BIO_wait" + or + name = "BIO_wpending" + or + name = "BIO_write" + or + name = "BIO_write_ex" + or + name = "BIO_write_filename" + or + name = "BN_BLINDING_convert" + or + name = "BN_BLINDING_convert_ex" + or + name = "BN_BLINDING_create_param" + or + name = "BN_BLINDING_free" + or + name = "BN_BLINDING_get_flags" + or + name = "BN_BLINDING_get_thread_id" + or + name = "BN_BLINDING_invert" + or + name = "BN_BLINDING_invert_ex" + or + name = "BN_BLINDING_is_current_thread" + or + name = "BN_BLINDING_lock" + or + name = "BN_BLINDING_new" + or + name = "BN_BLINDING_set_current_thread" + or + name = "BN_BLINDING_set_flags" + or + name = "BN_BLINDING_set_thread_id" + or + name = "BN_BLINDING_thread_id" + or + name = "BN_BLINDING_unlock" + or + name = "BN_BLINDING_update" + or + name = "BN_CTX_end" + or + name = "BN_CTX_free" + or + name = "BN_CTX_get" + or + name = "BN_CTX_init" + or + name = "BN_CTX_new" + or + name = "BN_CTX_new_ex" + or + name = "BN_CTX_secure_new" + or + name = "BN_CTX_secure_new_ex" + or + name = "BN_CTX_start" + or + name = "BN_GENCB_call" + or + name = "BN_GENCB_free" + or + name = "BN_GENCB_get_arg" + or + name = "BN_GENCB_new" + or + name = "BN_GENCB_set" + or + name = "BN_GENCB_set_old" + or + name = "BN_MONT_CTX_copy" + or + name = "BN_MONT_CTX_free" + or + name = "BN_MONT_CTX_init" + or + name = "BN_MONT_CTX_new" + or + name = "BN_MONT_CTX_set" + or + name = "BN_RECP_CTX_free" + or + name = "BN_RECP_CTX_init" + or + name = "BN_RECP_CTX_new" + or + name = "BN_RECP_CTX_set" + or + name = "BN_abs_is_word" + or + name = "BN_add" + or + name = "BN_add_word" + or + name = "BN_are_coprime" + or + name = "BN_bin2bn" + or + name = "BN_bn2bin" + or + name = "BN_bn2binpad" + or + name = "BN_bn2dec" + or + name = "BN_bn2hex" + or + name = "BN_bn2lebinpad" + or + name = "BN_bn2mpi" + or + name = "BN_bn2nativepad" + or + name = "BN_check_prime" + or + name = "BN_clear" + or + name = "BN_clear_bit" + or + name = "BN_clear_free" + or + name = "BN_cmp" + or + name = "BN_copy" + or + name = "BN_dec2bn" + or + name = "BN_div" + or + name = "BN_div_recp" + or + name = "BN_div_word" + or + name = "BN_dup" + or + name = "BN_exp" + or + name = "BN_free" + or + name = "BN_from_montgomery" + or + name = "BN_gcd" + or + name = "BN_generate_prime" + or + name = "BN_generate_prime_ex" + or + name = "BN_generate_prime_ex2" + or + name = "BN_get0_nist_prime_192" + or + name = "BN_get0_nist_prime_224" + or + name = "BN_get0_nist_prime_256" + or + name = "BN_get0_nist_prime_384" + or + name = "BN_get0_nist_prime_521" + or + name = "BN_get_rfc2409_prime_1024" + or + name = "BN_get_rfc2409_prime_768" + or + name = "BN_get_rfc3526_prime_1536" + or + name = "BN_get_rfc3526_prime_2048" + or + name = "BN_get_rfc3526_prime_3072" + or + name = "BN_get_rfc3526_prime_4096" + or + name = "BN_get_rfc3526_prime_6144" + or + name = "BN_get_rfc3526_prime_8192" + or + name = "BN_get_word" + or + name = "BN_hex2bn" + or + name = "BN_init" + or + name = "BN_is_bit_set" + or + name = "BN_is_odd" + or + name = "BN_is_one" + or + name = "BN_is_prime" + or + name = "BN_is_prime_ex" + or + name = "BN_is_prime_fasttest" + or + name = "BN_is_prime_fasttest_ex" + or + name = "BN_is_word" + or + name = "BN_is_zero" + or + name = "BN_lebin2bn" + or + name = "BN_lshift" + or + name = "BN_lshift1" + or + name = "BN_mask_bits" + or + name = "BN_mod" + or + name = "BN_mod_add" + or + name = "BN_mod_exp" + or + name = "BN_mod_exp_mont" + or + name = "BN_mod_exp_mont_consttime" + or + name = "BN_mod_exp_mont_consttime_x2" + or + name = "BN_mod_inverse" + or + name = "BN_mod_mul" + or + name = "BN_mod_mul_montgomery" + or + name = "BN_mod_mul_reciprocal" + or + name = "BN_mod_sqr" + or + name = "BN_mod_sqrt" + or + name = "BN_mod_sub" + or + name = "BN_mod_word" + or + name = "BN_mpi2bn" + or + name = "BN_mul" + or + name = "BN_mul_word" + or + name = "BN_native2bn" + or + name = "BN_new" + or + name = "BN_nnmod" + or + name = "BN_num_bits" + or + name = "BN_num_bits_word" + or + name = "BN_num_bytes" + or + name = "BN_one" + or + name = "BN_print" + or + name = "BN_print_fp" + or + name = "BN_priv_rand" + or + name = "BN_priv_rand_ex" + or + name = "BN_priv_rand_range" + or + name = "BN_priv_rand_range_ex" + or + name = "BN_pseudo_rand" + or + name = "BN_pseudo_rand_range" + or + name = "BN_rand" + or + name = "BN_rand_ex" + or + name = "BN_rand_range" + or + name = "BN_rand_range_ex" + or + name = "BN_rshift" + or + name = "BN_rshift1" + or + name = "BN_secure_new" + or + name = "BN_security_bits" + or + name = "BN_set_bit" + or + name = "BN_set_word" + or + name = "BN_signed_bin2bn" + or + name = "BN_signed_bn2bin" + or + name = "BN_signed_bn2lebin" + or + name = "BN_signed_bn2native" + or + name = "BN_signed_lebin2bn" + or + name = "BN_signed_native2bn" + or + name = "BN_sqr" + or + name = "BN_sub" + or + name = "BN_sub_word" + or + name = "BN_swap" + or + name = "BN_to_ASN1_ENUMERATED" + or + name = "BN_to_ASN1_INTEGER" + or + name = "BN_to_montgomery" + or + name = "BN_ucmp" + or + name = "BN_value_one" + or + name = "BN_with_flags" + or + name = "BN_zero" + or + name = "BUF_MEM_free" + or + name = "BUF_MEM_grow" + or + name = "BUF_MEM_grow_clean" + or + name = "BUF_MEM_new" + or + name = "BUF_MEM_new_ex" + or + name = "BUF_memdup" + or + name = "BUF_reverse" + or + name = "BUF_strdup" + or + name = "BUF_strlcat" + or + name = "BUF_strlcpy" + or + name = "BUF_strndup" + or + name = "CERTIFICATEPOLICIES_free" + or + name = "CERTIFICATEPOLICIES_new" + or + name = "CMS_AuthEnvelopedData_create" + or + name = "CMS_AuthEnvelopedData_create_ex" + or + name = "CMS_ContentInfo_free" + or + name = "CMS_ContentInfo_new" + or + name = "CMS_ContentInfo_new_ex" + or + name = "CMS_ContentInfo_print_ctx" + or + name = "CMS_EncryptedData_decrypt" + or + name = "CMS_EncryptedData_encrypt" + or + name = "CMS_EncryptedData_encrypt_ex" + or + name = "CMS_EnvelopedData_create" + or + name = "CMS_EnvelopedData_create_ex" + or + name = "CMS_EnvelopedData_decrypt" + or + name = "CMS_EnvelopedData_it" + or + name = "CMS_ReceiptRequest_create0" + or + name = "CMS_ReceiptRequest_create0_ex" + or + name = "CMS_ReceiptRequest_free" + or + name = "CMS_ReceiptRequest_get0_values" + or + name = "CMS_ReceiptRequest_new" + or + name = "CMS_RecipientInfo_decrypt" + or + name = "CMS_RecipientInfo_encrypt" + or + name = "CMS_RecipientInfo_kari_set0_pkey" + or + name = "CMS_RecipientInfo_kari_set0_pkey_and_peer" + or + name = "CMS_RecipientInfo_kekri_get0_id" + or + name = "CMS_RecipientInfo_kekri_id_cmp" + or + name = "CMS_RecipientInfo_ktri_cert_cmp" + or + name = "CMS_RecipientInfo_ktri_get0_signer_id" + or + name = "CMS_RecipientInfo_set0_key" + or + name = "CMS_RecipientInfo_set0_pkey" + or + name = "CMS_RecipientInfo_type" + or + name = "CMS_SignedData_free" + or + name = "CMS_SignedData_new" + or + name = "CMS_SignedData_verify" + or + name = "CMS_SignerInfo_cert_cmp" + or + name = "CMS_SignerInfo_get0_signature" + or + name = "CMS_SignerInfo_get0_signer_id" + or + name = "CMS_SignerInfo_set1_signer_cert" + or + name = "CMS_SignerInfo_sign" + or + name = "CMS_add0_cert" + or + name = "CMS_add0_crl" + or + name = "CMS_add0_recipient_key" + or + name = "CMS_add1_ReceiptRequest" + or + name = "CMS_add1_cert" + or + name = "CMS_add1_crl" + or + name = "CMS_add1_recipient" + or + name = "CMS_add1_recipient_cert" + or + name = "CMS_add1_signer" + or + name = "CMS_compress" + or + name = "CMS_data_create" + or + name = "CMS_data_create_ex" + or + name = "CMS_decrypt" + or + name = "CMS_decrypt_set1_password" + or + name = "CMS_decrypt_set1_pkey" + or + name = "CMS_decrypt_set1_pkey_and_peer" + or + name = "CMS_digest_create" + or + name = "CMS_digest_create_ex" + or + name = "CMS_encrypt" + or + name = "CMS_encrypt_ex" + or + name = "CMS_final" + or + name = "CMS_final_digest" + or + name = "CMS_get0_RecipientInfos" + or + name = "CMS_get0_SignerInfos" + or + name = "CMS_get0_content" + or + name = "CMS_get0_eContentType" + or + name = "CMS_get0_signers" + or + name = "CMS_get0_type" + or + name = "CMS_get1_ReceiptRequest" + or + name = "CMS_get1_certs" + or + name = "CMS_get1_crls" + or + name = "CMS_set1_eContentType" + or + name = "CMS_set1_signer_cert" + or + name = "CMS_sign" + or + name = "CMS_sign_ex" + or + name = "CMS_sign_receipt" + or + name = "CMS_uncompress" + or + name = "CMS_verify" + or + name = "CMS_verify_receipt" + or + name = "COMP_CTX_free" + or + name = "COMP_CTX_get_method" + or + name = "COMP_CTX_get_type" + or + name = "COMP_CTX_new" + or + name = "COMP_brotli" + or + name = "COMP_brotli_oneshot" + or + name = "COMP_compress_block" + or + name = "COMP_expand_block" + or + name = "COMP_get_name" + or + name = "COMP_get_type" + or + name = "COMP_zlib" + or + name = "COMP_zlib_oneshot" + or + name = "COMP_zstd" + or + name = "COMP_zstd_oneshot" + or + name = "CONF_get1_default_config_file" + or + name = "CONF_modules_finish" + or + name = "CONF_modules_free" + or + name = "CONF_modules_load" + or + name = "CONF_modules_load_file" + or + name = "CONF_modules_load_file_ex" + or + name = "CONF_modules_unload" + or + name = "CRL_DIST_POINTS_free" + or + name = "CRL_DIST_POINTS_new" + or + name = "CRYPTO_EX_dup" + or + name = "CRYPTO_EX_free" + or + name = "CRYPTO_EX_new" + or + name = "CRYPTO_THREADID_cmp" + or + name = "CRYPTO_THREADID_cpy" + or + name = "CRYPTO_THREADID_current" + or + name = "CRYPTO_THREADID_get_callback" + or + name = "CRYPTO_THREADID_hash" + or + name = "CRYPTO_THREADID_set_callback" + or + name = "CRYPTO_THREAD_lock_free" + or + name = "CRYPTO_THREAD_lock_new" + or + name = "CRYPTO_THREAD_read_lock" + or + name = "CRYPTO_THREAD_run_once" + or + name = "CRYPTO_THREAD_unlock" + or + name = "CRYPTO_THREAD_write_lock" + or + name = "CRYPTO_alloc_ex_data" + or + name = "CRYPTO_atomic_add" + or + name = "CRYPTO_atomic_load" + or + name = "CRYPTO_atomic_or" + or + name = "CRYPTO_clear_free" + or + name = "CRYPTO_clear_realloc" + or + name = "CRYPTO_destroy_dynlockid" + or + name = "CRYPTO_free" + or + name = "CRYPTO_free_ex_data" + or + name = "CRYPTO_free_ex_index" + or + name = "CRYPTO_free_fn" + or + name = "CRYPTO_get_alloc_counts" + or + name = "CRYPTO_get_ex_data" + or + name = "CRYPTO_get_ex_new_index" + or + name = "CRYPTO_get_mem_functions" + or + name = "CRYPTO_get_new_dynlockid" + or + name = "CRYPTO_lock" + or + name = "CRYPTO_malloc" + or + name = "CRYPTO_malloc_fn" + or + name = "CRYPTO_mem_ctrl" + or + name = "CRYPTO_mem_debug_pop" + or + name = "CRYPTO_mem_debug_push" + or + name = "CRYPTO_mem_leaks" + or + name = "CRYPTO_mem_leaks_cb" + or + name = "CRYPTO_mem_leaks_fp" + or + name = "CRYPTO_memcmp" + or + name = "CRYPTO_new_ex_data" + or + name = "CRYPTO_num_locks" + or + name = "CRYPTO_realloc" + or + name = "CRYPTO_realloc_fn" + or + name = "CRYPTO_secure_allocated" + or + name = "CRYPTO_secure_clear_free" + or + name = "CRYPTO_secure_free" + or + name = "CRYPTO_secure_malloc" + or + name = "CRYPTO_secure_malloc_done" + or + name = "CRYPTO_secure_malloc_init" + or + name = "CRYPTO_secure_malloc_initialized" + or + name = "CRYPTO_secure_used" + or + name = "CRYPTO_secure_zalloc" + or + name = "CRYPTO_set_dynlock_create_callback" + or + name = "CRYPTO_set_dynlock_destroy_callback" + or + name = "CRYPTO_set_dynlock_lock_callback" + or + name = "CRYPTO_set_ex_data" + or + name = "CRYPTO_set_locking_callback" + or + name = "CRYPTO_set_mem_debug" + or + name = "CRYPTO_set_mem_functions" + or + name = "CRYPTO_strdup" + or + name = "CRYPTO_strndup" + or + name = "CRYPTO_zalloc" + or + name = "CTLOG_STORE_free" + or + name = "CTLOG_STORE_get0_log_by_id" + or + name = "CTLOG_STORE_load_default_file" + or + name = "CTLOG_STORE_load_file" + or + name = "CTLOG_STORE_new" + or + name = "CTLOG_STORE_new_ex" + or + name = "CTLOG_free" + or + name = "CTLOG_get0_log_id" + or + name = "CTLOG_get0_name" + or + name = "CTLOG_get0_public_key" + or + name = "CTLOG_new" + or + name = "CTLOG_new_ex" + or + name = "CTLOG_new_from_base64" + or + name = "CTLOG_new_from_base64_ex" + or + name = "CT_POLICY_EVAL_CTX_free" + or + name = "CT_POLICY_EVAL_CTX_get0_cert" + or + name = "CT_POLICY_EVAL_CTX_get0_issuer" + or + name = "CT_POLICY_EVAL_CTX_get0_log_store" + or + name = "CT_POLICY_EVAL_CTX_get_time" + or + name = "CT_POLICY_EVAL_CTX_new" + or + name = "CT_POLICY_EVAL_CTX_new_ex" + or + name = "CT_POLICY_EVAL_CTX_set1_cert" + or + name = "CT_POLICY_EVAL_CTX_set1_issuer" + or + name = "CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE" + or + name = "CT_POLICY_EVAL_CTX_set_time" + or + name = "DECLARE_ASN1_FUNCTIONS" + or + name = "DECLARE_LHASH_OF" + or + name = "DECLARE_PEM_rw" + or + name = "DEFINE_LHASH_OF" + or + name = "DEFINE_LHASH_OF_EX" + or + name = "DEFINE_SPECIAL_STACK_OF" + or + name = "DEFINE_SPECIAL_STACK_OF_CONST" + or + name = "DEFINE_STACK_OF" + or + name = "DEFINE_STACK_OF_CONST" + or + name = "DES_cbc_cksum" + or + name = "DES_cfb64_encrypt" + or + name = "DES_cfb_encrypt" + or + name = "DES_crypt" + or + name = "DES_ecb2_encrypt" + or + name = "DES_ecb3_encrypt" + or + name = "DES_ecb_encrypt" + or + name = "DES_ede2_cbc_encrypt" + or + name = "DES_ede2_cfb64_encrypt" + or + name = "DES_ede2_ofb64_encrypt" + or + name = "DES_ede3_cbc_encrypt" + or + name = "DES_ede3_cbcm_encrypt" + or + name = "DES_ede3_cfb64_encrypt" + or + name = "DES_ede3_ofb64_encrypt" + or + name = "DES_enc_read" + or + name = "DES_enc_write" + or + name = "DES_fcrypt" + or + name = "DES_is_weak_key" + or + name = "DES_key_sched" + or + name = "DES_ncbc_encrypt" + or + name = "DES_ofb64_encrypt" + or + name = "DES_ofb_encrypt" + or + name = "DES_pcbc_encrypt" + or + name = "DES_quad_cksum" + or + name = "DES_random_key" + or + name = "DES_set_key" + or + name = "DES_set_key_checked" + or + name = "DES_set_key_unchecked" + or + name = "DES_set_odd_parity" + or + name = "DES_string_to_2keys" + or + name = "DES_string_to_key" + or + name = "DES_xcbc_encrypt" + or + name = "DH_OpenSSL" + or + name = "DH_bits" + or + name = "DH_check" + or + name = "DH_check_ex" + or + name = "DH_check_params" + or + name = "DH_check_params_ex" + or + name = "DH_check_pub_key_ex" + or + name = "DH_clear_flags" + or + name = "DH_compute_key" + or + name = "DH_compute_key_padded" + or + name = "DH_free" + or + name = "DH_generate_key" + or + name = "DH_generate_parameters" + or + name = "DH_generate_parameters_ex" + or + name = "DH_get0_engine" + or + name = "DH_get0_g" + or + name = "DH_get0_key" + or + name = "DH_get0_p" + or + name = "DH_get0_pqg" + or + name = "DH_get0_priv_key" + or + name = "DH_get0_pub_key" + or + name = "DH_get0_q" + or + name = "DH_get_1024_160" + or + name = "DH_get_2048_224" + or + name = "DH_get_2048_256" + or + name = "DH_get_default_method" + or + name = "DH_get_ex_data" + or + name = "DH_get_ex_new_index" + or + name = "DH_get_length" + or + name = "DH_get_nid" + or + name = "DH_meth_dup" + or + name = "DH_meth_free" + or + name = "DH_meth_get0_app_data" + or + name = "DH_meth_get0_name" + or + name = "DH_meth_get_bn_mod_exp" + or + name = "DH_meth_get_compute_key" + or + name = "DH_meth_get_finish" + or + name = "DH_meth_get_flags" + or + name = "DH_meth_get_generate_key" + or + name = "DH_meth_get_generate_params" + or + name = "DH_meth_get_init" + or + name = "DH_meth_new" + or + name = "DH_meth_set0_app_data" + or + name = "DH_meth_set1_name" + or + name = "DH_meth_set_bn_mod_exp" + or + name = "DH_meth_set_compute_key" + or + name = "DH_meth_set_finish" + or + name = "DH_meth_set_flags" + or + name = "DH_meth_set_generate_key" + or + name = "DH_meth_set_generate_params" + or + name = "DH_meth_set_init" + or + name = "DH_new" + or + name = "DH_new_by_nid" + or + name = "DH_new_method" + or + name = "DH_security_bits" + or + name = "DH_set0_key" + or + name = "DH_set0_pqg" + or + name = "DH_set_default_method" + or + name = "DH_set_ex_data" + or + name = "DH_set_flags" + or + name = "DH_set_length" + or + name = "DH_set_method" + or + name = "DH_size" + or + name = "DH_test_flags" + or + name = "DHparams_print" + or + name = "DHparams_print_fp" + or + name = "DIRECTORYSTRING_free" + or + name = "DIRECTORYSTRING_new" + or + name = "DISPLAYTEXT_free" + or + name = "DISPLAYTEXT_new" + or + name = "DIST_POINT_NAME_free" + or + name = "DIST_POINT_NAME_new" + or + name = "DIST_POINT_free" + or + name = "DIST_POINT_new" + or + name = "DSA_OpenSSL" + or + name = "DSA_SIG_free" + or + name = "DSA_SIG_get0" + or + name = "DSA_SIG_new" + or + name = "DSA_SIG_set0" + or + name = "DSA_bits" + or + name = "DSA_clear_flags" + or + name = "DSA_do_sign" + or + name = "DSA_do_verify" + or + name = "DSA_dup_DH" + or + name = "DSA_free" + or + name = "DSA_generate_key" + or + name = "DSA_generate_parameters" + or + name = "DSA_generate_parameters_ex" + or + name = "DSA_get0_engine" + or + name = "DSA_get0_g" + or + name = "DSA_get0_key" + or + name = "DSA_get0_p" + or + name = "DSA_get0_pqg" + or + name = "DSA_get0_priv_key" + or + name = "DSA_get0_pub_key" + or + name = "DSA_get0_q" + or + name = "DSA_get_default_method" + or + name = "DSA_get_ex_data" + or + name = "DSA_get_ex_new_index" + or + name = "DSA_meth_dup" + or + name = "DSA_meth_free" + or + name = "DSA_meth_get0_app_data" + or + name = "DSA_meth_get0_name" + or + name = "DSA_meth_get_bn_mod_exp" + or + name = "DSA_meth_get_finish" + or + name = "DSA_meth_get_flags" + or + name = "DSA_meth_get_init" + or + name = "DSA_meth_get_keygen" + or + name = "DSA_meth_get_mod_exp" + or + name = "DSA_meth_get_paramgen" + or + name = "DSA_meth_get_sign" + or + name = "DSA_meth_get_sign_setup" + or + name = "DSA_meth_get_verify" + or + name = "DSA_meth_new" + or + name = "DSA_meth_set0_app_data" + or + name = "DSA_meth_set1_name" + or + name = "DSA_meth_set_bn_mod_exp" + or + name = "DSA_meth_set_finish" + or + name = "DSA_meth_set_flags" + or + name = "DSA_meth_set_init" + or + name = "DSA_meth_set_keygen" + or + name = "DSA_meth_set_mod_exp" + or + name = "DSA_meth_set_paramgen" + or + name = "DSA_meth_set_sign" + or + name = "DSA_meth_set_sign_setup" + or + name = "DSA_meth_set_verify" + or + name = "DSA_new" + or + name = "DSA_new_method" + or + name = "DSA_print" + or + name = "DSA_print_fp" + or + name = "DSA_security_bits" + or + name = "DSA_set0_key" + or + name = "DSA_set0_pqg" + or + name = "DSA_set_default_method" + or + name = "DSA_set_ex_data" + or + name = "DSA_set_flags" + or + name = "DSA_set_method" + or + name = "DSA_sign" + or + name = "DSA_sign_setup" + or + name = "DSA_size" + or + name = "DSA_test_flags" + or + name = "DSA_verify" + or + name = "DSAparams_dup" + or + name = "DSAparams_print" + or + name = "DSAparams_print_fp" + or + name = "DTLS_client_method" + or + name = "DTLS_get_data_mtu" + or + name = "DTLS_method" + or + name = "DTLS_server_method" + or + name = "DTLS_set_timer_cb" + or + name = "DTLS_timer_cb" + or + name = "DTLSv1_2_client_method" + or + name = "DTLSv1_2_method" + or + name = "DTLSv1_2_server_method" + or + name = "DTLSv1_client_method" + or + name = "DTLSv1_get_timeout" + or + name = "DTLSv1_handle_timeout" + or + name = "DTLSv1_listen" + or + name = "DTLSv1_method" + or + name = "DTLSv1_server_method" + or + name = "ECDH_get_ex_data" + or + name = "ECDH_get_ex_new_index" + or + name = "ECDH_set_ex_data" + or + name = "ECDSA_SIG_free" + or + name = "ECDSA_SIG_get0" + or + name = "ECDSA_SIG_get0_r" + or + name = "ECDSA_SIG_get0_s" + or + name = "ECDSA_SIG_new" + or + name = "ECDSA_SIG_set0" + or + name = "ECDSA_do_sign" + or + name = "ECDSA_do_sign_ex" + or + name = "ECDSA_do_verify" + or + name = "ECDSA_sign" + or + name = "ECDSA_sign_ex" + or + name = "ECDSA_sign_setup" + or + name = "ECDSA_size" + or + name = "ECDSA_verify" + or + name = "ECPARAMETERS_free" + or + name = "ECPARAMETERS_new" + or + name = "ECPKPARAMETERS_free" + or + name = "ECPKPARAMETERS_new" + or + name = "ECPKParameters_print" + or + name = "ECPKParameters_print_fp" + or + name = "EC_GF2m_simple_method" + or + name = "EC_GFp_mont_method" + or + name = "EC_GFp_nist_method" + or + name = "EC_GFp_nistp224_method" + or + name = "EC_GFp_nistp256_method" + or + name = "EC_GFp_nistp521_method" + or + name = "EC_GFp_simple_method" + or + name = "EC_GROUP_check" + or + name = "EC_GROUP_check_discriminant" + or + name = "EC_GROUP_check_named_curve" + or + name = "EC_GROUP_clear_free" + or + name = "EC_GROUP_cmp" + or + name = "EC_GROUP_copy" + or + name = "EC_GROUP_dup" + or + name = "EC_GROUP_free" + or + name = "EC_GROUP_get0_cofactor" + or + name = "EC_GROUP_get0_field" + or + name = "EC_GROUP_get0_generator" + or + name = "EC_GROUP_get0_order" + or + name = "EC_GROUP_get0_seed" + or + name = "EC_GROUP_get_asn1_flag" + or + name = "EC_GROUP_get_basis_type" + or + name = "EC_GROUP_get_cofactor" + or + name = "EC_GROUP_get_curve" + or + name = "EC_GROUP_get_curve_GF2m" + or + name = "EC_GROUP_get_curve_GFp" + or + name = "EC_GROUP_get_curve_name" + or + name = "EC_GROUP_get_degree" + or + name = "EC_GROUP_get_ecparameters" + or + name = "EC_GROUP_get_ecpkparameters" + or + name = "EC_GROUP_get_field_type" + or + name = "EC_GROUP_get_order" + or + name = "EC_GROUP_get_pentanomial_basis" + or + name = "EC_GROUP_get_point_conversion_form" + or + name = "EC_GROUP_get_seed_len" + or + name = "EC_GROUP_get_trinomial_basis" + or + name = "EC_GROUP_have_precompute_mult" + or + name = "EC_GROUP_method_of" + or + name = "EC_GROUP_new" + or + name = "EC_GROUP_new_by_curve_name" + or + name = "EC_GROUP_new_by_curve_name_ex" + or + name = "EC_GROUP_new_curve_GF2m" + or + name = "EC_GROUP_new_curve_GFp" + or + name = "EC_GROUP_new_from_ecparameters" + or + name = "EC_GROUP_new_from_ecpkparameters" + or + name = "EC_GROUP_new_from_params" + or + name = "EC_GROUP_order_bits" + or + name = "EC_GROUP_precompute_mult" + or + name = "EC_GROUP_set_asn1_flag" + or + name = "EC_GROUP_set_curve" + or + name = "EC_GROUP_set_curve_GF2m" + or + name = "EC_GROUP_set_curve_GFp" + or + name = "EC_GROUP_set_curve_name" + or + name = "EC_GROUP_set_generator" + or + name = "EC_GROUP_set_point_conversion_form" + or + name = "EC_GROUP_set_seed" + or + name = "EC_GROUP_to_params" + or + name = "EC_KEY_check_key" + or + name = "EC_KEY_clear_flags" + or + name = "EC_KEY_copy" + or + name = "EC_KEY_decoded_from_explicit_params" + or + name = "EC_KEY_dup" + or + name = "EC_KEY_free" + or + name = "EC_KEY_generate_key" + or + name = "EC_KEY_get0_engine" + or + name = "EC_KEY_get0_group" + or + name = "EC_KEY_get0_private_key" + or + name = "EC_KEY_get0_public_key" + or + name = "EC_KEY_get_conv_form" + or + name = "EC_KEY_get_enc_flags" + or + name = "EC_KEY_get_ex_data" + or + name = "EC_KEY_get_ex_new_index" + or + name = "EC_KEY_get_flags" + or + name = "EC_KEY_get_key_method_data" + or + name = "EC_KEY_get_method" + or + name = "EC_KEY_insert_key_method_data" + or + name = "EC_KEY_key2buf" + or + name = "EC_KEY_new" + or + name = "EC_KEY_new_by_curve_name" + or + name = "EC_KEY_new_by_curve_name_ex" + or + name = "EC_KEY_new_ex" + or + name = "EC_KEY_oct2key" + or + name = "EC_KEY_oct2priv" + or + name = "EC_KEY_precompute_mult" + or + name = "EC_KEY_priv2buf" + or + name = "EC_KEY_priv2oct" + or + name = "EC_KEY_set_asn1_flag" + or + name = "EC_KEY_set_conv_form" + or + name = "EC_KEY_set_enc_flags" + or + name = "EC_KEY_set_ex_data" + or + name = "EC_KEY_set_flags" + or + name = "EC_KEY_set_group" + or + name = "EC_KEY_set_method" + or + name = "EC_KEY_set_private_key" + or + name = "EC_KEY_set_public_key" + or + name = "EC_KEY_set_public_key_affine_coordinates" + or + name = "EC_KEY_up_ref" + or + name = "EC_METHOD_get_field_type" + or + name = "EC_POINT_add" + or + name = "EC_POINT_bn2point" + or + name = "EC_POINT_clear_free" + or + name = "EC_POINT_cmp" + or + name = "EC_POINT_copy" + or + name = "EC_POINT_dbl" + or + name = "EC_POINT_dup" + or + name = "EC_POINT_free" + or + name = "EC_POINT_get_Jprojective_coordinates_GFp" + or + name = "EC_POINT_get_affine_coordinates" + or + name = "EC_POINT_get_affine_coordinates_GF2m" + or + name = "EC_POINT_get_affine_coordinates_GFp" + or + name = "EC_POINT_hex2point" + or + name = "EC_POINT_invert" + or + name = "EC_POINT_is_at_infinity" + or + name = "EC_POINT_is_on_curve" + or + name = "EC_POINT_make_affine" + or + name = "EC_POINT_method_of" + or + name = "EC_POINT_mul" + or + name = "EC_POINT_new" + or + name = "EC_POINT_oct2point" + or + name = "EC_POINT_point2bn" + or + name = "EC_POINT_point2buf" + or + name = "EC_POINT_point2hex" + or + name = "EC_POINT_point2oct" + or + name = "EC_POINT_set_Jprojective_coordinates" + or + name = "EC_POINT_set_Jprojective_coordinates_GFp" + or + name = "EC_POINT_set_affine_coordinates" + or + name = "EC_POINT_set_affine_coordinates_GF2m" + or + name = "EC_POINT_set_affine_coordinates_GFp" + or + name = "EC_POINT_set_compressed_coordinates" + or + name = "EC_POINT_set_compressed_coordinates_GF2m" + or + name = "EC_POINT_set_compressed_coordinates_GFp" + or + name = "EC_POINT_set_to_infinity" + or + name = "EC_POINTs_make_affine" + or + name = "EC_POINTs_mul" + or + name = "EC_get_builtin_curves" + or + name = "EDIPARTYNAME_free" + or + name = "EDIPARTYNAME_new" + or + name = "ENGINE_add" + or + name = "ENGINE_add_conf_module" + or + name = "ENGINE_by_id" + or + name = "ENGINE_cleanup" + or + name = "ENGINE_cmd_is_executable" + or + name = "ENGINE_ctrl" + or + name = "ENGINE_ctrl_cmd" + or + name = "ENGINE_ctrl_cmd_string" + or + name = "ENGINE_finish" + or + name = "ENGINE_free" + or + name = "ENGINE_get_DH" + or + name = "ENGINE_get_DSA" + or + name = "ENGINE_get_RAND" + or + name = "ENGINE_get_RSA" + or + name = "ENGINE_get_cipher" + or + name = "ENGINE_get_cipher_engine" + or + name = "ENGINE_get_ciphers" + or + name = "ENGINE_get_cmd_defns" + or + name = "ENGINE_get_ctrl_function" + or + name = "ENGINE_get_default_DH" + or + name = "ENGINE_get_default_DSA" + or + name = "ENGINE_get_default_RAND" + or + name = "ENGINE_get_default_RSA" + or + name = "ENGINE_get_destroy_function" + or + name = "ENGINE_get_digest" + or + name = "ENGINE_get_digest_engine" + or + name = "ENGINE_get_digests" + or + name = "ENGINE_get_ex_data" + or + name = "ENGINE_get_ex_new_index" + or + name = "ENGINE_get_finish_function" + or + name = "ENGINE_get_first" + or + name = "ENGINE_get_flags" + or + name = "ENGINE_get_id" + or + name = "ENGINE_get_init_function" + or + name = "ENGINE_get_last" + or + name = "ENGINE_get_load_privkey_function" + or + name = "ENGINE_get_load_pubkey_function" + or + name = "ENGINE_get_name" + or + name = "ENGINE_get_next" + or + name = "ENGINE_get_prev" + or + name = "ENGINE_get_table_flags" + or + name = "ENGINE_init" + or + name = "ENGINE_load_builtin_engines" + or + name = "ENGINE_load_private_key" + or + name = "ENGINE_load_public_key" + or + name = "ENGINE_new" + or + name = "ENGINE_register_DH" + or + name = "ENGINE_register_DSA" + or + name = "ENGINE_register_RAND" + or + name = "ENGINE_register_RSA" + or + name = "ENGINE_register_all_DH" + or + name = "ENGINE_register_all_DSA" + or + name = "ENGINE_register_all_RAND" + or + name = "ENGINE_register_all_RSA" + or + name = "ENGINE_register_all_ciphers" + or + name = "ENGINE_register_all_complete" + or + name = "ENGINE_register_all_digests" + or + name = "ENGINE_register_ciphers" + or + name = "ENGINE_register_complete" + or + name = "ENGINE_register_digests" + or + name = "ENGINE_remove" + or + name = "ENGINE_set_DH" + or + name = "ENGINE_set_DSA" + or + name = "ENGINE_set_RAND" + or + name = "ENGINE_set_RSA" + or + name = "ENGINE_set_ciphers" + or + name = "ENGINE_set_cmd_defns" + or + name = "ENGINE_set_ctrl_function" + or + name = "ENGINE_set_default" + or + name = "ENGINE_set_default_DH" + or + name = "ENGINE_set_default_DSA" + or + name = "ENGINE_set_default_RAND" + or + name = "ENGINE_set_default_RSA" + or + name = "ENGINE_set_default_ciphers" + or + name = "ENGINE_set_default_digests" + or + name = "ENGINE_set_default_string" + or + name = "ENGINE_set_destroy_function" + or + name = "ENGINE_set_digests" + or + name = "ENGINE_set_ex_data" + or + name = "ENGINE_set_finish_function" + or + name = "ENGINE_set_flags" + or + name = "ENGINE_set_id" + or + name = "ENGINE_set_init_function" + or + name = "ENGINE_set_load_privkey_function" + or + name = "ENGINE_set_load_pubkey_function" + or + name = "ENGINE_set_name" + or + name = "ENGINE_set_table_flags" + or + name = "ENGINE_unregister_DH" + or + name = "ENGINE_unregister_DSA" + or + name = "ENGINE_unregister_RAND" + or + name = "ENGINE_unregister_RSA" + or + name = "ENGINE_unregister_ciphers" + or + name = "ENGINE_unregister_digests" + or + name = "ENGINE_up_ref" + or + name = "ERR_FATAL_ERROR" + or + name = "ERR_GET_FUNC" + or + name = "ERR_GET_LIB" + or + name = "ERR_GET_REASON" + or + name = "ERR_PACK" + or + name = "ERR_add_error_data" + or + name = "ERR_add_error_mem_bio" + or + name = "ERR_add_error_txt" + or + name = "ERR_add_error_vdata" + or + name = "ERR_clear_error" + or + name = "ERR_clear_last_mark" + or + name = "ERR_error_string" + or + name = "ERR_error_string_n" + or + name = "ERR_free_strings" + or + name = "ERR_func_error_string" + or + name = "ERR_get_error" + or + name = "ERR_get_error_all" + or + name = "ERR_get_error_line" + or + name = "ERR_get_error_line_data" + or + name = "ERR_get_next_error_library" + or + name = "ERR_lib_error_string" + or + name = "ERR_load_UI_strings" + or + name = "ERR_load_crypto_strings" + or + name = "ERR_load_strings" + or + name = "ERR_new" + or + name = "ERR_peek_error" + or + name = "ERR_peek_error_all" + or + name = "ERR_peek_error_data" + or + name = "ERR_peek_error_func" + or + name = "ERR_peek_error_line" + or + name = "ERR_peek_error_line_data" + or + name = "ERR_peek_last_error" + or + name = "ERR_peek_last_error_all" + or + name = "ERR_peek_last_error_data" + or + name = "ERR_peek_last_error_func" + or + name = "ERR_peek_last_error_line" + or + name = "ERR_peek_last_error_line_data" + or + name = "ERR_pop_to_mark" + or + name = "ERR_print_errors" + or + name = "ERR_print_errors_cb" + or + name = "ERR_print_errors_fp" + or + name = "ERR_put_error" + or + name = "ERR_raise" + or + name = "ERR_raise_data" + or + name = "ERR_reason_error_string" + or + name = "ERR_remove_state" + or + name = "ERR_remove_thread_state" + or + name = "ERR_set_debug" + or + name = "ERR_set_error" + or + name = "ERR_set_mark" + or + name = "ERR_vset_error" + or + name = "ESS_CERT_ID_V2_dup" + or + name = "ESS_CERT_ID_V2_free" + or + name = "ESS_CERT_ID_V2_new" + or + name = "ESS_CERT_ID_dup" + or + name = "ESS_CERT_ID_free" + or + name = "ESS_CERT_ID_new" + or + name = "ESS_ISSUER_SERIAL_dup" + or + name = "ESS_ISSUER_SERIAL_free" + or + name = "ESS_ISSUER_SERIAL_new" + or + name = "ESS_SIGNING_CERT_V2_dup" + or + name = "ESS_SIGNING_CERT_V2_free" + or + name = "ESS_SIGNING_CERT_V2_it" + or + name = "ESS_SIGNING_CERT_V2_new" + or + name = "ESS_SIGNING_CERT_dup" + or + name = "ESS_SIGNING_CERT_free" + or + name = "ESS_SIGNING_CERT_it" + or + name = "ESS_SIGNING_CERT_new" + or + name = "EVP_ASYM_CIPHER_do_all_provided" + or + name = "EVP_ASYM_CIPHER_fetch" + or + name = "EVP_ASYM_CIPHER_free" + or + name = "EVP_ASYM_CIPHER_get0_description" + or + name = "EVP_ASYM_CIPHER_get0_name" + or + name = "EVP_ASYM_CIPHER_get0_provider" + or + name = "EVP_ASYM_CIPHER_gettable_ctx_params" + or + name = "EVP_ASYM_CIPHER_is_a" + or + name = "EVP_ASYM_CIPHER_names_do_all" + or + name = "EVP_ASYM_CIPHER_settable_ctx_params" + or + name = "EVP_ASYM_CIPHER_up_ref" + or + name = "EVP_BytesToKey" + or + name = "EVP_CIPHER_CTX_block_size" + or + name = "EVP_CIPHER_CTX_cipher" + or + name = "EVP_CIPHER_CTX_cleanup" + or + name = "EVP_CIPHER_CTX_clear_flags" + or + name = "EVP_CIPHER_CTX_copy" + or + name = "EVP_CIPHER_CTX_ctrl" + or + name = "EVP_CIPHER_CTX_dup" + or + name = "EVP_CIPHER_CTX_encrypting" + or + name = "EVP_CIPHER_CTX_flags" + or + name = "EVP_CIPHER_CTX_free" + or + name = "EVP_CIPHER_CTX_get0_cipher" + or + name = "EVP_CIPHER_CTX_get0_name" + or + name = "EVP_CIPHER_CTX_get1_cipher" + or + name = "EVP_CIPHER_CTX_get_app_data" + or + name = "EVP_CIPHER_CTX_get_block_size" + or + name = "EVP_CIPHER_CTX_get_cipher_data" + or + name = "EVP_CIPHER_CTX_get_iv_length" + or + name = "EVP_CIPHER_CTX_get_key_length" + or + name = "EVP_CIPHER_CTX_get_mode" + or + name = "EVP_CIPHER_CTX_get_nid" + or + name = "EVP_CIPHER_CTX_get_num" + or + name = "EVP_CIPHER_CTX_get_original_iv" + or + name = "EVP_CIPHER_CTX_get_params" + or + name = "EVP_CIPHER_CTX_get_tag_length" + or + name = "EVP_CIPHER_CTX_get_type" + or + name = "EVP_CIPHER_CTX_get_updated_iv" + or + name = "EVP_CIPHER_CTX_gettable_params" + or + name = "EVP_CIPHER_CTX_init" + or + name = "EVP_CIPHER_CTX_is_encrypting" + or + name = "EVP_CIPHER_CTX_iv" + or + name = "EVP_CIPHER_CTX_iv_length" + or + name = "EVP_CIPHER_CTX_iv_noconst" + or + name = "EVP_CIPHER_CTX_key_length" + or + name = "EVP_CIPHER_CTX_mode" + or + name = "EVP_CIPHER_CTX_new" + or + name = "EVP_CIPHER_CTX_nid" + or + name = "EVP_CIPHER_CTX_num" + or + name = "EVP_CIPHER_CTX_original_iv" + or + name = "EVP_CIPHER_CTX_reset" + or + name = "EVP_CIPHER_CTX_set_app_data" + or + name = "EVP_CIPHER_CTX_set_cipher_data" + or + name = "EVP_CIPHER_CTX_set_flags" + or + name = "EVP_CIPHER_CTX_set_key_length" + or + name = "EVP_CIPHER_CTX_set_num" + or + name = "EVP_CIPHER_CTX_set_padding" + or + name = "EVP_CIPHER_CTX_set_params" + or + name = "EVP_CIPHER_CTX_settable_params" + or + name = "EVP_CIPHER_CTX_tag_length" + or + name = "EVP_CIPHER_CTX_test_flags" + or + name = "EVP_CIPHER_CTX_type" + or + name = "EVP_CIPHER_asn1_to_param" + or + name = "EVP_CIPHER_block_size" + or + name = "EVP_CIPHER_do_all_provided" + or + name = "EVP_CIPHER_fetch" + or + name = "EVP_CIPHER_flags" + or + name = "EVP_CIPHER_free" + or + name = "EVP_CIPHER_get0_description" + or + name = "EVP_CIPHER_get0_name" + or + name = "EVP_CIPHER_get0_provider" + or + name = "EVP_CIPHER_get_block_size" + or + name = "EVP_CIPHER_get_flags" + or + name = "EVP_CIPHER_get_iv_length" + or + name = "EVP_CIPHER_get_key_length" + or + name = "EVP_CIPHER_get_mode" + or + name = "EVP_CIPHER_get_nid" + or + name = "EVP_CIPHER_get_params" + or + name = "EVP_CIPHER_get_type" + or + name = "EVP_CIPHER_gettable_ctx_params" + or + name = "EVP_CIPHER_gettable_params" + or + name = "EVP_CIPHER_is_a" + or + name = "EVP_CIPHER_iv_length" + or + name = "EVP_CIPHER_key_length" + or + name = "EVP_CIPHER_meth_dup" + or + name = "EVP_CIPHER_meth_free" + or + name = "EVP_CIPHER_meth_get_cleanup" + or + name = "EVP_CIPHER_meth_get_ctrl" + or + name = "EVP_CIPHER_meth_get_do_cipher" + or + name = "EVP_CIPHER_meth_get_get_asn1_params" + or + name = "EVP_CIPHER_meth_get_init" + or + name = "EVP_CIPHER_meth_get_set_asn1_params" + or + name = "EVP_CIPHER_meth_new" + or + name = "EVP_CIPHER_meth_set_cleanup" + or + name = "EVP_CIPHER_meth_set_ctrl" + or + name = "EVP_CIPHER_meth_set_do_cipher" + or + name = "EVP_CIPHER_meth_set_flags" + or + name = "EVP_CIPHER_meth_set_get_asn1_params" + or + name = "EVP_CIPHER_meth_set_impl_ctx_size" + or + name = "EVP_CIPHER_meth_set_init" + or + name = "EVP_CIPHER_meth_set_iv_length" + or + name = "EVP_CIPHER_meth_set_set_asn1_params" + or + name = "EVP_CIPHER_mode" + or + name = "EVP_CIPHER_name" + or + name = "EVP_CIPHER_names_do_all" + or + name = "EVP_CIPHER_nid" + or + name = "EVP_CIPHER_param_to_asn1" + or + name = "EVP_CIPHER_settable_ctx_params" + or + name = "EVP_CIPHER_type" + or + name = "EVP_CIPHER_up_ref" + or + name = "EVP_Cipher" + or + name = "EVP_CipherFinal" + or + name = "EVP_CipherFinal_ex" + or + name = "EVP_CipherInit" + or + name = "EVP_CipherInit_ex" + or + name = "EVP_CipherInit_ex2" + or + name = "EVP_CipherUpdate" + or + name = "EVP_DecodeBlock" + or + name = "EVP_DecodeFinal" + or + name = "EVP_DecodeInit" + or + name = "EVP_DecodeUpdate" + or + name = "EVP_DecryptFinal" + or + name = "EVP_DecryptFinal_ex" + or + name = "EVP_DecryptInit" + or + name = "EVP_DecryptInit_ex" + or + name = "EVP_DecryptInit_ex2" + or + name = "EVP_DecryptUpdate" + or + name = "EVP_Digest" + or + name = "EVP_DigestFinal" + or + name = "EVP_DigestFinalXOF" + or + name = "EVP_DigestFinal_ex" + or + name = "EVP_DigestInit" + or + name = "EVP_DigestInit_ex" + or + name = "EVP_DigestInit_ex2" + or + name = "EVP_DigestSign" + or + name = "EVP_DigestSignFinal" + or + name = "EVP_DigestSignInit" + or + name = "EVP_DigestSignInit_ex" + or + name = "EVP_DigestSignUpdate" + or + name = "EVP_DigestUpdate" + or + name = "EVP_DigestVerify" + or + name = "EVP_DigestVerifyFinal" + or + name = "EVP_DigestVerifyInit" + or + name = "EVP_DigestVerifyInit_ex" + or + name = "EVP_DigestVerifyUpdate" + or + name = "EVP_EC_gen" + or + name = "EVP_ENCODE_CTX_copy" + or + name = "EVP_ENCODE_CTX_free" + or + name = "EVP_ENCODE_CTX_new" + or + name = "EVP_ENCODE_CTX_num" + or + name = "EVP_EncodeBlock" + or + name = "EVP_EncodeFinal" + or + name = "EVP_EncodeInit" + or + name = "EVP_EncodeUpdate" + or + name = "EVP_EncryptFinal" + or + name = "EVP_EncryptFinal_ex" + or + name = "EVP_EncryptInit" + or + name = "EVP_EncryptInit_ex" + or + name = "EVP_EncryptInit_ex2" + or + name = "EVP_EncryptUpdate" + or + name = "EVP_KDF" + or + name = "EVP_KDF_CTX" + or + name = "EVP_KDF_CTX_dup" + or + name = "EVP_KDF_CTX_free" + or + name = "EVP_KDF_CTX_get_kdf_size" + or + name = "EVP_KDF_CTX_get_params" + or + name = "EVP_KDF_CTX_gettable_params" + or + name = "EVP_KDF_CTX_kdf" + or + name = "EVP_KDF_CTX_new" + or + name = "EVP_KDF_CTX_reset" + or + name = "EVP_KDF_CTX_set_params" + or + name = "EVP_KDF_CTX_settable_params" + or + name = "EVP_KDF_derive" + or + name = "EVP_KDF_do_all_provided" + or + name = "EVP_KDF_fetch" + or + name = "EVP_KDF_free" + or + name = "EVP_KDF_get0_description" + or + name = "EVP_KDF_get0_name" + or + name = "EVP_KDF_get0_provider" + or + name = "EVP_KDF_get_params" + or + name = "EVP_KDF_gettable_ctx_params" + or + name = "EVP_KDF_gettable_params" + or + name = "EVP_KDF_is_a" + or + name = "EVP_KDF_names_do_all" + or + name = "EVP_KDF_settable_ctx_params" + or + name = "EVP_KDF_up_ref" + or + name = "EVP_KEM_do_all_provided" + or + name = "EVP_KEM_fetch" + or + name = "EVP_KEM_free" + or + name = "EVP_KEM_get0_description" + or + name = "EVP_KEM_get0_name" + or + name = "EVP_KEM_get0_provider" + or + name = "EVP_KEM_gettable_ctx_params" + or + name = "EVP_KEM_is_a" + or + name = "EVP_KEM_names_do_all" + or + name = "EVP_KEM_settable_ctx_params" + or + name = "EVP_KEM_up_ref" + or + name = "EVP_KEYEXCH_do_all_provided" + or + name = "EVP_KEYEXCH_fetch" + or + name = "EVP_KEYEXCH_free" + or + name = "EVP_KEYEXCH_get0_description" + or + name = "EVP_KEYEXCH_get0_name" + or + name = "EVP_KEYEXCH_get0_provider" + or + name = "EVP_KEYEXCH_gettable_ctx_params" + or + name = "EVP_KEYEXCH_is_a" + or + name = "EVP_KEYEXCH_names_do_all" + or + name = "EVP_KEYEXCH_settable_ctx_params" + or + name = "EVP_KEYEXCH_up_ref" + or + name = "EVP_KEYMGMT" + or + name = "EVP_KEYMGMT_do_all_provided" + or + name = "EVP_KEYMGMT_fetch" + or + name = "EVP_KEYMGMT_free" + or + name = "EVP_KEYMGMT_gen_settable_params" + or + name = "EVP_KEYMGMT_get0_description" + or + name = "EVP_KEYMGMT_get0_name" + or + name = "EVP_KEYMGMT_get0_provider" + or + name = "EVP_KEYMGMT_gettable_params" + or + name = "EVP_KEYMGMT_is_a" + or + name = "EVP_KEYMGMT_names_do_all" + or + name = "EVP_KEYMGMT_settable_params" + or + name = "EVP_KEYMGMT_up_ref" + or + name = "EVP_MAC" + or + name = "EVP_MAC_CTX" + or + name = "EVP_MAC_CTX_dup" + or + name = "EVP_MAC_CTX_free" + or + name = "EVP_MAC_CTX_get0_mac" + or + name = "EVP_MAC_CTX_get_block_size" + or + name = "EVP_MAC_CTX_get_mac_size" + or + name = "EVP_MAC_CTX_get_params" + or + name = "EVP_MAC_CTX_gettable_params" + or + name = "EVP_MAC_CTX_new" + or + name = "EVP_MAC_CTX_set_params" + or + name = "EVP_MAC_CTX_settable_params" + or + name = "EVP_MAC_do_all_provided" + or + name = "EVP_MAC_fetch" + or + name = "EVP_MAC_final" + or + name = "EVP_MAC_finalXOF" + or + name = "EVP_MAC_free" + or + name = "EVP_MAC_get0_description" + or + name = "EVP_MAC_get0_name" + or + name = "EVP_MAC_get0_provider" + or + name = "EVP_MAC_get_params" + or + name = "EVP_MAC_gettable_ctx_params" + or + name = "EVP_MAC_gettable_params" + or + name = "EVP_MAC_init" + or + name = "EVP_MAC_is_a" + or + name = "EVP_MAC_names_do_all" + or + name = "EVP_MAC_settable_ctx_params" + or + name = "EVP_MAC_up_ref" + or + name = "EVP_MAC_update" + or + name = "EVP_MAX_MD_SIZE" + or + name = "EVP_MD_CTX_block_size" + or + name = "EVP_MD_CTX_cleanup" + or + name = "EVP_MD_CTX_clear_flags" + or + name = "EVP_MD_CTX_copy" + or + name = "EVP_MD_CTX_copy_ex" + or + name = "EVP_MD_CTX_create" + or + name = "EVP_MD_CTX_ctrl" + or + name = "EVP_MD_CTX_destroy" + or + name = "EVP_MD_CTX_dup" + or + name = "EVP_MD_CTX_free" + or + name = "EVP_MD_CTX_get0_md" + or + name = "EVP_MD_CTX_get0_md_data" + or + name = "EVP_MD_CTX_get0_name" + or + name = "EVP_MD_CTX_get1_md" + or + name = "EVP_MD_CTX_get_block_size" + or + name = "EVP_MD_CTX_get_params" + or + name = "EVP_MD_CTX_get_pkey_ctx" + or + name = "EVP_MD_CTX_get_size" + or + name = "EVP_MD_CTX_get_type" + or + name = "EVP_MD_CTX_gettable_params" + or + name = "EVP_MD_CTX_init" + or + name = "EVP_MD_CTX_md" + or + name = "EVP_MD_CTX_md_data" + or + name = "EVP_MD_CTX_new" + or + name = "EVP_MD_CTX_pkey_ctx" + or + name = "EVP_MD_CTX_reset" + or + name = "EVP_MD_CTX_set_flags" + or + name = "EVP_MD_CTX_set_params" + or + name = "EVP_MD_CTX_set_pkey_ctx" + or + name = "EVP_MD_CTX_set_update_fn" + or + name = "EVP_MD_CTX_settable_params" + or + name = "EVP_MD_CTX_size" + or + name = "EVP_MD_CTX_test_flags" + or + name = "EVP_MD_CTX_type" + or + name = "EVP_MD_CTX_update_fn" + or + name = "EVP_MD_block_size" + or + name = "EVP_MD_do_all_provided" + or + name = "EVP_MD_fetch" + or + name = "EVP_MD_flags" + or + name = "EVP_MD_free" + or + name = "EVP_MD_get0_description" + or + name = "EVP_MD_get0_name" + or + name = "EVP_MD_get0_provider" + or + name = "EVP_MD_get_block_size" + or + name = "EVP_MD_get_flags" + or + name = "EVP_MD_get_params" + or + name = "EVP_MD_get_pkey_type" + or + name = "EVP_MD_get_size" + or + name = "EVP_MD_get_type" + or + name = "EVP_MD_gettable_ctx_params" + or + name = "EVP_MD_gettable_params" + or + name = "EVP_MD_is_a" + or + name = "EVP_MD_meth_dup" + or + name = "EVP_MD_meth_free" + or + name = "EVP_MD_meth_get_app_datasize" + or + name = "EVP_MD_meth_get_cleanup" + or + name = "EVP_MD_meth_get_copy" + or + name = "EVP_MD_meth_get_ctrl" + or + name = "EVP_MD_meth_get_final" + or + name = "EVP_MD_meth_get_flags" + or + name = "EVP_MD_meth_get_init" + or + name = "EVP_MD_meth_get_input_blocksize" + or + name = "EVP_MD_meth_get_result_size" + or + name = "EVP_MD_meth_get_update" + or + name = "EVP_MD_meth_new" + or + name = "EVP_MD_meth_set_app_datasize" + or + name = "EVP_MD_meth_set_cleanup" + or + name = "EVP_MD_meth_set_copy" + or + name = "EVP_MD_meth_set_ctrl" + or + name = "EVP_MD_meth_set_final" + or + name = "EVP_MD_meth_set_flags" + or + name = "EVP_MD_meth_set_init" + or + name = "EVP_MD_meth_set_input_blocksize" + or + name = "EVP_MD_meth_set_result_size" + or + name = "EVP_MD_meth_set_update" + or + name = "EVP_MD_name" + or + name = "EVP_MD_names_do_all" + or + name = "EVP_MD_nid" + or + name = "EVP_MD_pkey_type" + or + name = "EVP_MD_settable_ctx_params" + or + name = "EVP_MD_size" + or + name = "EVP_MD_type" + or + name = "EVP_MD_up_ref" + or + name = "EVP_OpenFinal" + or + name = "EVP_OpenInit" + or + name = "EVP_OpenUpdate" + or + name = "EVP_PBE_CipherInit" + or + name = "EVP_PBE_CipherInit_ex" + or + name = "EVP_PBE_alg_add" + or + name = "EVP_PBE_alg_add_type" + or + name = "EVP_PBE_find" + or + name = "EVP_PBE_find_ex" + or + name = "EVP_PBE_scrypt" + or + name = "EVP_PBE_scrypt_ex" + or + name = "EVP_PKCS82PKEY" + or + name = "EVP_PKCS82PKEY_ex" + or + name = "EVP_PKEVP_PKEY_CTX_set_app_data" + or + name = "EVP_PKEY" + or + name = "EVP_PKEY2PKCS8" + or + name = "EVP_PKEY_ASN1_METHOD" + or + name = "EVP_PKEY_CTX_add1_hkdf_info" + or + name = "EVP_PKEY_CTX_add1_tls1_prf_seed" + or + name = "EVP_PKEY_CTX_ctrl" + or + name = "EVP_PKEY_CTX_ctrl_str" + or + name = "EVP_PKEY_CTX_ctrl_uint64" + or + name = "EVP_PKEY_CTX_dup" + or + name = "EVP_PKEY_CTX_free" + or + name = "EVP_PKEY_CTX_get0_dh_kdf_oid" + or + name = "EVP_PKEY_CTX_get0_dh_kdf_ukm" + or + name = "EVP_PKEY_CTX_get0_ecdh_kdf_ukm" + or + name = "EVP_PKEY_CTX_get0_libctx" + or + name = "EVP_PKEY_CTX_get0_peerkey" + or + name = "EVP_PKEY_CTX_get0_pkey" + or + name = "EVP_PKEY_CTX_get0_propq" + or + name = "EVP_PKEY_CTX_get0_provider" + or + name = "EVP_PKEY_CTX_get0_rsa_oaep_label" + or + name = "EVP_PKEY_CTX_get1_id" + or + name = "EVP_PKEY_CTX_get1_id_len" + or + name = "EVP_PKEY_CTX_get_app_data" + or + name = "EVP_PKEY_CTX_get_cb" + or + name = "EVP_PKEY_CTX_get_dh_kdf_md" + or + name = "EVP_PKEY_CTX_get_dh_kdf_outlen" + or + name = "EVP_PKEY_CTX_get_dh_kdf_type" + or + name = "EVP_PKEY_CTX_get_ecdh_cofactor_mode" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_md" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_outlen" + or + name = "EVP_PKEY_CTX_get_ecdh_kdf_type" + or + name = "EVP_PKEY_CTX_get_group_name" + or + name = "EVP_PKEY_CTX_get_keygen_info" + or + name = "EVP_PKEY_CTX_get_params" + or + name = "EVP_PKEY_CTX_get_rsa_mgf1_md" + or + name = "EVP_PKEY_CTX_get_rsa_mgf1_md_name" + or + name = "EVP_PKEY_CTX_get_rsa_oaep_md" + or + name = "EVP_PKEY_CTX_get_rsa_oaep_md_name" + or + name = "EVP_PKEY_CTX_get_rsa_padding" + or + name = "EVP_PKEY_CTX_get_rsa_pss_saltlen" + or + name = "EVP_PKEY_CTX_get_signature_md" + or + name = "EVP_PKEY_CTX_gettable_params" + or + name = "EVP_PKEY_CTX_hkdf_mode" + or + name = "EVP_PKEY_CTX_is_a" + or + name = "EVP_PKEY_CTX_md" + or + name = "EVP_PKEY_CTX_new" + or + name = "EVP_PKEY_CTX_new_from_name" + or + name = "EVP_PKEY_CTX_new_from_pkey" + or + name = "EVP_PKEY_CTX_new_id" + or + name = "EVP_PKEY_CTX_set0_dh_kdf_oid" + or + name = "EVP_PKEY_CTX_set0_dh_kdf_ukm" + or + name = "EVP_PKEY_CTX_set0_ecdh_kdf_ukm" + or + name = "EVP_PKEY_CTX_set0_rsa_oaep_label" + or + name = "EVP_PKEY_CTX_set1_hkdf_key" + or + name = "EVP_PKEY_CTX_set1_hkdf_salt" + or + name = "EVP_PKEY_CTX_set1_id" + or + name = "EVP_PKEY_CTX_set1_pbe_pass" + or + name = "EVP_PKEY_CTX_set1_rsa_keygen_pubexp" + or + name = "EVP_PKEY_CTX_set1_scrypt_salt" + or + name = "EVP_PKEY_CTX_set1_tls1_prf_secret" + or + name = "EVP_PKEY_CTX_set_app_data" + or + name = "EVP_PKEY_CTX_set_cb" + or + name = "EVP_PKEY_CTX_set_dh_kdf_md" + or + name = "EVP_PKEY_CTX_set_dh_kdf_outlen" + or + name = "EVP_PKEY_CTX_set_dh_kdf_type" + or + name = "EVP_PKEY_CTX_set_dh_nid" + or + name = "EVP_PKEY_CTX_set_dh_pad" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_generator" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_gindex" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_prime_len" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_seed" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_subprime_len" + or + name = "EVP_PKEY_CTX_set_dh_paramgen_type" + or + name = "EVP_PKEY_CTX_set_dh_rfc5114" + or + name = "EVP_PKEY_CTX_set_dhx_rfc5114" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_bits" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_gindex" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_md" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_md_props" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_q_bits" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_seed" + or + name = "EVP_PKEY_CTX_set_dsa_paramgen_type" + or + name = "EVP_PKEY_CTX_set_ec_param_enc" + or + name = "EVP_PKEY_CTX_set_ec_paramgen_curve_nid" + or + name = "EVP_PKEY_CTX_set_ecdh_cofactor_mode" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_md" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_outlen" + or + name = "EVP_PKEY_CTX_set_ecdh_kdf_type" + or + name = "EVP_PKEY_CTX_set_group_name" + or + name = "EVP_PKEY_CTX_set_hkdf_md" + or + name = "EVP_PKEY_CTX_set_hkdf_mode" + or + name = "EVP_PKEY_CTX_set_kem_op" + or + name = "EVP_PKEY_CTX_set_mac_key" + or + name = "EVP_PKEY_CTX_set_params" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_bits" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_primes" + or + name = "EVP_PKEY_CTX_set_rsa_keygen_pubexp" + or + name = "EVP_PKEY_CTX_set_rsa_mgf1_md" + or + name = "EVP_PKEY_CTX_set_rsa_mgf1_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_oaep_md" + or + name = "EVP_PKEY_CTX_set_rsa_oaep_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_padding" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name" + or + name = "EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen" + or + name = "EVP_PKEY_CTX_set_rsa_pss_saltlen" + or + name = "EVP_PKEY_CTX_set_rsa_rsa_keygen_bits" + or + name = "EVP_PKEY_CTX_set_scrypt_N" + or + name = "EVP_PKEY_CTX_set_scrypt_maxmem_bytes" + or + name = "EVP_PKEY_CTX_set_scrypt_p" + or + name = "EVP_PKEY_CTX_set_scrypt_r" + or + name = "EVP_PKEY_CTX_set_signature_md" + or + name = "EVP_PKEY_CTX_set_tls1_prf_md" + or + name = "EVP_PKEY_CTX_settable_params" + or + name = "EVP_PKEY_METHOD" + or + name = "EVP_PKEY_Q_keygen" + or + name = "EVP_PKEY_asn1_add0" + or + name = "EVP_PKEY_asn1_add_alias" + or + name = "EVP_PKEY_asn1_copy" + or + name = "EVP_PKEY_asn1_find" + or + name = "EVP_PKEY_asn1_find_str" + or + name = "EVP_PKEY_asn1_free" + or + name = "EVP_PKEY_asn1_get0" + or + name = "EVP_PKEY_asn1_get0_info" + or + name = "EVP_PKEY_asn1_get_count" + or + name = "EVP_PKEY_asn1_new" + or + name = "EVP_PKEY_asn1_set_check" + or + name = "EVP_PKEY_asn1_set_ctrl" + or + name = "EVP_PKEY_asn1_set_free" + or + name = "EVP_PKEY_asn1_set_get_priv_key" + or + name = "EVP_PKEY_asn1_set_get_pub_key" + or + name = "EVP_PKEY_asn1_set_item" + or + name = "EVP_PKEY_asn1_set_param" + or + name = "EVP_PKEY_asn1_set_param_check" + or + name = "EVP_PKEY_asn1_set_private" + or + name = "EVP_PKEY_asn1_set_public" + or + name = "EVP_PKEY_asn1_set_public_check" + or + name = "EVP_PKEY_asn1_set_security_bits" + or + name = "EVP_PKEY_asn1_set_set_priv_key" + or + name = "EVP_PKEY_asn1_set_set_pub_key" + or + name = "EVP_PKEY_asn1_set_siginf" + or + name = "EVP_PKEY_assign_DH" + or + name = "EVP_PKEY_assign_DSA" + or + name = "EVP_PKEY_assign_EC_KEY" + or + name = "EVP_PKEY_assign_POLY1305" + or + name = "EVP_PKEY_assign_RSA" + or + name = "EVP_PKEY_assign_SIPHASH" + or + name = "EVP_PKEY_auth_decapsulate_init" + or + name = "EVP_PKEY_auth_encapsulate_init" + or + name = "EVP_PKEY_base_id" + or + name = "EVP_PKEY_bits" + or + name = "EVP_PKEY_can_sign" + or + name = "EVP_PKEY_check" + or + name = "EVP_PKEY_cmp" + or + name = "EVP_PKEY_cmp_parameters" + or + name = "EVP_PKEY_copy_parameters" + or + name = "EVP_PKEY_decapsulate" + or + name = "EVP_PKEY_decapsulate_init" + or + name = "EVP_PKEY_decrypt" + or + name = "EVP_PKEY_decrypt_init" + or + name = "EVP_PKEY_decrypt_init_ex" + or + name = "EVP_PKEY_derive" + or + name = "EVP_PKEY_derive_init" + or + name = "EVP_PKEY_derive_init_ex" + or + name = "EVP_PKEY_derive_set_peer" + or + name = "EVP_PKEY_derive_set_peer_ex" + or + name = "EVP_PKEY_digestsign_supports_digest" + or + name = "EVP_PKEY_dup" + or + name = "EVP_PKEY_encapsulate" + or + name = "EVP_PKEY_encapsulate_init" + or + name = "EVP_PKEY_encrypt" + or + name = "EVP_PKEY_encrypt_init" + or + name = "EVP_PKEY_encrypt_init_ex" + or + name = "EVP_PKEY_eq" + or + name = "EVP_PKEY_export" + or + name = "EVP_PKEY_free" + or + name = "EVP_PKEY_fromdata" + or + name = "EVP_PKEY_fromdata_init" + or + name = "EVP_PKEY_fromdata_settable" + or + name = "EVP_PKEY_gen_cb" + or + name = "EVP_PKEY_generate" + or + name = "EVP_PKEY_get0" + or + name = "EVP_PKEY_get0_DH" + or + name = "EVP_PKEY_get0_DSA" + or + name = "EVP_PKEY_get0_EC_KEY" + or + name = "EVP_PKEY_get0_RSA" + or + name = "EVP_PKEY_get0_asn1" + or + name = "EVP_PKEY_get0_description" + or + name = "EVP_PKEY_get0_engine" + or + name = "EVP_PKEY_get0_hmac" + or + name = "EVP_PKEY_get0_poly1305" + or + name = "EVP_PKEY_get0_provider" + or + name = "EVP_PKEY_get0_siphash" + or + name = "EVP_PKEY_get0_type_name" + or + name = "EVP_PKEY_get1_DH" + or + name = "EVP_PKEY_get1_DSA" + or + name = "EVP_PKEY_get1_EC_KEY" + or + name = "EVP_PKEY_get1_RSA" + or + name = "EVP_PKEY_get1_encoded_public_key" + or + name = "EVP_PKEY_get1_tls_encodedpoint" + or + name = "EVP_PKEY_get_base_id" + or + name = "EVP_PKEY_get_bits" + or + name = "EVP_PKEY_get_bn_param" + or + name = "EVP_PKEY_get_default_digest" + or + name = "EVP_PKEY_get_default_digest_name" + or + name = "EVP_PKEY_get_default_digest_nid" + or + name = "EVP_PKEY_get_ec_point_conv_form" + or + name = "EVP_PKEY_get_ex_data" + or + name = "EVP_PKEY_get_ex_new_index" + or + name = "EVP_PKEY_get_field_type" + or + name = "EVP_PKEY_get_group_name" + or + name = "EVP_PKEY_get_id" + or + name = "EVP_PKEY_get_int_param" + or + name = "EVP_PKEY_get_octet_string_param" + or + name = "EVP_PKEY_get_params" + or + name = "EVP_PKEY_get_raw_private_key" + or + name = "EVP_PKEY_get_raw_public_key" + or + name = "EVP_PKEY_get_security_bits" + or + name = "EVP_PKEY_get_size" + or + name = "EVP_PKEY_get_size_t_param" + or + name = "EVP_PKEY_get_utf8_string_param" + or + name = "EVP_PKEY_gettable_params" + or + name = "EVP_PKEY_id" + or + name = "EVP_PKEY_is_a" + or + name = "EVP_PKEY_keygen" + or + name = "EVP_PKEY_keygen_init" + or + name = "EVP_PKEY_meth_add0" + or + name = "EVP_PKEY_meth_copy" + or + name = "EVP_PKEY_meth_find" + or + name = "EVP_PKEY_meth_free" + or + name = "EVP_PKEY_meth_get0" + or + name = "EVP_PKEY_meth_get0_info" + or + name = "EVP_PKEY_meth_get_check" + or + name = "EVP_PKEY_meth_get_cleanup" + or + name = "EVP_PKEY_meth_get_copy" + or + name = "EVP_PKEY_meth_get_count" + or + name = "EVP_PKEY_meth_get_ctrl" + or + name = "EVP_PKEY_meth_get_decrypt" + or + name = "EVP_PKEY_meth_get_derive" + or + name = "EVP_PKEY_meth_get_digest_custom" + or + name = "EVP_PKEY_meth_get_digestsign" + or + name = "EVP_PKEY_meth_get_digestverify" + or + name = "EVP_PKEY_meth_get_encrypt" + or + name = "EVP_PKEY_meth_get_init" + or + name = "EVP_PKEY_meth_get_keygen" + or + name = "EVP_PKEY_meth_get_param_check" + or + name = "EVP_PKEY_meth_get_paramgen" + or + name = "EVP_PKEY_meth_get_public_check" + or + name = "EVP_PKEY_meth_get_sign" + or + name = "EVP_PKEY_meth_get_signctx" + or + name = "EVP_PKEY_meth_get_verify" + or + name = "EVP_PKEY_meth_get_verify_recover" + or + name = "EVP_PKEY_meth_get_verifyctx" + or + name = "EVP_PKEY_meth_new" + or + name = "EVP_PKEY_meth_remove" + or + name = "EVP_PKEY_meth_set_check" + or + name = "EVP_PKEY_meth_set_cleanup" + or + name = "EVP_PKEY_meth_set_copy" + or + name = "EVP_PKEY_meth_set_ctrl" + or + name = "EVP_PKEY_meth_set_decrypt" + or + name = "EVP_PKEY_meth_set_derive" + or + name = "EVP_PKEY_meth_set_digest_custom" + or + name = "EVP_PKEY_meth_set_digestsign" + or + name = "EVP_PKEY_meth_set_digestverify" + or + name = "EVP_PKEY_meth_set_encrypt" + or + name = "EVP_PKEY_meth_set_init" + or + name = "EVP_PKEY_meth_set_keygen" + or + name = "EVP_PKEY_meth_set_param_check" + or + name = "EVP_PKEY_meth_set_paramgen" + or + name = "EVP_PKEY_meth_set_public_check" + or + name = "EVP_PKEY_meth_set_sign" + or + name = "EVP_PKEY_meth_set_signctx" + or + name = "EVP_PKEY_meth_set_verify" + or + name = "EVP_PKEY_meth_set_verify_recover" + or + name = "EVP_PKEY_meth_set_verifyctx" + or + name = "EVP_PKEY_missing_parameters" + or + name = "EVP_PKEY_new" + or + name = "EVP_PKEY_new_CMAC_key" + or + name = "EVP_PKEY_new_mac_key" + or + name = "EVP_PKEY_new_raw_private_key" + or + name = "EVP_PKEY_new_raw_private_key_ex" + or + name = "EVP_PKEY_new_raw_public_key" + or + name = "EVP_PKEY_new_raw_public_key_ex" + or + name = "EVP_PKEY_pairwise_check" + or + name = "EVP_PKEY_param_check" + or + name = "EVP_PKEY_param_check_quick" + or + name = "EVP_PKEY_parameters_eq" + or + name = "EVP_PKEY_paramgen" + or + name = "EVP_PKEY_paramgen_init" + or + name = "EVP_PKEY_print_params" + or + name = "EVP_PKEY_print_params_fp" + or + name = "EVP_PKEY_print_private" + or + name = "EVP_PKEY_print_private_fp" + or + name = "EVP_PKEY_print_public" + or + name = "EVP_PKEY_print_public_fp" + or + name = "EVP_PKEY_private_check" + or + name = "EVP_PKEY_public_check" + or + name = "EVP_PKEY_public_check_quick" + or + name = "EVP_PKEY_security_bits" + or + name = "EVP_PKEY_set1_DH" + or + name = "EVP_PKEY_set1_DSA" + or + name = "EVP_PKEY_set1_EC_KEY" + or + name = "EVP_PKEY_set1_RSA" + or + name = "EVP_PKEY_set1_encoded_public_key" + or + name = "EVP_PKEY_set1_engine" + or + name = "EVP_PKEY_set1_tls_encodedpoint" + or + name = "EVP_PKEY_set_alias_type" + or + name = "EVP_PKEY_set_bn_param" + or + name = "EVP_PKEY_set_ex_data" + or + name = "EVP_PKEY_set_int_param" + or + name = "EVP_PKEY_set_octet_string_param" + or + name = "EVP_PKEY_set_params" + or + name = "EVP_PKEY_set_size_t_param" + or + name = "EVP_PKEY_set_type" + or + name = "EVP_PKEY_set_type_by_keymgmt" + or + name = "EVP_PKEY_set_type_str" + or + name = "EVP_PKEY_set_utf8_string_param" + or + name = "EVP_PKEY_settable_params" + or + name = "EVP_PKEY_sign" + or + name = "EVP_PKEY_sign_init" + or + name = "EVP_PKEY_sign_init_ex" + or + name = "EVP_PKEY_size" + or + name = "EVP_PKEY_todata" + or + name = "EVP_PKEY_type" + or + name = "EVP_PKEY_type_names_do_all" + or + name = "EVP_PKEY_up_ref" + or + name = "EVP_PKEY_verify" + or + name = "EVP_PKEY_verify_init" + or + name = "EVP_PKEY_verify_init_ex" + or + name = "EVP_PKEY_verify_recover" + or + name = "EVP_PKEY_verify_recover_init" + or + name = "EVP_PKEY_verify_recover_init_ex" + or + name = "EVP_Q_digest" + or + name = "EVP_Q_mac" + or + name = "EVP_RAND" + or + name = "EVP_RAND_CTX" + or + name = "EVP_RAND_CTX_free" + or + name = "EVP_RAND_CTX_get0_rand" + or + name = "EVP_RAND_CTX_get_params" + or + name = "EVP_RAND_CTX_gettable_params" + or + name = "EVP_RAND_CTX_new" + or + name = "EVP_RAND_CTX_set_params" + or + name = "EVP_RAND_CTX_settable_params" + or + name = "EVP_RAND_CTX_up_ref" + or + name = "EVP_RAND_STATE_ERROR" + or + name = "EVP_RAND_STATE_READY" + or + name = "EVP_RAND_STATE_UNINITIALISED" + or + name = "EVP_RAND_do_all_provided" + or + name = "EVP_RAND_enable_locking" + or + name = "EVP_RAND_fetch" + or + name = "EVP_RAND_free" + or + name = "EVP_RAND_generate" + or + name = "EVP_RAND_get0_description" + or + name = "EVP_RAND_get0_name" + or + name = "EVP_RAND_get0_provider" + or + name = "EVP_RAND_get_params" + or + name = "EVP_RAND_get_state" + or + name = "EVP_RAND_get_strength" + or + name = "EVP_RAND_gettable_ctx_params" + or + name = "EVP_RAND_gettable_params" + or + name = "EVP_RAND_instantiate" + or + name = "EVP_RAND_is_a" + or + name = "EVP_RAND_names_do_all" + or + name = "EVP_RAND_nonce" + or + name = "EVP_RAND_reseed" + or + name = "EVP_RAND_settable_ctx_params" + or + name = "EVP_RAND_uninstantiate" + or + name = "EVP_RAND_up_ref" + or + name = "EVP_RAND_verify_zeroization" + or + name = "EVP_RSA_gen" + or + name = "EVP_SIGNATURE" + or + name = "EVP_SIGNATURE_do_all_provided" + or + name = "EVP_SIGNATURE_fetch" + or + name = "EVP_SIGNATURE_free" + or + name = "EVP_SIGNATURE_get0_description" + or + name = "EVP_SIGNATURE_get0_name" + or + name = "EVP_SIGNATURE_get0_provider" + or + name = "EVP_SIGNATURE_gettable_ctx_params" + or + name = "EVP_SIGNATURE_is_a" + or + name = "EVP_SIGNATURE_names_do_all" + or + name = "EVP_SIGNATURE_settable_ctx_params" + or + name = "EVP_SIGNATURE_up_ref" + or + name = "EVP_SealFinal" + or + name = "EVP_SealInit" + or + name = "EVP_SealUpdate" + or + name = "EVP_SignFinal" + or + name = "EVP_SignFinal_ex" + or + name = "EVP_SignInit" + or + name = "EVP_SignInit_ex" + or + name = "EVP_SignUpdate" + or + name = "EVP_VerifyFinal" + or + name = "EVP_VerifyFinal_ex" + or + name = "EVP_VerifyInit" + or + name = "EVP_VerifyInit_ex" + or + name = "EVP_VerifyUpdate" + or + name = "EVP_aes" + or + name = "EVP_aes_128_cbc" + or + name = "EVP_aes_128_cbc_hmac_sha1" + or + name = "EVP_aes_128_cbc_hmac_sha256" + or + name = "EVP_aes_128_ccm" + or + name = "EVP_aes_128_cfb" + or + name = "EVP_aes_128_cfb1" + or + name = "EVP_aes_128_cfb128" + or + name = "EVP_aes_128_cfb8" + or + name = "EVP_aes_128_ctr" + or + name = "EVP_aes_128_ecb" + or + name = "EVP_aes_128_gcm" + or + name = "EVP_aes_128_ocb" + or + name = "EVP_aes_128_ofb" + or + name = "EVP_aes_128_wrap" + or + name = "EVP_aes_128_wrap_pad" + or + name = "EVP_aes_128_xts" + or + name = "EVP_aes_192_cbc" + or + name = "EVP_aes_192_ccm" + or + name = "EVP_aes_192_cfb" + or + name = "EVP_aes_192_cfb1" + or + name = "EVP_aes_192_cfb128" + or + name = "EVP_aes_192_cfb8" + or + name = "EVP_aes_192_ctr" + or + name = "EVP_aes_192_ecb" + or + name = "EVP_aes_192_gcm" + or + name = "EVP_aes_192_ocb" + or + name = "EVP_aes_192_ofb" + or + name = "EVP_aes_192_wrap" + or + name = "EVP_aes_192_wrap_pad" + or + name = "EVP_aes_256_cbc" + or + name = "EVP_aes_256_cbc_hmac_sha1" + or + name = "EVP_aes_256_cbc_hmac_sha256" + or + name = "EVP_aes_256_ccm" + or + name = "EVP_aes_256_cfb" + or + name = "EVP_aes_256_cfb1" + or + name = "EVP_aes_256_cfb128" + or + name = "EVP_aes_256_cfb8" + or + name = "EVP_aes_256_ctr" + or + name = "EVP_aes_256_ecb" + or + name = "EVP_aes_256_gcm" + or + name = "EVP_aes_256_ocb" + or + name = "EVP_aes_256_ofb" + or + name = "EVP_aes_256_wrap" + or + name = "EVP_aes_256_wrap_pad" + or + name = "EVP_aes_256_xts" + or + name = "EVP_aria" + or + name = "EVP_aria_128_cbc" + or + name = "EVP_aria_128_ccm" + or + name = "EVP_aria_128_cfb" + or + name = "EVP_aria_128_cfb1" + or + name = "EVP_aria_128_cfb128" + or + name = "EVP_aria_128_cfb8" + or + name = "EVP_aria_128_ctr" + or + name = "EVP_aria_128_ecb" + or + name = "EVP_aria_128_gcm" + or + name = "EVP_aria_128_ofb" + or + name = "EVP_aria_192_cbc" + or + name = "EVP_aria_192_ccm" + or + name = "EVP_aria_192_cfb" + or + name = "EVP_aria_192_cfb1" + or + name = "EVP_aria_192_cfb128" + or + name = "EVP_aria_192_cfb8" + or + name = "EVP_aria_192_ctr" + or + name = "EVP_aria_192_ecb" + or + name = "EVP_aria_192_gcm" + or + name = "EVP_aria_192_ofb" + or + name = "EVP_aria_256_cbc" + or + name = "EVP_aria_256_ccm" + or + name = "EVP_aria_256_cfb" + or + name = "EVP_aria_256_cfb1" + or + name = "EVP_aria_256_cfb128" + or + name = "EVP_aria_256_cfb8" + or + name = "EVP_aria_256_ctr" + or + name = "EVP_aria_256_ecb" + or + name = "EVP_aria_256_gcm" + or + name = "EVP_aria_256_ofb" + or + name = "EVP_bf_cbc" + or + name = "EVP_bf_cfb" + or + name = "EVP_bf_cfb64" + or + name = "EVP_bf_ecb" + or + name = "EVP_bf_ofb" + or + name = "EVP_blake2b512" + or + name = "EVP_blake2s256" + or + name = "EVP_camellia" + or + name = "EVP_camellia_128_cbc" + or + name = "EVP_camellia_128_cfb" + or + name = "EVP_camellia_128_cfb1" + or + name = "EVP_camellia_128_cfb128" + or + name = "EVP_camellia_128_cfb8" + or + name = "EVP_camellia_128_ctr" + or + name = "EVP_camellia_128_ecb" + or + name = "EVP_camellia_128_ofb" + or + name = "EVP_camellia_192_cbc" + or + name = "EVP_camellia_192_cfb" + or + name = "EVP_camellia_192_cfb1" + or + name = "EVP_camellia_192_cfb128" + or + name = "EVP_camellia_192_cfb8" + or + name = "EVP_camellia_192_ctr" + or + name = "EVP_camellia_192_ecb" + or + name = "EVP_camellia_192_ofb" + or + name = "EVP_camellia_256_cbc" + or + name = "EVP_camellia_256_cfb" + or + name = "EVP_camellia_256_cfb1" + or + name = "EVP_camellia_256_cfb128" + or + name = "EVP_camellia_256_cfb8" + or + name = "EVP_camellia_256_ctr" + or + name = "EVP_camellia_256_ecb" + or + name = "EVP_camellia_256_ofb" + or + name = "EVP_cast5_cbc" + or + name = "EVP_cast5_cfb" + or + name = "EVP_cast5_cfb64" + or + name = "EVP_cast5_ecb" + or + name = "EVP_cast5_ofb" + or + name = "EVP_chacha20" + or + name = "EVP_chacha20_poly1305" + or + name = "EVP_cleanup" + or + name = "EVP_default_properties_enable_fips" + or + name = "EVP_default_properties_is_fips_enabled" + or + name = "EVP_des" + or + name = "EVP_des_cbc" + or + name = "EVP_des_cfb" + or + name = "EVP_des_cfb1" + or + name = "EVP_des_cfb64" + or + name = "EVP_des_cfb8" + or + name = "EVP_des_ecb" + or + name = "EVP_des_ede" + or + name = "EVP_des_ede3" + or + name = "EVP_des_ede3_cbc" + or + name = "EVP_des_ede3_cfb" + or + name = "EVP_des_ede3_cfb1" + or + name = "EVP_des_ede3_cfb64" + or + name = "EVP_des_ede3_cfb8" + or + name = "EVP_des_ede3_ecb" + or + name = "EVP_des_ede3_ofb" + or + name = "EVP_des_ede3_wrap" + or + name = "EVP_des_ede_cbc" + or + name = "EVP_des_ede_cfb" + or + name = "EVP_des_ede_cfb64" + or + name = "EVP_des_ede_ecb" + or + name = "EVP_des_ede_ofb" + or + name = "EVP_des_ofb" + or + name = "EVP_desx_cbc" + or + name = "EVP_dss" + or + name = "EVP_dss1" + or + name = "EVP_enc_null" + or + name = "EVP_get_cipherbyname" + or + name = "EVP_get_cipherbynid" + or + name = "EVP_get_cipherbyobj" + or + name = "EVP_get_digestbyname" + or + name = "EVP_get_digestbynid" + or + name = "EVP_get_digestbyobj" + or + name = "EVP_idea_cbc" + or + name = "EVP_idea_cfb" + or + name = "EVP_idea_cfb64" + or + name = "EVP_idea_ecb" + or + name = "EVP_idea_ofb" + or + name = "EVP_md2" + or + name = "EVP_md4" + or + name = "EVP_md5" + or + name = "EVP_md5_sha1" + or + name = "EVP_md_null" + or + name = "EVP_mdc2" + or + name = "EVP_rc2_40_cbc" + or + name = "EVP_rc2_64_cbc" + or + name = "EVP_rc2_cbc" + or + name = "EVP_rc2_cfb" + or + name = "EVP_rc2_cfb64" + or + name = "EVP_rc2_ecb" + or + name = "EVP_rc2_ofb" + or + name = "EVP_rc4" + or + name = "EVP_rc4_40" + or + name = "EVP_rc4_hmac_md5" + or + name = "EVP_rc5_32_12_16_cbc" + or + name = "EVP_rc5_32_12_16_cfb" + or + name = "EVP_rc5_32_12_16_cfb64" + or + name = "EVP_rc5_32_12_16_ecb" + or + name = "EVP_rc5_32_12_16_ofb" + or + name = "EVP_ripemd160" + or + name = "EVP_seed_cbc" + or + name = "EVP_seed_cfb" + or + name = "EVP_seed_cfb128" + or + name = "EVP_seed_ecb" + or + name = "EVP_seed_ofb" + or + name = "EVP_set_default_properties" + or + name = "EVP_sha" + or + name = "EVP_sha1" + or + name = "EVP_sha224" + or + name = "EVP_sha256" + or + name = "EVP_sha384" + or + name = "EVP_sha3_224" + or + name = "EVP_sha3_256" + or + name = "EVP_sha3_384" + or + name = "EVP_sha3_512" + or + name = "EVP_sha512" + or + name = "EVP_sha512_224" + or + name = "EVP_sha512_256" + or + name = "EVP_shake128" + or + name = "EVP_shake256" + or + name = "EVP_sm3" + or + name = "EVP_sm4_cbc" + or + name = "EVP_sm4_cfb" + or + name = "EVP_sm4_cfb128" + or + name = "EVP_sm4_ctr" + or + name = "EVP_sm4_ecb" + or + name = "EVP_sm4_ofb" + or + name = "EVP_whirlpool" + or + name = "EXTENDED_KEY_USAGE_free" + or + name = "EXTENDED_KEY_USAGE_new" + or + name = "EXT_UTF8STRING" + or + name = "GENERAL_NAMES_free" + or + name = "GENERAL_NAMES_new" + or + name = "GENERAL_NAME_dup" + or + name = "GENERAL_NAME_free" + or + name = "GENERAL_NAME_new" + or + name = "GENERAL_SUBTREE_free" + or + name = "GENERAL_SUBTREE_new" + or + name = "GEN_SESSION_CB" + or + name = "HMAC" + or + name = "HMAC_CTX_cleanup" + or + name = "HMAC_CTX_copy" + or + name = "HMAC_CTX_free" + or + name = "HMAC_CTX_get_md" + or + name = "HMAC_CTX_init" + or + name = "HMAC_CTX_new" + or + name = "HMAC_CTX_reset" + or + name = "HMAC_CTX_set_flags" + or + name = "HMAC_Final" + or + name = "HMAC_Init" + or + name = "HMAC_Init_ex" + or + name = "HMAC_Update" + or + name = "HMAC_cleanup" + or + name = "HMAC_size" + or + name = "IMPLEMENT_ASN1_FUNCTIONS" + or + name = "IMPLEMENT_EXTERN_ASN1" + or + name = "IMPLEMENT_LHASH_COMP_FN" + or + name = "IMPLEMENT_LHASH_HASH_FN" + or + name = "IPAddressChoice_free" + or + name = "IPAddressChoice_new" + or + name = "IPAddressFamily_free" + or + name = "IPAddressFamily_new" + or + name = "IPAddressOrRange_free" + or + name = "IPAddressOrRange_new" + or + name = "IPAddressRange_free" + or + name = "IPAddressRange_new" + or + name = "ISSUER_SIGN_TOOL_free" + or + name = "ISSUER_SIGN_TOOL_it" + or + name = "ISSUER_SIGN_TOOL_new" + or + name = "ISSUING_DIST_POINT_free" + or + name = "ISSUING_DIST_POINT_it" + or + name = "ISSUING_DIST_POINT_new" + or + name = "LHASH" + or + name = "LHASH_DOALL_ARG_FN_TYPE" + or + name = "LHASH_OF" + or + name = "MD2" + or + name = "MD2_Final" + or + name = "MD2_Init" + or + name = "MD2_Update" + or + name = "MD4" + or + name = "MD4_Final" + or + name = "MD4_Init" + or + name = "MD4_Update" + or + name = "MD5" + or + name = "MD5_Final" + or + name = "MD5_Init" + or + name = "MD5_Update" + or + name = "MDC2" + or + name = "MDC2_Final" + or + name = "MDC2_Init" + or + name = "MDC2_Update" + or + name = "NAME_CONSTRAINTS_free" + or + name = "NAME_CONSTRAINTS_new" + or + name = "NAMING_AUTHORITY" + or + name = "NAMING_AUTHORITY_free" + or + name = "NAMING_AUTHORITY_get0_authorityId" + or + name = "NAMING_AUTHORITY_get0_authorityText" + or + name = "NAMING_AUTHORITY_get0_authorityURL" + or + name = "NAMING_AUTHORITY_new" + or + name = "NAMING_AUTHORITY_set0_authorityId" + or + name = "NAMING_AUTHORITY_set0_authorityText" + or + name = "NAMING_AUTHORITY_set0_authorityURL" + or + name = "NCONF_default" + or + name = "NCONF_free" + or + name = "NCONF_get0_libctx" + or + name = "NCONF_get_section" + or + name = "NCONF_get_section_names" + or + name = "NCONF_load" + or + name = "NCONF_new" + or + name = "NCONF_new_ex" + or + name = "NETSCAPE_CERT_SEQUENCE_free" + or + name = "NETSCAPE_CERT_SEQUENCE_new" + or + name = "NETSCAPE_SPKAC_free" + or + name = "NETSCAPE_SPKAC_new" + or + name = "NETSCAPE_SPKI_free" + or + name = "NETSCAPE_SPKI_new" + or + name = "NOTICEREF_free" + or + name = "NOTICEREF_new" + or + name = "OBJ_add_sigid" + or + name = "OBJ_cleanup" + or + name = "OBJ_cmp" + or + name = "OBJ_create" + or + name = "OBJ_dup" + or + name = "OBJ_get0_data" + or + name = "OBJ_length" + or + name = "OBJ_ln2nid" + or + name = "OBJ_nid2ln" + or + name = "OBJ_nid2obj" + or + name = "OBJ_nid2sn" + or + name = "OBJ_obj2nid" + or + name = "OBJ_obj2txt" + or + name = "OBJ_sn2nid" + or + name = "OBJ_txt2nid" + or + name = "OBJ_txt2obj" + or + name = "OCSP_BASICRESP_free" + or + name = "OCSP_BASICRESP_new" + or + name = "OCSP_CERTID_dup" + or + name = "OCSP_CERTID_free" + or + name = "OCSP_CERTID_new" + or + name = "OCSP_CERTSTATUS_free" + or + name = "OCSP_CERTSTATUS_new" + or + name = "OCSP_CRLID_free" + or + name = "OCSP_CRLID_new" + or + name = "OCSP_ONEREQ_free" + or + name = "OCSP_ONEREQ_new" + or + name = "OCSP_REQINFO_free" + or + name = "OCSP_REQINFO_new" + or + name = "OCSP_REQUEST_free" + or + name = "OCSP_REQUEST_new" + or + name = "OCSP_REQ_CTX" + or + name = "OCSP_REQ_CTX_add1_header" + or + name = "OCSP_REQ_CTX_free" + or + name = "OCSP_REQ_CTX_i2d" + or + name = "OCSP_REQ_CTX_set1_req" + or + name = "OCSP_RESPBYTES_free" + or + name = "OCSP_RESPBYTES_new" + or + name = "OCSP_RESPDATA_free" + or + name = "OCSP_RESPDATA_new" + or + name = "OCSP_RESPID_free" + or + name = "OCSP_RESPID_match" + or + name = "OCSP_RESPID_match_ex" + or + name = "OCSP_RESPID_new" + or + name = "OCSP_RESPID_set_by_key" + or + name = "OCSP_RESPID_set_by_key_ex" + or + name = "OCSP_RESPID_set_by_name" + or + name = "OCSP_RESPONSE_free" + or + name = "OCSP_RESPONSE_new" + or + name = "OCSP_REVOKEDINFO_free" + or + name = "OCSP_REVOKEDINFO_new" + or + name = "OCSP_SERVICELOC_free" + or + name = "OCSP_SERVICELOC_new" + or + name = "OCSP_SIGNATURE_free" + or + name = "OCSP_SIGNATURE_new" + or + name = "OCSP_SINGLERESP_free" + or + name = "OCSP_SINGLERESP_new" + or + name = "OCSP_basic_add1_nonce" + or + name = "OCSP_basic_sign" + or + name = "OCSP_basic_sign_ctx" + or + name = "OCSP_basic_verify" + or + name = "OCSP_cert_id_new" + or + name = "OCSP_cert_to_id" + or + name = "OCSP_check_nonce" + or + name = "OCSP_check_validity" + or + name = "OCSP_copy_nonce" + or + name = "OCSP_id_cmp" + or + name = "OCSP_id_get0_info" + or + name = "OCSP_id_issuer_cmp" + or + name = "OCSP_parse_url" + or + name = "OCSP_request_add0_id" + or + name = "OCSP_request_add1_cert" + or + name = "OCSP_request_add1_nonce" + or + name = "OCSP_request_onereq_count" + or + name = "OCSP_request_onereq_get0" + or + name = "OCSP_request_sign" + or + name = "OCSP_resp_count" + or + name = "OCSP_resp_find" + or + name = "OCSP_resp_find_status" + or + name = "OCSP_resp_get0" + or + name = "OCSP_resp_get0_certs" + or + name = "OCSP_resp_get0_id" + or + name = "OCSP_resp_get0_produced_at" + or + name = "OCSP_resp_get0_respdata" + or + name = "OCSP_resp_get0_signature" + or + name = "OCSP_resp_get0_signer" + or + name = "OCSP_resp_get0_tbs_sigalg" + or + name = "OCSP_resp_get1_id" + or + name = "OCSP_response_create" + or + name = "OCSP_response_get1_basic" + or + name = "OCSP_response_status" + or + name = "OCSP_sendreq_bio" + or + name = "OCSP_sendreq_nbio" + or + name = "OCSP_sendreq_new" + or + name = "OCSP_set_max_response_length" + or + name = "OCSP_single_get0_status" + or + name = "OPENSSL_Applink" + or + name = "OPENSSL_FILE" + or + name = "OPENSSL_FUNC" + or + name = "OPENSSL_INIT_free" + or + name = "OPENSSL_INIT_new" + or + name = "OPENSSL_INIT_set_config_appname" + or + name = "OPENSSL_INIT_set_config_file_flags" + or + name = "OPENSSL_INIT_set_config_filename" + or + name = "OPENSSL_LH_COMPFUNC" + or + name = "OPENSSL_LH_DOALL_FUNC" + or + name = "OPENSSL_LH_HASHFUNC" + or + name = "OPENSSL_LH_delete" + or + name = "OPENSSL_LH_doall" + or + name = "OPENSSL_LH_doall_arg" + or + name = "OPENSSL_LH_error" + or + name = "OPENSSL_LH_flush" + or + name = "OPENSSL_LH_free" + or + name = "OPENSSL_LH_insert" + or + name = "OPENSSL_LH_new" + or + name = "OPENSSL_LH_node_stats" + or + name = "OPENSSL_LH_node_stats_bio" + or + name = "OPENSSL_LH_node_usage_stats" + or + name = "OPENSSL_LH_node_usage_stats_bio" + or + name = "OPENSSL_LH_retrieve" + or + name = "OPENSSL_LH_stats" + or + name = "OPENSSL_LH_stats_bio" + or + name = "OPENSSL_LINE" + or + name = "OPENSSL_MALLOC_FAILURES" + or + name = "OPENSSL_MALLOC_FD" + or + name = "OPENSSL_MSTR" + or + name = "OPENSSL_MSTR_HELPER" + or + name = "OPENSSL_VERSION_BUILD_METADATA" + or + name = "OPENSSL_VERSION_MAJOR" + or + name = "OPENSSL_VERSION_MINOR" + or + name = "OPENSSL_VERSION_NUMBER" + or + name = "OPENSSL_VERSION_PATCH" + or + name = "OPENSSL_VERSION_PREREQ" + or + name = "OPENSSL_VERSION_PRE_RELEASE" + or + name = "OPENSSL_VERSION_TEXT" + or + name = "OPENSSL_atexit" + or + name = "OPENSSL_buf2hexstr" + or + name = "OPENSSL_buf2hexstr_ex" + or + name = "OPENSSL_cipher_name" + or + name = "OPENSSL_cleanse" + or + name = "OPENSSL_cleanup" + or + name = "OPENSSL_clear_free" + or + name = "OPENSSL_clear_realloc" + or + name = "OPENSSL_config" + or + name = "OPENSSL_fork_child" + or + name = "OPENSSL_fork_parent" + or + name = "OPENSSL_fork_prepare" + or + name = "OPENSSL_free" + or + name = "OPENSSL_gmtime" + or + name = "OPENSSL_gmtime_adj" + or + name = "OPENSSL_gmtime_diff" + or + name = "OPENSSL_hexchar2int" + or + name = "OPENSSL_hexstr2buf" + or + name = "OPENSSL_hexstr2buf_ex" + or + name = "OPENSSL_ia32cap" + or + name = "OPENSSL_ia32cap_loc" + or + name = "OPENSSL_info" + or + name = "OPENSSL_init_crypto" + or + name = "OPENSSL_init_ssl" + or + name = "OPENSSL_instrument_bus" + or + name = "OPENSSL_instrument_bus2" + or + name = "OPENSSL_load_builtin_modules" + or + name = "OPENSSL_malloc" + or + name = "OPENSSL_malloc_init" + or + name = "OPENSSL_mem_debug_pop" + or + name = "OPENSSL_mem_debug_push" + or + name = "OPENSSL_memdup" + or + name = "OPENSSL_no_config" + or + name = "OPENSSL_realloc" + or + name = "OPENSSL_s390xcap" + or + name = "OPENSSL_secure_actual_size" + or + name = "OPENSSL_secure_clear_free" + or + name = "OPENSSL_secure_free" + or + name = "OPENSSL_secure_malloc" + or + name = "OPENSSL_secure_zalloc" + or + name = "OPENSSL_sk_deep_copy" + or + name = "OPENSSL_sk_delete" + or + name = "OPENSSL_sk_delete_ptr" + or + name = "OPENSSL_sk_dup" + or + name = "OPENSSL_sk_find" + or + name = "OPENSSL_sk_find_all" + or + name = "OPENSSL_sk_find_ex" + or + name = "OPENSSL_sk_free" + or + name = "OPENSSL_sk_insert" + or + name = "OPENSSL_sk_is_sorted" + or + name = "OPENSSL_sk_new" + or + name = "OPENSSL_sk_new_null" + or + name = "OPENSSL_sk_new_reserve" + or + name = "OPENSSL_sk_num" + or + name = "OPENSSL_sk_pop" + or + name = "OPENSSL_sk_pop_free" + or + name = "OPENSSL_sk_push" + or + name = "OPENSSL_sk_reserve" + or + name = "OPENSSL_sk_set" + or + name = "OPENSSL_sk_set_cmp_func" + or + name = "OPENSSL_sk_shift" + or + name = "OPENSSL_sk_sort" + or + name = "OPENSSL_sk_unshift" + or + name = "OPENSSL_sk_value" + or + name = "OPENSSL_sk_zero" + or + name = "OPENSSL_strcasecmp" + or + name = "OPENSSL_strdup" + or + name = "OPENSSL_strlcat" + or + name = "OPENSSL_strlcpy" + or + name = "OPENSSL_strncasecmp" + or + name = "OPENSSL_strndup" + or + name = "OPENSSL_thread_stop" + or + name = "OPENSSL_thread_stop_ex" + or + name = "OPENSSL_version_build_metadata" + or + name = "OPENSSL_version_major" + or + name = "OPENSSL_version_minor" + or + name = "OPENSSL_version_patch" + or + name = "OPENSSL_version_pre_release" + or + name = "OPENSSL_zalloc" + or + name = "OSSL_ALGORITHM" + or + name = "OSSL_CALLBACK" + or + name = "OSSL_CMP_CR" + or + name = "OSSL_CMP_CTX_build_cert_chain" + or + name = "OSSL_CMP_CTX_free" + or + name = "OSSL_CMP_CTX_get0_libctx" + or + name = "OSSL_CMP_CTX_get0_newCert" + or + name = "OSSL_CMP_CTX_get0_newPkey" + or + name = "OSSL_CMP_CTX_get0_propq" + or + name = "OSSL_CMP_CTX_get0_statusString" + or + name = "OSSL_CMP_CTX_get0_trusted" + or + name = "OSSL_CMP_CTX_get0_trustedStore" + or + name = "OSSL_CMP_CTX_get0_untrusted" + or + name = "OSSL_CMP_CTX_get0_validatedSrvCert" + or + name = "OSSL_CMP_CTX_get1_caPubs" + or + name = "OSSL_CMP_CTX_get1_extraCertsIn" + or + name = "OSSL_CMP_CTX_get1_newChain" + or + name = "OSSL_CMP_CTX_get_certConf_cb_arg" + or + name = "OSSL_CMP_CTX_get_failInfoCode" + or + name = "OSSL_CMP_CTX_get_http_cb_arg" + or + name = "OSSL_CMP_CTX_get_option" + or + name = "OSSL_CMP_CTX_get_status" + or + name = "OSSL_CMP_CTX_get_transfer_cb_arg" + or + name = "OSSL_CMP_CTX_new" + or + name = "OSSL_CMP_CTX_print_errors" + or + name = "OSSL_CMP_CTX_push0_geninfo_ITAV" + or + name = "OSSL_CMP_CTX_push0_genm_ITAV" + or + name = "OSSL_CMP_CTX_push0_policy" + or + name = "OSSL_CMP_CTX_push1_subjectAltName" + or + name = "OSSL_CMP_CTX_reinit" + or + name = "OSSL_CMP_CTX_reqExtensions_have_SAN" + or + name = "OSSL_CMP_CTX_reset_geninfo_ITAVs" + or + name = "OSSL_CMP_CTX_server_perform" + or + name = "OSSL_CMP_CTX_set0_newPkey" + or + name = "OSSL_CMP_CTX_set0_reqExtensions" + or + name = "OSSL_CMP_CTX_set0_trusted" + or + name = "OSSL_CMP_CTX_set0_trustedStore" + or + name = "OSSL_CMP_CTX_set1_cert" + or + name = "OSSL_CMP_CTX_set1_expected_sender" + or + name = "OSSL_CMP_CTX_set1_extraCertsOut" + or + name = "OSSL_CMP_CTX_set1_issuer" + or + name = "OSSL_CMP_CTX_set1_no_proxy" + or + name = "OSSL_CMP_CTX_set1_oldCert" + or + name = "OSSL_CMP_CTX_set1_p10CSR" + or + name = "OSSL_CMP_CTX_set1_pkey" + or + name = "OSSL_CMP_CTX_set1_proxy" + or + name = "OSSL_CMP_CTX_set1_recipient" + or + name = "OSSL_CMP_CTX_set1_referenceValue" + or + name = "OSSL_CMP_CTX_set1_secretValue" + or + name = "OSSL_CMP_CTX_set1_senderNonce" + or + name = "OSSL_CMP_CTX_set1_server" + or + name = "OSSL_CMP_CTX_set1_serverPath" + or + name = "OSSL_CMP_CTX_set1_srvCert" + or + name = "OSSL_CMP_CTX_set1_subjectName" + or + name = "OSSL_CMP_CTX_set1_transactionID" + or + name = "OSSL_CMP_CTX_set1_untrusted" + or + name = "OSSL_CMP_CTX_set_certConf_cb" + or + name = "OSSL_CMP_CTX_set_certConf_cb_arg" + or + name = "OSSL_CMP_CTX_set_http_cb" + or + name = "OSSL_CMP_CTX_set_http_cb_arg" + or + name = "OSSL_CMP_CTX_set_log_cb" + or + name = "OSSL_CMP_CTX_set_log_verbosity" + or + name = "OSSL_CMP_CTX_set_option" + or + name = "OSSL_CMP_CTX_set_serverPort" + or + name = "OSSL_CMP_CTX_set_transfer_cb" + or + name = "OSSL_CMP_CTX_set_transfer_cb_arg" + or + name = "OSSL_CMP_CTX_setup_CRM" + or + name = "OSSL_CMP_CTX_snprint_PKIStatus" + or + name = "OSSL_CMP_HDR_get0_recipNonce" + or + name = "OSSL_CMP_HDR_get0_transactionID" + or + name = "OSSL_CMP_IR" + or + name = "OSSL_CMP_ITAV_create" + or + name = "OSSL_CMP_ITAV_dup" + or + name = "OSSL_CMP_ITAV_free" + or + name = "OSSL_CMP_ITAV_get0_type" + or + name = "OSSL_CMP_ITAV_get0_value" + or + name = "OSSL_CMP_ITAV_push0_stack_item" + or + name = "OSSL_CMP_ITAV_set0" + or + name = "OSSL_CMP_KUR" + or + name = "OSSL_CMP_LOG_ALERT" + or + name = "OSSL_CMP_LOG_CRIT" + or + name = "OSSL_CMP_LOG_DEBUG" + or + name = "OSSL_CMP_LOG_EMERG" + or + name = "OSSL_CMP_LOG_ERR" + or + name = "OSSL_CMP_LOG_INFO" + or + name = "OSSL_CMP_LOG_NOTICE" + or + name = "OSSL_CMP_LOG_TRACE" + or + name = "OSSL_CMP_LOG_WARNING" + or + name = "OSSL_CMP_MSG_dup" + or + name = "OSSL_CMP_MSG_free" + or + name = "OSSL_CMP_MSG_get0_header" + or + name = "OSSL_CMP_MSG_get_bodytype" + or + name = "OSSL_CMP_MSG_http_perform" + or + name = "OSSL_CMP_MSG_it" + or + name = "OSSL_CMP_MSG_read" + or + name = "OSSL_CMP_MSG_update_recipNonce" + or + name = "OSSL_CMP_MSG_update_transactionID" + or + name = "OSSL_CMP_MSG_write" + or + name = "OSSL_CMP_P10CR" + or + name = "OSSL_CMP_PKIHEADER_free" + or + name = "OSSL_CMP_PKIHEADER_it" + or + name = "OSSL_CMP_PKIHEADER_new" + or + name = "OSSL_CMP_PKISI_dup" + or + name = "OSSL_CMP_PKISI_free" + or + name = "OSSL_CMP_PKISI_it" + or + name = "OSSL_CMP_PKISI_new" + or + name = "OSSL_CMP_PKISTATUS_it" + or + name = "OSSL_CMP_SRV_CTX_free" + or + name = "OSSL_CMP_SRV_CTX_get0_cmp_ctx" + or + name = "OSSL_CMP_SRV_CTX_get0_custom_ctx" + or + name = "OSSL_CMP_SRV_CTX_init" + or + name = "OSSL_CMP_SRV_CTX_new" + or + name = "OSSL_CMP_SRV_CTX_set_accept_raverified" + or + name = "OSSL_CMP_SRV_CTX_set_accept_unprotected" + or + name = "OSSL_CMP_SRV_CTX_set_grant_implicit_confirm" + or + name = "OSSL_CMP_SRV_CTX_set_send_unprotected_errors" + or + name = "OSSL_CMP_SRV_certConf_cb_t" + or + name = "OSSL_CMP_SRV_cert_request_cb_t" + or + name = "OSSL_CMP_SRV_error_cb_t" + or + name = "OSSL_CMP_SRV_genm_cb_t" + or + name = "OSSL_CMP_SRV_pollReq_cb_t" + or + name = "OSSL_CMP_SRV_process_request" + or + name = "OSSL_CMP_SRV_rr_cb_t" + or + name = "OSSL_CMP_STATUSINFO_new" + or + name = "OSSL_CMP_certConf_cb" + or + name = "OSSL_CMP_certConf_cb_t" + or + name = "OSSL_CMP_exec_CR_ses" + or + name = "OSSL_CMP_exec_GENM_ses" + or + name = "OSSL_CMP_exec_IR_ses" + or + name = "OSSL_CMP_exec_KUR_ses" + or + name = "OSSL_CMP_exec_P10CR_ses" + or + name = "OSSL_CMP_exec_RR_ses" + or + name = "OSSL_CMP_exec_certreq" + or + name = "OSSL_CMP_log_cb_t" + or + name = "OSSL_CMP_log_close" + or + name = "OSSL_CMP_log_open" + or + name = "OSSL_CMP_print_errors_cb" + or + name = "OSSL_CMP_print_to_bio" + or + name = "OSSL_CMP_severity" + or + name = "OSSL_CMP_snprint_PKIStatusInfo" + or + name = "OSSL_CMP_transfer_cb_t" + or + name = "OSSL_CMP_try_certreq" + or + name = "OSSL_CMP_validate_cert_path" + or + name = "OSSL_CMP_validate_msg" + or + name = "OSSL_CORE_MAKE_FUNC" + or + name = "OSSL_CRMF_CERTID_dup" + or + name = "OSSL_CRMF_CERTID_free" + or + name = "OSSL_CRMF_CERTID_gen" + or + name = "OSSL_CRMF_CERTID_get0_issuer" + or + name = "OSSL_CRMF_CERTID_get0_serialNumber" + or + name = "OSSL_CRMF_CERTID_it" + or + name = "OSSL_CRMF_CERTID_new" + or + name = "OSSL_CRMF_CERTTEMPLATE_fill" + or + name = "OSSL_CRMF_CERTTEMPLATE_free" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_extensions" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_issuer" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_publicKey" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_serialNumber" + or + name = "OSSL_CRMF_CERTTEMPLATE_get0_subject" + or + name = "OSSL_CRMF_CERTTEMPLATE_it" + or + name = "OSSL_CRMF_CERTTEMPLATE_new" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_free" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_it" + or + name = "OSSL_CRMF_ENCRYPTEDVALUE_new" + or + name = "OSSL_CRMF_MSGS_free" + or + name = "OSSL_CRMF_MSGS_it" + or + name = "OSSL_CRMF_MSGS_new" + or + name = "OSSL_CRMF_MSGS_verify_popo" + or + name = "OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo" + or + name = "OSSL_CRMF_MSG_create_popo" + or + name = "OSSL_CRMF_MSG_dup" + or + name = "OSSL_CRMF_MSG_free" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_authenticator" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_oldCertID" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey" + or + name = "OSSL_CRMF_MSG_get0_regCtrl_regToken" + or + name = "OSSL_CRMF_MSG_get0_regInfo_certReq" + or + name = "OSSL_CRMF_MSG_get0_regInfo_utf8Pairs" + or + name = "OSSL_CRMF_MSG_get0_tmpl" + or + name = "OSSL_CRMF_MSG_get_certReqId" + or + name = "OSSL_CRMF_MSG_it" + or + name = "OSSL_CRMF_MSG_new" + or + name = "OSSL_CRMF_MSG_push0_extension" + or + name = "OSSL_CRMF_MSG_set0_SinglePubInfo" + or + name = "OSSL_CRMF_MSG_set0_extensions" + or + name = "OSSL_CRMF_MSG_set0_validity" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_authenticator" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_oldCertID" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey" + or + name = "OSSL_CRMF_MSG_set1_regCtrl_regToken" + or + name = "OSSL_CRMF_MSG_set1_regInfo_certReq" + or + name = "OSSL_CRMF_MSG_set1_regInfo_utf8Pairs" + or + name = "OSSL_CRMF_MSG_set_PKIPublicationInfo_action" + or + name = "OSSL_CRMF_MSG_set_certReqId" + or + name = "OSSL_CRMF_PBMPARAMETER_free" + or + name = "OSSL_CRMF_PBMPARAMETER_it" + or + name = "OSSL_CRMF_PBMPARAMETER_new" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_free" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_it" + or + name = "OSSL_CRMF_PKIPUBLICATIONINFO_new" + or + name = "OSSL_CRMF_SINGLEPUBINFO_free" + or + name = "OSSL_CRMF_SINGLEPUBINFO_it" + or + name = "OSSL_CRMF_SINGLEPUBINFO_new" + or + name = "OSSL_CRMF_pbm_new" + or + name = "OSSL_CRMF_pbmp_new" + or + name = "OSSL_DECODER" + or + name = "OSSL_DECODER_CLEANUP" + or + name = "OSSL_DECODER_CONSTRUCT" + or + name = "OSSL_DECODER_CTX" + or + name = "OSSL_DECODER_CTX_add_decoder" + or + name = "OSSL_DECODER_CTX_add_extra" + or + name = "OSSL_DECODER_CTX_free" + or + name = "OSSL_DECODER_CTX_get_cleanup" + or + name = "OSSL_DECODER_CTX_get_construct" + or + name = "OSSL_DECODER_CTX_get_construct_data" + or + name = "OSSL_DECODER_CTX_get_num_decoders" + or + name = "OSSL_DECODER_CTX_new" + or + name = "OSSL_DECODER_CTX_new_for_pkey" + or + name = "OSSL_DECODER_CTX_set_cleanup" + or + name = "OSSL_DECODER_CTX_set_construct" + or + name = "OSSL_DECODER_CTX_set_construct_data" + or + name = "OSSL_DECODER_CTX_set_input_structure" + or + name = "OSSL_DECODER_CTX_set_input_type" + or + name = "OSSL_DECODER_CTX_set_params" + or + name = "OSSL_DECODER_CTX_set_passphrase" + or + name = "OSSL_DECODER_CTX_set_passphrase_cb" + or + name = "OSSL_DECODER_CTX_set_passphrase_ui" + or + name = "OSSL_DECODER_CTX_set_pem_password_cb" + or + name = "OSSL_DECODER_CTX_set_selection" + or + name = "OSSL_DECODER_INSTANCE" + or + name = "OSSL_DECODER_INSTANCE_get_decoder" + or + name = "OSSL_DECODER_INSTANCE_get_decoder_ctx" + or + name = "OSSL_DECODER_INSTANCE_get_input_structure" + or + name = "OSSL_DECODER_INSTANCE_get_input_type" + or + name = "OSSL_DECODER_do_all_provided" + or + name = "OSSL_DECODER_export" + or + name = "OSSL_DECODER_fetch" + or + name = "OSSL_DECODER_free" + or + name = "OSSL_DECODER_from_bio" + or + name = "OSSL_DECODER_from_data" + or + name = "OSSL_DECODER_from_fp" + or + name = "OSSL_DECODER_get0_description" + or + name = "OSSL_DECODER_get0_name" + or + name = "OSSL_DECODER_get0_properties" + or + name = "OSSL_DECODER_get0_provider" + or + name = "OSSL_DECODER_get_params" + or + name = "OSSL_DECODER_gettable_params" + or + name = "OSSL_DECODER_is_a" + or + name = "OSSL_DECODER_names_do_all" + or + name = "OSSL_DECODER_settable_ctx_params" + or + name = "OSSL_DECODER_up_ref" + or + name = "OSSL_DISPATCH" + or + name = "OSSL_DISPATCH_END" + or + name = "OSSL_EC_curve_nid2name" + or + name = "OSSL_ENCODER" + or + name = "OSSL_ENCODER_CLEANUP" + or + name = "OSSL_ENCODER_CONSTRUCT" + or + name = "OSSL_ENCODER_CTX" + or + name = "OSSL_ENCODER_CTX_add_encoder" + or + name = "OSSL_ENCODER_CTX_add_extra" + or + name = "OSSL_ENCODER_CTX_free" + or + name = "OSSL_ENCODER_CTX_get_num_encoders" + or + name = "OSSL_ENCODER_CTX_new" + or + name = "OSSL_ENCODER_CTX_new_for_pkey" + or + name = "OSSL_ENCODER_CTX_set_cipher" + or + name = "OSSL_ENCODER_CTX_set_cleanup" + or + name = "OSSL_ENCODER_CTX_set_construct" + or + name = "OSSL_ENCODER_CTX_set_construct_data" + or + name = "OSSL_ENCODER_CTX_set_output_structure" + or + name = "OSSL_ENCODER_CTX_set_output_type" + or + name = "OSSL_ENCODER_CTX_set_params" + or + name = "OSSL_ENCODER_CTX_set_passphrase" + or + name = "OSSL_ENCODER_CTX_set_passphrase_cb" + or + name = "OSSL_ENCODER_CTX_set_passphrase_ui" + or + name = "OSSL_ENCODER_CTX_set_pem_password_cb" + or + name = "OSSL_ENCODER_CTX_set_selection" + or + name = "OSSL_ENCODER_INSTANCE" + or + name = "OSSL_ENCODER_INSTANCE_get_encoder" + or + name = "OSSL_ENCODER_INSTANCE_get_encoder_ctx" + or + name = "OSSL_ENCODER_INSTANCE_get_output_structure" + or + name = "OSSL_ENCODER_INSTANCE_get_output_type" + or + name = "OSSL_ENCODER_do_all_provided" + or + name = "OSSL_ENCODER_fetch" + or + name = "OSSL_ENCODER_free" + or + name = "OSSL_ENCODER_get0_description" + or + name = "OSSL_ENCODER_get0_name" + or + name = "OSSL_ENCODER_get0_properties" + or + name = "OSSL_ENCODER_get0_provider" + or + name = "OSSL_ENCODER_get_params" + or + name = "OSSL_ENCODER_gettable_params" + or + name = "OSSL_ENCODER_is_a" + or + name = "OSSL_ENCODER_names_do_all" + or + name = "OSSL_ENCODER_settable_ctx_params" + or + name = "OSSL_ENCODER_to_bio" + or + name = "OSSL_ENCODER_to_data" + or + name = "OSSL_ENCODER_to_fp" + or + name = "OSSL_ENCODER_up_ref" + or + name = "OSSL_ESS_check_signing_certs" + or + name = "OSSL_ESS_signing_cert_new_init" + or + name = "OSSL_ESS_signing_cert_v2_new_init" + or + name = "OSSL_HPKE_CTX_free" + or + name = "OSSL_HPKE_CTX_get_seq" + or + name = "OSSL_HPKE_CTX_new" + or + name = "OSSL_HPKE_CTX_set1_authpriv" + or + name = "OSSL_HPKE_CTX_set1_authpub" + or + name = "OSSL_HPKE_CTX_set1_ikme" + or + name = "OSSL_HPKE_CTX_set1_psk" + or + name = "OSSL_HPKE_CTX_set_seq" + or + name = "OSSL_HPKE_decap" + or + name = "OSSL_HPKE_encap" + or + name = "OSSL_HPKE_export" + or + name = "OSSL_HPKE_get_ciphertext_size" + or + name = "OSSL_HPKE_get_grease_value" + or + name = "OSSL_HPKE_get_public_encap_size" + or + name = "OSSL_HPKE_get_recommended_ikmelen" + or + name = "OSSL_HPKE_keygen" + or + name = "OSSL_HPKE_open" + or + name = "OSSL_HPKE_seal" + or + name = "OSSL_HPKE_str2suite" + or + name = "OSSL_HPKE_suite_check" + or + name = "OSSL_HTTP_REQ_CTX" + or + name = "OSSL_HTTP_REQ_CTX_add1_header" + or + name = "OSSL_HTTP_REQ_CTX_exchange" + or + name = "OSSL_HTTP_REQ_CTX_free" + or + name = "OSSL_HTTP_REQ_CTX_get0_mem_bio" + or + name = "OSSL_HTTP_REQ_CTX_get_resp_len" + or + name = "OSSL_HTTP_REQ_CTX_nbio" + or + name = "OSSL_HTTP_REQ_CTX_nbio_d2i" + or + name = "OSSL_HTTP_REQ_CTX_new" + or + name = "OSSL_HTTP_REQ_CTX_set1_req" + or + name = "OSSL_HTTP_REQ_CTX_set_expected" + or + name = "OSSL_HTTP_REQ_CTX_set_max_response_length" + or + name = "OSSL_HTTP_REQ_CTX_set_request_line" + or + name = "OSSL_HTTP_adapt_proxy" + or + name = "OSSL_HTTP_bio_cb_t" + or + name = "OSSL_HTTP_close" + or + name = "OSSL_HTTP_exchange" + or + name = "OSSL_HTTP_get" + or + name = "OSSL_HTTP_is_alive" + or + name = "OSSL_HTTP_open" + or + name = "OSSL_HTTP_parse_url" + or + name = "OSSL_HTTP_proxy_connect" + or + name = "OSSL_HTTP_set1_request" + or + name = "OSSL_HTTP_transfer" + or + name = "OSSL_ITEM" + or + name = "OSSL_LIB_CTX" + or + name = "OSSL_LIB_CTX_free" + or + name = "OSSL_LIB_CTX_get0_global_default" + or + name = "OSSL_LIB_CTX_load_config" + or + name = "OSSL_LIB_CTX_new" + or + name = "OSSL_LIB_CTX_new_child" + or + name = "OSSL_LIB_CTX_new_from_dispatch" + or + name = "OSSL_LIB_CTX_set0_default" + or + name = "OSSL_PARAM" + or + name = "OSSL_PARAM_BLD" + or + name = "OSSL_PARAM_BLD_free" + or + name = "OSSL_PARAM_BLD_new" + or + name = "OSSL_PARAM_BLD_push_BN" + or + name = "OSSL_PARAM_BLD_push_BN_pad" + or + name = "OSSL_PARAM_BLD_push_double" + or + name = "OSSL_PARAM_BLD_push_int" + or + name = "OSSL_PARAM_BLD_push_int32" + or + name = "OSSL_PARAM_BLD_push_int64" + or + name = "OSSL_PARAM_BLD_push_long" + or + name = "OSSL_PARAM_BLD_push_octet_ptr" + or + name = "OSSL_PARAM_BLD_push_octet_string" + or + name = "OSSL_PARAM_BLD_push_size_t" + or + name = "OSSL_PARAM_BLD_push_time_t" + or + name = "OSSL_PARAM_BLD_push_uint" + or + name = "OSSL_PARAM_BLD_push_uint32" + or + name = "OSSL_PARAM_BLD_push_uint64" + or + name = "OSSL_PARAM_BLD_push_ulong" + or + name = "OSSL_PARAM_BLD_push_utf8_ptr" + or + name = "OSSL_PARAM_BLD_push_utf8_string" + or + name = "OSSL_PARAM_BLD_to_param" + or + name = "OSSL_PARAM_BN" + or + name = "OSSL_PARAM_DEFN" + or + name = "OSSL_PARAM_END" + or + name = "OSSL_PARAM_UNMODIFIED" + or + name = "OSSL_PARAM_allocate_from_text" + or + name = "OSSL_PARAM_construct_BN" + or + name = "OSSL_PARAM_construct_double" + or + name = "OSSL_PARAM_construct_end" + or + name = "OSSL_PARAM_construct_int" + or + name = "OSSL_PARAM_construct_int32" + or + name = "OSSL_PARAM_construct_int64" + or + name = "OSSL_PARAM_construct_long" + or + name = "OSSL_PARAM_construct_octet_ptr" + or + name = "OSSL_PARAM_construct_octet_string" + or + name = "OSSL_PARAM_construct_size_t" + or + name = "OSSL_PARAM_construct_time_t" + or + name = "OSSL_PARAM_construct_uint" + or + name = "OSSL_PARAM_construct_uint32" + or + name = "OSSL_PARAM_construct_uint64" + or + name = "OSSL_PARAM_construct_ulong" + or + name = "OSSL_PARAM_construct_utf8_ptr" + or + name = "OSSL_PARAM_construct_utf8_string" + or + name = "OSSL_PARAM_double" + or + name = "OSSL_PARAM_dup" + or + name = "OSSL_PARAM_free" + or + name = "OSSL_PARAM_get_BN" + or + name = "OSSL_PARAM_get_double" + or + name = "OSSL_PARAM_get_int" + or + name = "OSSL_PARAM_get_int32" + or + name = "OSSL_PARAM_get_int64" + or + name = "OSSL_PARAM_get_long" + or + name = "OSSL_PARAM_get_octet_ptr" + or + name = "OSSL_PARAM_get_octet_string" + or + name = "OSSL_PARAM_get_octet_string_ptr" + or + name = "OSSL_PARAM_get_size_t" + or + name = "OSSL_PARAM_get_time_t" + or + name = "OSSL_PARAM_get_uint" + or + name = "OSSL_PARAM_get_uint32" + or + name = "OSSL_PARAM_get_uint64" + or + name = "OSSL_PARAM_get_ulong" + or + name = "OSSL_PARAM_get_utf8_ptr" + or + name = "OSSL_PARAM_get_utf8_string" + or + name = "OSSL_PARAM_get_utf8_string_ptr" + or + name = "OSSL_PARAM_int" + or + name = "OSSL_PARAM_int32" + or + name = "OSSL_PARAM_int64" + or + name = "OSSL_PARAM_locate" + or + name = "OSSL_PARAM_locate_const" + or + name = "OSSL_PARAM_long" + or + name = "OSSL_PARAM_merge" + or + name = "OSSL_PARAM_modified" + or + name = "OSSL_PARAM_octet_ptr" + or + name = "OSSL_PARAM_octet_string" + or + name = "OSSL_PARAM_set_BN" + or + name = "OSSL_PARAM_set_all_unmodified" + or + name = "OSSL_PARAM_set_double" + or + name = "OSSL_PARAM_set_int" + or + name = "OSSL_PARAM_set_int32" + or + name = "OSSL_PARAM_set_int64" + or + name = "OSSL_PARAM_set_long" + or + name = "OSSL_PARAM_set_octet_ptr" + or + name = "OSSL_PARAM_set_octet_string" + or + name = "OSSL_PARAM_set_size_t" + or + name = "OSSL_PARAM_set_time_t" + or + name = "OSSL_PARAM_set_uint" + or + name = "OSSL_PARAM_set_uint32" + or + name = "OSSL_PARAM_set_uint64" + or + name = "OSSL_PARAM_set_ulong" + or + name = "OSSL_PARAM_set_utf8_ptr" + or + name = "OSSL_PARAM_set_utf8_string" + or + name = "OSSL_PARAM_size_t" + or + name = "OSSL_PARAM_time_t" + or + name = "OSSL_PARAM_uint" + or + name = "OSSL_PARAM_uint32" + or + name = "OSSL_PARAM_uint64" + or + name = "OSSL_PARAM_ulong" + or + name = "OSSL_PARAM_utf8_ptr" + or + name = "OSSL_PARAM_utf8_string" + or + name = "OSSL_PASSPHRASE_CALLBACK" + or + name = "OSSL_PROVIDER" + or + name = "OSSL_PROVIDER_add_builtin" + or + name = "OSSL_PROVIDER_available" + or + name = "OSSL_PROVIDER_do_all" + or + name = "OSSL_PROVIDER_get0_default_search_path" + or + name = "OSSL_PROVIDER_get0_dispatch" + or + name = "OSSL_PROVIDER_get0_name" + or + name = "OSSL_PROVIDER_get0_provider_ctx" + or + name = "OSSL_PROVIDER_get_capabilities" + or + name = "OSSL_PROVIDER_get_params" + or + name = "OSSL_PROVIDER_gettable_params" + or + name = "OSSL_PROVIDER_load" + or + name = "OSSL_PROVIDER_query_operation" + or + name = "OSSL_PROVIDER_self_test" + or + name = "OSSL_PROVIDER_set_default_search_path" + or + name = "OSSL_PROVIDER_try_load" + or + name = "OSSL_PROVIDER_unload" + or + name = "OSSL_PROVIDER_unquery_operation" + or + name = "OSSL_QUIC_client_method" + or + name = "OSSL_QUIC_client_thread_method" + or + name = "OSSL_QUIC_server_method" + or + name = "OSSL_SELF_TEST_free" + or + name = "OSSL_SELF_TEST_get_callback" + or + name = "OSSL_SELF_TEST_new" + or + name = "OSSL_SELF_TEST_onbegin" + or + name = "OSSL_SELF_TEST_oncorrupt_byte" + or + name = "OSSL_SELF_TEST_onend" + or + name = "OSSL_SELF_TEST_set_callback" + or + name = "OSSL_STACK_OF_X509_free" + or + name = "OSSL_STORE_CTX" + or + name = "OSSL_STORE_INFO" + or + name = "OSSL_STORE_INFO_free" + or + name = "OSSL_STORE_INFO_get0_CERT" + or + name = "OSSL_STORE_INFO_get0_CRL" + or + name = "OSSL_STORE_INFO_get0_NAME" + or + name = "OSSL_STORE_INFO_get0_NAME_description" + or + name = "OSSL_STORE_INFO_get0_PARAMS" + or + name = "OSSL_STORE_INFO_get0_PKEY" + or + name = "OSSL_STORE_INFO_get0_PUBKEY" + or + name = "OSSL_STORE_INFO_get0_data" + or + name = "OSSL_STORE_INFO_get1_CERT" + or + name = "OSSL_STORE_INFO_get1_CRL" + or + name = "OSSL_STORE_INFO_get1_NAME" + or + name = "OSSL_STORE_INFO_get1_NAME_description" + or + name = "OSSL_STORE_INFO_get1_PARAMS" + or + name = "OSSL_STORE_INFO_get1_PKEY" + or + name = "OSSL_STORE_INFO_get1_PUBKEY" + or + name = "OSSL_STORE_INFO_get_type" + or + name = "OSSL_STORE_INFO_new" + or + name = "OSSL_STORE_INFO_new_CERT" + or + name = "OSSL_STORE_INFO_new_CRL" + or + name = "OSSL_STORE_INFO_new_NAME" + or + name = "OSSL_STORE_INFO_new_PARAMS" + or + name = "OSSL_STORE_INFO_new_PKEY" + or + name = "OSSL_STORE_INFO_new_PUBKEY" + or + name = "OSSL_STORE_INFO_set0_NAME_description" + or + name = "OSSL_STORE_INFO_type_string" + or + name = "OSSL_STORE_LOADER" + or + name = "OSSL_STORE_LOADER_CTX" + or + name = "OSSL_STORE_LOADER_do_all_provided" + or + name = "OSSL_STORE_LOADER_fetch" + or + name = "OSSL_STORE_LOADER_free" + or + name = "OSSL_STORE_LOADER_get0_description" + or + name = "OSSL_STORE_LOADER_get0_engine" + or + name = "OSSL_STORE_LOADER_get0_properties" + or + name = "OSSL_STORE_LOADER_get0_provider" + or + name = "OSSL_STORE_LOADER_get0_scheme" + or + name = "OSSL_STORE_LOADER_is_a" + or + name = "OSSL_STORE_LOADER_names_do_all" + or + name = "OSSL_STORE_LOADER_new" + or + name = "OSSL_STORE_LOADER_set_attach" + or + name = "OSSL_STORE_LOADER_set_close" + or + name = "OSSL_STORE_LOADER_set_ctrl" + or + name = "OSSL_STORE_LOADER_set_eof" + or + name = "OSSL_STORE_LOADER_set_error" + or + name = "OSSL_STORE_LOADER_set_expect" + or + name = "OSSL_STORE_LOADER_set_find" + or + name = "OSSL_STORE_LOADER_set_load" + or + name = "OSSL_STORE_LOADER_set_open" + or + name = "OSSL_STORE_LOADER_set_open_ex" + or + name = "OSSL_STORE_LOADER_up_ref" + or + name = "OSSL_STORE_SEARCH" + or + name = "OSSL_STORE_SEARCH_by_alias" + or + name = "OSSL_STORE_SEARCH_by_issuer_serial" + or + name = "OSSL_STORE_SEARCH_by_key_fingerprint" + or + name = "OSSL_STORE_SEARCH_by_name" + or + name = "OSSL_STORE_SEARCH_free" + or + name = "OSSL_STORE_SEARCH_get0_bytes" + or + name = "OSSL_STORE_SEARCH_get0_digest" + or + name = "OSSL_STORE_SEARCH_get0_name" + or + name = "OSSL_STORE_SEARCH_get0_serial" + or + name = "OSSL_STORE_SEARCH_get0_string" + or + name = "OSSL_STORE_SEARCH_get_type" + or + name = "OSSL_STORE_attach" + or + name = "OSSL_STORE_attach_fn" + or + name = "OSSL_STORE_close" + or + name = "OSSL_STORE_close_fn" + or + name = "OSSL_STORE_ctrl" + or + name = "OSSL_STORE_ctrl_fn" + or + name = "OSSL_STORE_eof" + or + name = "OSSL_STORE_eof_fn" + or + name = "OSSL_STORE_error" + or + name = "OSSL_STORE_error_fn" + or + name = "OSSL_STORE_expect" + or + name = "OSSL_STORE_expect_fn" + or + name = "OSSL_STORE_find" + or + name = "OSSL_STORE_find_fn" + or + name = "OSSL_STORE_load" + or + name = "OSSL_STORE_load_fn" + or + name = "OSSL_STORE_open" + or + name = "OSSL_STORE_open_ex" + or + name = "OSSL_STORE_open_ex_fn" + or + name = "OSSL_STORE_open_fn" + or + name = "OSSL_STORE_post_process_info_fn" + or + name = "OSSL_STORE_register_loader" + or + name = "OSSL_STORE_supports_search" + or + name = "OSSL_STORE_unregister_loader" + or + name = "OSSL_TRACE" + or + name = "OSSL_TRACE1" + or + name = "OSSL_TRACE2" + or + name = "OSSL_TRACE3" + or + name = "OSSL_TRACE4" + or + name = "OSSL_TRACE5" + or + name = "OSSL_TRACE6" + or + name = "OSSL_TRACE7" + or + name = "OSSL_TRACE8" + or + name = "OSSL_TRACE9" + or + name = "OSSL_TRACEV" + or + name = "OSSL_TRACE_BEGIN" + or + name = "OSSL_TRACE_CANCEL" + or + name = "OSSL_TRACE_ENABLED" + or + name = "OSSL_TRACE_END" + or + name = "OSSL_TRACE_STRING" + or + name = "OSSL_TRACE_STRING_MAX" + or + name = "OSSL_default_cipher_list" + or + name = "OSSL_default_ciphersuites" + or + name = "OSSL_get_max_threads" + or + name = "OSSL_get_thread_support_flags" + or + name = "OSSL_parse_url" + or + name = "OSSL_set_max_threads" + or + name = "OSSL_sleep" + or + name = "OSSL_trace_begin" + or + name = "OSSL_trace_cb" + or + name = "OSSL_trace_enabled" + or + name = "OSSL_trace_end" + or + name = "OSSL_trace_get_category_name" + or + name = "OSSL_trace_get_category_num" + or + name = "OSSL_trace_set_callback" + or + name = "OSSL_trace_set_channel" + or + name = "OSSL_trace_set_prefix" + or + name = "OSSL_trace_set_suffix" + or + name = "OSSL_trace_string" + or + name = "OTHERNAME_free" + or + name = "OTHERNAME_new" + or + name = "OpenSSL_add_all_algorithms" + or + name = "OpenSSL_add_all_ciphers" + or + name = "OpenSSL_add_all_digests" + or + name = "OpenSSL_add_ssl_algorithms" + or + name = "OpenSSL_version" + or + name = "OpenSSL_version_num" + or + name = "PBE2PARAM_free" + or + name = "PBE2PARAM_new" + or + name = "PBEPARAM_free" + or + name = "PBEPARAM_new" + or + name = "PBKDF2PARAM_free" + or + name = "PBKDF2PARAM_new" + or + name = "PEM" + or + name = "PEM_FLAG_EAY_COMPATIBLE" + or + name = "PEM_FLAG_ONLY_B64" + or + name = "PEM_FLAG_SECURE" + or + name = "PEM_X509_INFO_read" + or + name = "PEM_X509_INFO_read_bio" + or + name = "PEM_X509_INFO_read_bio_ex" + or + name = "PEM_X509_INFO_read_ex" + or + name = "PEM_bytes_read_bio" + or + name = "PEM_bytes_read_bio_secmem" + or + name = "PEM_do_header" + or + name = "PEM_get_EVP_CIPHER_INFO" + or + name = "PEM_read" + or + name = "PEM_read_CMS" + or + name = "PEM_read_DHparams" + or + name = "PEM_read_DSAPrivateKey" + or + name = "PEM_read_DSA_PUBKEY" + or + name = "PEM_read_DSAparams" + or + name = "PEM_read_ECPKParameters" + or + name = "PEM_read_ECPrivateKey" + or + name = "PEM_read_EC_PUBKEY" + or + name = "PEM_read_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_read_PKCS7" + or + name = "PEM_read_PKCS8" + or + name = "PEM_read_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_read_PUBKEY" + or + name = "PEM_read_PUBKEY_ex" + or + name = "PEM_read_PrivateKey" + or + name = "PEM_read_PrivateKey_ex" + or + name = "PEM_read_RSAPrivateKey" + or + name = "PEM_read_RSAPublicKey" + or + name = "PEM_read_RSA_PUBKEY" + or + name = "PEM_read_SSL_SESSION" + or + name = "PEM_read_X509" + or + name = "PEM_read_X509_AUX" + or + name = "PEM_read_X509_CRL" + or + name = "PEM_read_X509_PUBKEY" + or + name = "PEM_read_X509_REQ" + or + name = "PEM_read_bio" + or + name = "PEM_read_bio_CMS" + or + name = "PEM_read_bio_DHparams" + or + name = "PEM_read_bio_DSAPrivateKey" + or + name = "PEM_read_bio_DSA_PUBKEY" + or + name = "PEM_read_bio_DSAparams" + or + name = "PEM_read_bio_ECPKParameters" + or + name = "PEM_read_bio_EC_PUBKEY" + or + name = "PEM_read_bio_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_read_bio_PKCS7" + or + name = "PEM_read_bio_PKCS8" + or + name = "PEM_read_bio_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_read_bio_PUBKEY" + or + name = "PEM_read_bio_PUBKEY_ex" + or + name = "PEM_read_bio_Parameters" + or + name = "PEM_read_bio_Parameters_ex" + or + name = "PEM_read_bio_PrivateKey" + or + name = "PEM_read_bio_PrivateKey_ex" + or + name = "PEM_read_bio_RSAPrivateKey" + or + name = "PEM_read_bio_RSAPublicKey" + or + name = "PEM_read_bio_RSA_PUBKEY" + or + name = "PEM_read_bio_SSL_SESSION" + or + name = "PEM_read_bio_X509" + or + name = "PEM_read_bio_X509_AUX" + or + name = "PEM_read_bio_X509_CRL" + or + name = "PEM_read_bio_X509_PUBKEY" + or + name = "PEM_read_bio_X509_REQ" + or + name = "PEM_read_bio_ex" + or + name = "PEM_write" + or + name = "PEM_write_CMS" + or + name = "PEM_write_DHparams" + or + name = "PEM_write_DHxparams" + or + name = "PEM_write_DSAPrivateKey" + or + name = "PEM_write_DSA_PUBKEY" + or + name = "PEM_write_DSAparams" + or + name = "PEM_write_ECPKParameters" + or + name = "PEM_write_ECPrivateKey" + or + name = "PEM_write_EC_PUBKEY" + or + name = "PEM_write_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_write_PKCS7" + or + name = "PEM_write_PKCS8" + or + name = "PEM_write_PKCS8PrivateKey" + or + name = "PEM_write_PKCS8PrivateKey_nid" + or + name = "PEM_write_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_write_PUBKEY" + or + name = "PEM_write_PUBKEY_ex" + or + name = "PEM_write_PrivateKey" + or + name = "PEM_write_PrivateKey_ex" + or + name = "PEM_write_RSAPrivateKey" + or + name = "PEM_write_RSAPublicKey" + or + name = "PEM_write_RSA_PUBKEY" + or + name = "PEM_write_SSL_SESSION" + or + name = "PEM_write_X509" + or + name = "PEM_write_X509_AUX" + or + name = "PEM_write_X509_CRL" + or + name = "PEM_write_X509_PUBKEY" + or + name = "PEM_write_X509_REQ" + or + name = "PEM_write_X509_REQ_NEW" + or + name = "PEM_write_bio" + or + name = "PEM_write_bio_CMS" + or + name = "PEM_write_bio_CMS_stream" + or + name = "PEM_write_bio_DHparams" + or + name = "PEM_write_bio_DHxparams" + or + name = "PEM_write_bio_DSAPrivateKey" + or + name = "PEM_write_bio_DSA_PUBKEY" + or + name = "PEM_write_bio_DSAparams" + or + name = "PEM_write_bio_ECPKParameters" + or + name = "PEM_write_bio_ECPrivateKey" + or + name = "PEM_write_bio_EC_PUBKEY" + or + name = "PEM_write_bio_NETSCAPE_CERT_SEQUENCE" + or + name = "PEM_write_bio_PKCS7" + or + name = "PEM_write_bio_PKCS7_stream" + or + name = "PEM_write_bio_PKCS8" + or + name = "PEM_write_bio_PKCS8PrivateKey" + or + name = "PEM_write_bio_PKCS8PrivateKey_nid" + or + name = "PEM_write_bio_PKCS8_PRIV_KEY_INFO" + or + name = "PEM_write_bio_PUBKEY" + or + name = "PEM_write_bio_PUBKEY_ex" + or + name = "PEM_write_bio_Parameters" + or + name = "PEM_write_bio_PrivateKey" + or + name = "PEM_write_bio_PrivateKey_ex" + or + name = "PEM_write_bio_PrivateKey_traditional" + or + name = "PEM_write_bio_RSAPrivateKey" + or + name = "PEM_write_bio_RSAPublicKey" + or + name = "PEM_write_bio_RSA_PUBKEY" + or + name = "PEM_write_bio_SSL_SESSION" + or + name = "PEM_write_bio_X509" + or + name = "PEM_write_bio_X509_AUX" + or + name = "PEM_write_bio_X509_CRL" + or + name = "PEM_write_bio_X509_PUBKEY" + or + name = "PEM_write_bio_X509_REQ" + or + name = "PEM_write_bio_X509_REQ_NEW" + or + name = "PKCS12_BAGS_free" + or + name = "PKCS12_BAGS_new" + or + name = "PKCS12_MAC_DATA_free" + or + name = "PKCS12_MAC_DATA_new" + or + name = "PKCS12_PBE_keyivgen" + or + name = "PKCS12_PBE_keyivgen_ex" + or + name = "PKCS12_SAFEBAG_create0_p8inf" + or + name = "PKCS12_SAFEBAG_create0_pkcs8" + or + name = "PKCS12_SAFEBAG_create_cert" + or + name = "PKCS12_SAFEBAG_create_crl" + or + name = "PKCS12_SAFEBAG_create_pkcs8_encrypt" + or + name = "PKCS12_SAFEBAG_create_pkcs8_encrypt_ex" + or + name = "PKCS12_SAFEBAG_create_secret" + or + name = "PKCS12_SAFEBAG_free" + or + name = "PKCS12_SAFEBAG_get0_attr" + or + name = "PKCS12_SAFEBAG_get0_attrs" + or + name = "PKCS12_SAFEBAG_get0_bag_obj" + or + name = "PKCS12_SAFEBAG_get0_bag_type" + or + name = "PKCS12_SAFEBAG_get0_p8inf" + or + name = "PKCS12_SAFEBAG_get0_pkcs8" + or + name = "PKCS12_SAFEBAG_get0_safes" + or + name = "PKCS12_SAFEBAG_get0_type" + or + name = "PKCS12_SAFEBAG_get1_cert" + or + name = "PKCS12_SAFEBAG_get1_cert_ex" + or + name = "PKCS12_SAFEBAG_get1_crl" + or + name = "PKCS12_SAFEBAG_get1_crl_ex" + or + name = "PKCS12_SAFEBAG_get_bag_nid" + or + name = "PKCS12_SAFEBAG_get_nid" + or + name = "PKCS12_SAFEBAG_new" + or + name = "PKCS12_SAFEBAG_set0_attrs" + or + name = "PKCS12_add1_attr_by_NID" + or + name = "PKCS12_add1_attr_by_txt" + or + name = "PKCS12_add_CSPName_asc" + or + name = "PKCS12_add_cert" + or + name = "PKCS12_add_friendlyname_asc" + or + name = "PKCS12_add_friendlyname_uni" + or + name = "PKCS12_add_friendlyname_utf8" + or + name = "PKCS12_add_key" + or + name = "PKCS12_add_key_ex" + or + name = "PKCS12_add_localkeyid" + or + name = "PKCS12_add_safe" + or + name = "PKCS12_add_safe_ex" + or + name = "PKCS12_add_safes" + or + name = "PKCS12_add_safes_ex" + or + name = "PKCS12_add_secret" + or + name = "PKCS12_create" + or + name = "PKCS12_create_cb" + or + name = "PKCS12_create_ex" + or + name = "PKCS12_create_ex2" + or + name = "PKCS12_decrypt_skey" + or + name = "PKCS12_decrypt_skey_ex" + or + name = "PKCS12_free" + or + name = "PKCS12_gen_mac" + or + name = "PKCS12_get_attr_gen" + or + name = "PKCS12_get_friendlyname" + or + name = "PKCS12_init" + or + name = "PKCS12_init_ex" + or + name = "PKCS12_item_decrypt_d2i" + or + name = "PKCS12_item_decrypt_d2i_ex" + or + name = "PKCS12_item_i2d_encrypt" + or + name = "PKCS12_item_i2d_encrypt_ex" + or + name = "PKCS12_key_gen_asc" + or + name = "PKCS12_key_gen_asc_ex" + or + name = "PKCS12_key_gen_uni" + or + name = "PKCS12_key_gen_uni_ex" + or + name = "PKCS12_key_gen_utf8" + or + name = "PKCS12_key_gen_utf8_ex" + or + name = "PKCS12_new" + or + name = "PKCS12_newpass" + or + name = "PKCS12_pack_p7encdata" + or + name = "PKCS12_pack_p7encdata_ex" + or + name = "PKCS12_parse" + or + name = "PKCS12_pbe_crypt" + or + name = "PKCS12_pbe_crypt_ex" + or + name = "PKCS12_set_mac" + or + name = "PKCS12_setup_mac" + or + name = "PKCS12_verify_mac" + or + name = "PKCS5_PBE_keyivgen" + or + name = "PKCS5_PBE_keyivgen_ex" + or + name = "PKCS5_PBKDF2_HMAC" + or + name = "PKCS5_PBKDF2_HMAC_SHA1" + or + name = "PKCS5_pbe2_set" + or + name = "PKCS5_pbe2_set_iv" + or + name = "PKCS5_pbe2_set_iv_ex" + or + name = "PKCS5_pbe2_set_scrypt" + or + name = "PKCS5_pbe_set" + or + name = "PKCS5_pbe_set0_algor" + or + name = "PKCS5_pbe_set0_algor_ex" + or + name = "PKCS5_pbe_set_ex" + or + name = "PKCS5_pbkdf2_set" + or + name = "PKCS5_pbkdf2_set_ex" + or + name = "PKCS5_v2_PBE_keyivgen" + or + name = "PKCS5_v2_PBE_keyivgen_ex" + or + name = "PKCS5_v2_scrypt_keyivgen" + or + name = "PKCS5_v2_scrypt_keyivgen_ex" + or + name = "PKCS7_DIGEST_free" + or + name = "PKCS7_DIGEST_new" + or + name = "PKCS7_ENCRYPT_free" + or + name = "PKCS7_ENCRYPT_new" + or + name = "PKCS7_ENC_CONTENT_free" + or + name = "PKCS7_ENC_CONTENT_new" + or + name = "PKCS7_ENVELOPE_free" + or + name = "PKCS7_ENVELOPE_new" + or + name = "PKCS7_ISSUER_AND_SERIAL_digest" + or + name = "PKCS7_ISSUER_AND_SERIAL_free" + or + name = "PKCS7_ISSUER_AND_SERIAL_new" + or + name = "PKCS7_RECIP_INFO_free" + or + name = "PKCS7_RECIP_INFO_new" + or + name = "PKCS7_SIGNED_free" + or + name = "PKCS7_SIGNED_new" + or + name = "PKCS7_SIGNER_INFO_free" + or + name = "PKCS7_SIGNER_INFO_new" + or + name = "PKCS7_SIGN_ENVELOPE_free" + or + name = "PKCS7_SIGN_ENVELOPE_new" + or + name = "PKCS7_add_certificate" + or + name = "PKCS7_add_crl" + or + name = "PKCS7_decrypt" + or + name = "PKCS7_dup" + or + name = "PKCS7_encrypt" + or + name = "PKCS7_encrypt_ex" + or + name = "PKCS7_free" + or + name = "PKCS7_get0_signers" + or + name = "PKCS7_get_octet_string" + or + name = "PKCS7_new" + or + name = "PKCS7_new_ex" + or + name = "PKCS7_print_ctx" + or + name = "PKCS7_sign" + or + name = "PKCS7_sign_add_signer" + or + name = "PKCS7_sign_ex" + or + name = "PKCS7_type_is_other" + or + name = "PKCS7_verify" + or + name = "PKCS8_PRIV_KEY_INFO_free" + or + name = "PKCS8_PRIV_KEY_INFO_new" + or + name = "PKCS8_decrypt" + or + name = "PKCS8_decrypt_ex" + or + name = "PKCS8_encrypt" + or + name = "PKCS8_encrypt_ex" + or + name = "PKCS8_pkey_add1_attr" + or + name = "PKCS8_pkey_add1_attr_by_NID" + or + name = "PKCS8_pkey_add1_attr_by_OBJ" + or + name = "PKCS8_pkey_get0_attrs" + or + name = "PKCS8_set0_pbe" + or + name = "PKCS8_set0_pbe_ex" + or + name = "PKEY_USAGE_PERIOD_free" + or + name = "PKEY_USAGE_PERIOD_new" + or + name = "POLICYINFO_free" + or + name = "POLICYINFO_new" + or + name = "POLICYQUALINFO_free" + or + name = "POLICYQUALINFO_new" + or + name = "POLICY_CONSTRAINTS_free" + or + name = "POLICY_CONSTRAINTS_new" + or + name = "POLICY_MAPPING_free" + or + name = "POLICY_MAPPING_new" + or + name = "PROFESSION_INFO" + or + name = "PROFESSION_INFOS" + or + name = "PROFESSION_INFOS_free" + or + name = "PROFESSION_INFOS_new" + or + name = "PROFESSION_INFO_free" + or + name = "PROFESSION_INFO_get0_addProfessionInfo" + or + name = "PROFESSION_INFO_get0_namingAuthority" + or + name = "PROFESSION_INFO_get0_professionItems" + or + name = "PROFESSION_INFO_get0_professionOIDs" + or + name = "PROFESSION_INFO_get0_registrationNumber" + or + name = "PROFESSION_INFO_new" + or + name = "PROFESSION_INFO_set0_addProfessionInfo" + or + name = "PROFESSION_INFO_set0_namingAuthority" + or + name = "PROFESSION_INFO_set0_professionItems" + or + name = "PROFESSION_INFO_set0_professionOIDs" + or + name = "PROFESSION_INFO_set0_registrationNumber" + or + name = "PROXY_CERT_INFO_EXTENSION_free" + or + name = "PROXY_CERT_INFO_EXTENSION_new" + or + name = "PROXY_POLICY_free" + or + name = "PROXY_POLICY_new" + or + name = "RAND_DRBG_bytes" + or + name = "RAND_DRBG_cleanup_entropy_fn" + or + name = "RAND_DRBG_cleanup_nonce_fn" + or + name = "RAND_DRBG_free" + or + name = "RAND_DRBG_generate" + or + name = "RAND_DRBG_get0_master" + or + name = "RAND_DRBG_get0_private" + or + name = "RAND_DRBG_get0_public" + or + name = "RAND_DRBG_get_entropy_fn" + or + name = "RAND_DRBG_get_ex_data" + or + name = "RAND_DRBG_get_ex_new_index" + or + name = "RAND_DRBG_get_nonce_fn" + or + name = "RAND_DRBG_instantiate" + or + name = "RAND_DRBG_new" + or + name = "RAND_DRBG_reseed" + or + name = "RAND_DRBG_secure_new" + or + name = "RAND_DRBG_set" + or + name = "RAND_DRBG_set_callbacks" + or + name = "RAND_DRBG_set_defaults" + or + name = "RAND_DRBG_set_ex_data" + or + name = "RAND_DRBG_set_reseed_defaults" + or + name = "RAND_DRBG_set_reseed_interval" + or + name = "RAND_DRBG_set_reseed_time_interval" + or + name = "RAND_DRBG_uninstantiate" + or + name = "RAND_OpenSSL" + or + name = "RAND_SSLeay" + or + name = "RAND_add" + or + name = "RAND_bytes" + or + name = "RAND_bytes_ex" + or + name = "RAND_cleanup" + or + name = "RAND_egd" + or + name = "RAND_egd_bytes" + or + name = "RAND_event" + or + name = "RAND_file_name" + or + name = "RAND_get0_primary" + or + name = "RAND_get0_private" + or + name = "RAND_get0_public" + or + name = "RAND_get_rand_method" + or + name = "RAND_keep_random_devices_open" + or + name = "RAND_load_file" + or + name = "RAND_poll" + or + name = "RAND_priv_bytes" + or + name = "RAND_priv_bytes_ex" + or + name = "RAND_pseudo_bytes" + or + name = "RAND_query_egd_bytes" + or + name = "RAND_screen" + or + name = "RAND_seed" + or + name = "RAND_set0_private" + or + name = "RAND_set0_public" + or + name = "RAND_set_DRBG_type" + or + name = "RAND_set_rand_method" + or + name = "RAND_set_seed_source_type" + or + name = "RAND_status" + or + name = "RAND_write_file" + or + name = "RC4" + or + name = "RC4_set_key" + or + name = "RIPEMD160" + or + name = "RIPEMD160_Final" + or + name = "RIPEMD160_Init" + or + name = "RIPEMD160_Update" + or + name = "RSAPrivateKey_dup" + or + name = "RSAPublicKey_dup" + or + name = "RSA_OAEP_PARAMS_free" + or + name = "RSA_OAEP_PARAMS_new" + or + name = "RSA_PKCS1_OpenSSL" + or + name = "RSA_PKCS1_SSLeay" + or + name = "RSA_PSS_PARAMS_dup" + or + name = "RSA_PSS_PARAMS_free" + or + name = "RSA_PSS_PARAMS_new" + or + name = "RSA_bits" + or + name = "RSA_blinding_off" + or + name = "RSA_blinding_on" + or + name = "RSA_check_key" + or + name = "RSA_check_key_ex" + or + name = "RSA_clear_flags" + or + name = "RSA_flags" + or + name = "RSA_free" + or + name = "RSA_generate_key" + or + name = "RSA_generate_key_ex" + or + name = "RSA_generate_multi_prime_key" + or + name = "RSA_get0_crt_params" + or + name = "RSA_get0_d" + or + name = "RSA_get0_dmp1" + or + name = "RSA_get0_dmq1" + or + name = "RSA_get0_e" + or + name = "RSA_get0_engine" + or + name = "RSA_get0_factors" + or + name = "RSA_get0_iqmp" + or + name = "RSA_get0_key" + or + name = "RSA_get0_multi_prime_crt_params" + or + name = "RSA_get0_multi_prime_factors" + or + name = "RSA_get0_n" + or + name = "RSA_get0_p" + or + name = "RSA_get0_pss_params" + or + name = "RSA_get0_q" + or + name = "RSA_get_app_data" + or + name = "RSA_get_default_method" + or + name = "RSA_get_ex_data" + or + name = "RSA_get_ex_new_index" + or + name = "RSA_get_method" + or + name = "RSA_get_multi_prime_extra_count" + or + name = "RSA_get_version" + or + name = "RSA_meth_dup" + or + name = "RSA_meth_free" + or + name = "RSA_meth_get0_app_data" + or + name = "RSA_meth_get0_name" + or + name = "RSA_meth_get_bn_mod_exp" + or + name = "RSA_meth_get_finish" + or + name = "RSA_meth_get_flags" + or + name = "RSA_meth_get_init" + or + name = "RSA_meth_get_keygen" + or + name = "RSA_meth_get_mod_exp" + or + name = "RSA_meth_get_multi_prime_keygen" + or + name = "RSA_meth_get_priv_dec" + or + name = "RSA_meth_get_priv_enc" + or + name = "RSA_meth_get_pub_dec" + or + name = "RSA_meth_get_pub_enc" + or + name = "RSA_meth_get_sign" + or + name = "RSA_meth_get_verify" + or + name = "RSA_meth_new" + or + name = "RSA_meth_set0_app_data" + or + name = "RSA_meth_set1_name" + or + name = "RSA_meth_set_bn_mod_exp" + or + name = "RSA_meth_set_finish" + or + name = "RSA_meth_set_flags" + or + name = "RSA_meth_set_init" + or + name = "RSA_meth_set_keygen" + or + name = "RSA_meth_set_mod_exp" + or + name = "RSA_meth_set_multi_prime_keygen" + or + name = "RSA_meth_set_priv_dec" + or + name = "RSA_meth_set_priv_enc" + or + name = "RSA_meth_set_pub_dec" + or + name = "RSA_meth_set_pub_enc" + or + name = "RSA_meth_set_sign" + or + name = "RSA_meth_set_verify" + or + name = "RSA_new" + or + name = "RSA_new_method" + or + name = "RSA_null_method" + or + name = "RSA_padding_add_PKCS1_OAEP" + or + name = "RSA_padding_add_PKCS1_OAEP_mgf1" + or + name = "RSA_padding_add_PKCS1_type_1" + or + name = "RSA_padding_add_PKCS1_type_2" + or + name = "RSA_padding_add_SSLv23" + or + name = "RSA_padding_add_none" + or + name = "RSA_padding_check_PKCS1_OAEP" + or + name = "RSA_padding_check_PKCS1_OAEP_mgf1" + or + name = "RSA_padding_check_PKCS1_type_1" + or + name = "RSA_padding_check_PKCS1_type_2" + or + name = "RSA_padding_check_SSLv23" + or + name = "RSA_padding_check_none" + or + name = "RSA_print" + or + name = "RSA_print_fp" + or + name = "RSA_private_decrypt" + or + name = "RSA_private_encrypt" + or + name = "RSA_public_decrypt" + or + name = "RSA_public_encrypt" + or + name = "RSA_security_bits" + or + name = "RSA_set0_crt_params" + or + name = "RSA_set0_factors" + or + name = "RSA_set0_key" + or + name = "RSA_set0_multi_prime_params" + or + name = "RSA_set_app_data" + or + name = "RSA_set_default_method" + or + name = "RSA_set_ex_data" + or + name = "RSA_set_flags" + or + name = "RSA_set_method" + or + name = "RSA_sign" + or + name = "RSA_sign_ASN1_OCTET_STRING" + or + name = "RSA_size" + or + name = "RSA_test_flags" + or + name = "RSA_verify" + or + name = "RSA_verify_ASN1_OCTET_STRING" + or + name = "SCRYPT_PARAMS_free" + or + name = "SCRYPT_PARAMS_new" + or + name = "SCT_LIST_free" + or + name = "SCT_LIST_print" + or + name = "SCT_LIST_validate" + or + name = "SCT_free" + or + name = "SCT_get0_extensions" + or + name = "SCT_get0_log_id" + or + name = "SCT_get0_signature" + or + name = "SCT_get_log_entry_type" + or + name = "SCT_get_signature_nid" + or + name = "SCT_get_source" + or + name = "SCT_get_timestamp" + or + name = "SCT_get_validation_status" + or + name = "SCT_get_version" + or + name = "SCT_new" + or + name = "SCT_new_from_base64" + or + name = "SCT_print" + or + name = "SCT_set0_extensions" + or + name = "SCT_set0_log_id" + or + name = "SCT_set0_signature" + or + name = "SCT_set1_extensions" + or + name = "SCT_set1_log_id" + or + name = "SCT_set1_signature" + or + name = "SCT_set_log_entry_type" + or + name = "SCT_set_signature_nid" + or + name = "SCT_set_source" + or + name = "SCT_set_timestamp" + or + name = "SCT_set_version" + or + name = "SCT_validate" + or + name = "SCT_validation_status_string" + or + name = "SHA1" + or + name = "SHA1_Final" + or + name = "SHA1_Init" + or + name = "SHA1_Update" + or + name = "SHA224" + or + name = "SHA224_Final" + or + name = "SHA224_Init" + or + name = "SHA224_Update" + or + name = "SHA256" + or + name = "SHA256_Final" + or + name = "SHA256_Init" + or + name = "SHA256_Update" + or + name = "SHA384" + or + name = "SHA384_Final" + or + name = "SHA384_Init" + or + name = "SHA384_Update" + or + name = "SHA512" + or + name = "SHA512_Final" + or + name = "SHA512_Init" + or + name = "SHA512_Update" + or + name = "SMIME_read_ASN1" + or + name = "SMIME_read_ASN1_ex" + or + name = "SMIME_read_CMS" + or + name = "SMIME_read_CMS_ex" + or + name = "SMIME_read_PKCS7" + or + name = "SMIME_read_PKCS7_ex" + or + name = "SMIME_write_ASN1" + or + name = "SMIME_write_ASN1_ex" + or + name = "SMIME_write_CMS" + or + name = "SMIME_write_PKCS7" + or + name = "SRP_Calc_A" + or + name = "SRP_Calc_B" + or + name = "SRP_Calc_B_ex" + or + name = "SRP_Calc_client_key" + or + name = "SRP_Calc_client_key_ex" + or + name = "SRP_Calc_server_key" + or + name = "SRP_Calc_u" + or + name = "SRP_Calc_u_ex" + or + name = "SRP_Calc_x" + or + name = "SRP_Calc_x_ex" + or + name = "SRP_VBASE_add0_user" + or + name = "SRP_VBASE_free" + or + name = "SRP_VBASE_get1_by_user" + or + name = "SRP_VBASE_get_by_user" + or + name = "SRP_VBASE_init" + or + name = "SRP_VBASE_new" + or + name = "SRP_check_known_gN_param" + or + name = "SRP_create_verifier" + or + name = "SRP_create_verifier_BN" + or + name = "SRP_create_verifier_BN_ex" + or + name = "SRP_create_verifier_ex" + or + name = "SRP_get_default_gN" + or + name = "SRP_user_pwd_free" + or + name = "SRP_user_pwd_new" + or + name = "SRP_user_pwd_set0_sv" + or + name = "SRP_user_pwd_set1_ids" + or + name = "SRP_user_pwd_set_gN" + or + name = "SSL" + or + name = "SSL_CIPHER_description" + or + name = "SSL_CIPHER_find" + or + name = "SSL_CIPHER_get_auth_nid" + or + name = "SSL_CIPHER_get_bits" + or + name = "SSL_CIPHER_get_cipher_nid" + or + name = "SSL_CIPHER_get_digest_nid" + or + name = "SSL_CIPHER_get_handshake_digest" + or + name = "SSL_CIPHER_get_id" + or + name = "SSL_CIPHER_get_kx_nid" + or + name = "SSL_CIPHER_get_name" + or + name = "SSL_CIPHER_get_protocol_id" + or + name = "SSL_CIPHER_get_version" + or + name = "SSL_CIPHER_is_aead" + or + name = "SSL_CIPHER_standard_name" + or + name = "SSL_COMP_add_compression_method" + or + name = "SSL_COMP_free_compression_methods" + or + name = "SSL_COMP_get0_name" + or + name = "SSL_COMP_get_compression_methods" + or + name = "SSL_COMP_get_id" + or + name = "SSL_CONF_CTX_clear_flags" + or + name = "SSL_CONF_CTX_free" + or + name = "SSL_CONF_CTX_new" + or + name = "SSL_CONF_CTX_set1_prefix" + or + name = "SSL_CONF_CTX_set_flags" + or + name = "SSL_CONF_CTX_set_ssl" + or + name = "SSL_CONF_CTX_set_ssl_ctx" + or + name = "SSL_CONF_cmd" + or + name = "SSL_CONF_cmd_argv" + or + name = "SSL_CONF_cmd_value_type" + or + name = "SSL_CTX_add0_chain_cert" + or + name = "SSL_CTX_add1_chain_cert" + or + name = "SSL_CTX_add1_to_CA_list" + or + name = "SSL_CTX_add_client_CA" + or + name = "SSL_CTX_add_client_custom_ext" + or + name = "SSL_CTX_add_custom_ext" + or + name = "SSL_CTX_add_extra_chain_cert" + or + name = "SSL_CTX_add_server_custom_ext" + or + name = "SSL_CTX_add_session" + or + name = "SSL_CTX_build_cert_chain" + or + name = "SSL_CTX_callback_ctrl" + or + name = "SSL_CTX_check_private_key" + or + name = "SSL_CTX_clear_chain_certs" + or + name = "SSL_CTX_clear_extra_chain_certs" + or + name = "SSL_CTX_clear_mode" + or + name = "SSL_CTX_clear_options" + or + name = "SSL_CTX_compress_certs" + or + name = "SSL_CTX_config" + or + name = "SSL_CTX_ct_is_enabled" + or + name = "SSL_CTX_ctrl" + or + name = "SSL_CTX_dane_clear_flags" + or + name = "SSL_CTX_dane_enable" + or + name = "SSL_CTX_dane_mtype_set" + or + name = "SSL_CTX_dane_set_flags" + or + name = "SSL_CTX_decrypt_session_ticket_fn" + or + name = "SSL_CTX_disable_ct" + or + name = "SSL_CTX_enable_ct" + or + name = "SSL_CTX_flush_sessions" + or + name = "SSL_CTX_free" + or + name = "SSL_CTX_generate_session_ticket_fn" + or + name = "SSL_CTX_get0_CA_list" + or + name = "SSL_CTX_get0_chain_cert_store" + or + name = "SSL_CTX_get0_chain_certs" + or + name = "SSL_CTX_get0_client_cert_type" + or + name = "SSL_CTX_get0_param" + or + name = "SSL_CTX_get0_security_ex_data" + or + name = "SSL_CTX_get0_server_cert_type" + or + name = "SSL_CTX_get0_verify_cert_store" + or + name = "SSL_CTX_get1_compressed_cert" + or + name = "SSL_CTX_get_app_data" + or + name = "SSL_CTX_get_cert_store" + or + name = "SSL_CTX_get_ciphers" + or + name = "SSL_CTX_get_client_CA_list" + or + name = "SSL_CTX_get_client_cert_cb" + or + name = "SSL_CTX_get_default_passwd_cb" + or + name = "SSL_CTX_get_default_passwd_cb_userdata" + or + name = "SSL_CTX_get_default_read_ahead" + or + name = "SSL_CTX_get_ex_data" + or + name = "SSL_CTX_get_ex_new_index" + or + name = "SSL_CTX_get_extra_chain_certs" + or + name = "SSL_CTX_get_extra_chain_certs_only" + or + name = "SSL_CTX_get_info_callback" + or + name = "SSL_CTX_get_keylog_callback" + or + name = "SSL_CTX_get_max_cert_list" + or + name = "SSL_CTX_get_max_early_data" + or + name = "SSL_CTX_get_max_proto_version" + or + name = "SSL_CTX_get_min_proto_version" + or + name = "SSL_CTX_get_mode" + or + name = "SSL_CTX_get_num_tickets" + or + name = "SSL_CTX_get_options" + or + name = "SSL_CTX_get_quiet_shutdown" + or + name = "SSL_CTX_get_read_ahead" + or + name = "SSL_CTX_get_record_padding_callback_arg" + or + name = "SSL_CTX_get_recv_max_early_data" + or + name = "SSL_CTX_get_security_callback" + or + name = "SSL_CTX_get_security_level" + or + name = "SSL_CTX_get_session_cache_mode" + or + name = "SSL_CTX_get_ssl_method" + or + name = "SSL_CTX_get_timeout" + or + name = "SSL_CTX_get_tlsext_status_arg" + or + name = "SSL_CTX_get_tlsext_status_cb" + or + name = "SSL_CTX_get_tlsext_status_type" + or + name = "SSL_CTX_get_verify_callback" + or + name = "SSL_CTX_get_verify_depth" + or + name = "SSL_CTX_get_verify_mode" + or + name = "SSL_CTX_has_client_custom_ext" + or + name = "SSL_CTX_keylog_cb_func" + or + name = "SSL_CTX_load_verify_dir" + or + name = "SSL_CTX_load_verify_file" + or + name = "SSL_CTX_load_verify_locations" + or + name = "SSL_CTX_load_verify_store" + or + name = "SSL_CTX_need_tmp_rsa" + or + name = "SSL_CTX_new" + or + name = "SSL_CTX_new_ex" + or + name = "SSL_CTX_remove_session" + or + name = "SSL_CTX_select_current_cert" + or + name = "SSL_CTX_sess_accept" + or + name = "SSL_CTX_sess_accept_good" + or + name = "SSL_CTX_sess_accept_renegotiate" + or + name = "SSL_CTX_sess_cache_full" + or + name = "SSL_CTX_sess_cb_hits" + or + name = "SSL_CTX_sess_connect" + or + name = "SSL_CTX_sess_connect_good" + or + name = "SSL_CTX_sess_connect_renegotiate" + or + name = "SSL_CTX_sess_get_cache_size" + or + name = "SSL_CTX_sess_get_get_cb" + or + name = "SSL_CTX_sess_get_new_cb" + or + name = "SSL_CTX_sess_get_remove_cb" + or + name = "SSL_CTX_sess_hits" + or + name = "SSL_CTX_sess_misses" + or + name = "SSL_CTX_sess_number" + or + name = "SSL_CTX_sess_set_cache_size" + or + name = "SSL_CTX_sess_set_get_cb" + or + name = "SSL_CTX_sess_set_new_cb" + or + name = "SSL_CTX_sess_set_remove_cb" + or + name = "SSL_CTX_sess_timeouts" + or + name = "SSL_CTX_sessions" + or + name = "SSL_CTX_set0_CA_list" + or + name = "SSL_CTX_set0_chain" + or + name = "SSL_CTX_set0_chain_cert_store" + or + name = "SSL_CTX_set0_security_ex_data" + or + name = "SSL_CTX_set0_tmp_dh_pkey" + or + name = "SSL_CTX_set0_verify_cert_store" + or + name = "SSL_CTX_set1_cert_comp_preference" + or + name = "SSL_CTX_set1_cert_store" + or + name = "SSL_CTX_set1_chain" + or + name = "SSL_CTX_set1_chain_cert_store" + or + name = "SSL_CTX_set1_client_cert_type" + or + name = "SSL_CTX_set1_client_sigalgs" + or + name = "SSL_CTX_set1_client_sigalgs_list" + or + name = "SSL_CTX_set1_compressed_cert" + or + name = "SSL_CTX_set1_curves" + or + name = "SSL_CTX_set1_curves_list" + or + name = "SSL_CTX_set1_groups" + or + name = "SSL_CTX_set1_groups_list" + or + name = "SSL_CTX_set1_param" + or + name = "SSL_CTX_set1_server_cert_type" + or + name = "SSL_CTX_set1_sigalgs" + or + name = "SSL_CTX_set1_sigalgs_list" + or + name = "SSL_CTX_set1_verify_cert_store" + or + name = "SSL_CTX_set_allow_early_data_cb" + or + name = "SSL_CTX_set_alpn_protos" + or + name = "SSL_CTX_set_alpn_select_cb" + or + name = "SSL_CTX_set_app_data" + or + name = "SSL_CTX_set_async_callback" + or + name = "SSL_CTX_set_async_callback_arg" + or + name = "SSL_CTX_set_block_padding" + or + name = "SSL_CTX_set_cert_cb" + or + name = "SSL_CTX_set_cert_store" + or + name = "SSL_CTX_set_cert_verify_callback" + or + name = "SSL_CTX_set_cipher_list" + or + name = "SSL_CTX_set_ciphersuites" + or + name = "SSL_CTX_set_client_CA_list" + or + name = "SSL_CTX_set_client_cert_cb" + or + name = "SSL_CTX_set_client_hello_cb" + or + name = "SSL_CTX_set_cookie_generate_cb" + or + name = "SSL_CTX_set_cookie_verify_cb" + or + name = "SSL_CTX_set_ct_validation_callback" + or + name = "SSL_CTX_set_ctlog_list_file" + or + name = "SSL_CTX_set_current_cert" + or + name = "SSL_CTX_set_custom_cli_ext" + or + name = "SSL_CTX_set_default_ctlog_list_file" + or + name = "SSL_CTX_set_default_passwd_cb" + or + name = "SSL_CTX_set_default_passwd_cb_userdata" + or + name = "SSL_CTX_set_default_read_ahead" + or + name = "SSL_CTX_set_default_read_buffer_len" + or + name = "SSL_CTX_set_default_verify_dir" + or + name = "SSL_CTX_set_default_verify_file" + or + name = "SSL_CTX_set_default_verify_paths" + or + name = "SSL_CTX_set_default_verify_store" + or + name = "SSL_CTX_set_dh_auto" + or + name = "SSL_CTX_set_ecdh_auto" + or + name = "SSL_CTX_set_ex_data" + or + name = "SSL_CTX_set_generate_session_id" + or + name = "SSL_CTX_set_info_callback" + or + name = "SSL_CTX_set_keylog_callback" + or + name = "SSL_CTX_set_max_cert_list" + or + name = "SSL_CTX_set_max_early_data" + or + name = "SSL_CTX_set_max_pipelines" + or + name = "SSL_CTX_set_max_proto_version" + or + name = "SSL_CTX_set_max_send_fragment" + or + name = "SSL_CTX_set_min_proto_version" + or + name = "SSL_CTX_set_mode" + or + name = "SSL_CTX_set_msg_callback" + or + name = "SSL_CTX_set_msg_callback_arg" + or + name = "SSL_CTX_set_next_proto_select_cb" + or + name = "SSL_CTX_set_next_protos_advertised_cb" + or + name = "SSL_CTX_set_num_tickets" + or + name = "SSL_CTX_set_options" + or + name = "SSL_CTX_set_post_handshake_auth" + or + name = "SSL_CTX_set_psk_client_callback" + or + name = "SSL_CTX_set_psk_find_session_callback" + or + name = "SSL_CTX_set_psk_server_callback" + or + name = "SSL_CTX_set_psk_use_session_callback" + or + name = "SSL_CTX_set_purpose" + or + name = "SSL_CTX_set_quiet_shutdown" + or + name = "SSL_CTX_set_read_ahead" + or + name = "SSL_CTX_set_record_padding_callback" + or + name = "SSL_CTX_set_record_padding_callback_arg" + or + name = "SSL_CTX_set_recv_max_early_data" + or + name = "SSL_CTX_set_security_callback" + or + name = "SSL_CTX_set_security_level" + or + name = "SSL_CTX_set_session_cache_mode" + or + name = "SSL_CTX_set_session_id_context" + or + name = "SSL_CTX_set_session_ticket_cb" + or + name = "SSL_CTX_set_split_send_fragment" + or + name = "SSL_CTX_set_srp_cb_arg" + or + name = "SSL_CTX_set_srp_client_pwd_callback" + or + name = "SSL_CTX_set_srp_password" + or + name = "SSL_CTX_set_srp_strength" + or + name = "SSL_CTX_set_srp_username" + or + name = "SSL_CTX_set_srp_username_callback" + or + name = "SSL_CTX_set_srp_verify_param_callback" + or + name = "SSL_CTX_set_ssl_version" + or + name = "SSL_CTX_set_stateless_cookie_generate_cb" + or + name = "SSL_CTX_set_stateless_cookie_verify_cb" + or + name = "SSL_CTX_set_timeout" + or + name = "SSL_CTX_set_tlsext_max_fragment_length" + or + name = "SSL_CTX_set_tlsext_servername_arg" + or + name = "SSL_CTX_set_tlsext_servername_callback" + or + name = "SSL_CTX_set_tlsext_status_arg" + or + name = "SSL_CTX_set_tlsext_status_cb" + or + name = "SSL_CTX_set_tlsext_status_type" + or + name = "SSL_CTX_set_tlsext_ticket_key_cb" + or + name = "SSL_CTX_set_tlsext_ticket_key_evp_cb" + or + name = "SSL_CTX_set_tlsext_use_srtp" + or + name = "SSL_CTX_set_tmp_dh" + or + name = "SSL_CTX_set_tmp_dh_callback" + or + name = "SSL_CTX_set_tmp_ecdh" + or + name = "SSL_CTX_set_tmp_rsa" + or + name = "SSL_CTX_set_tmp_rsa_callback" + or + name = "SSL_CTX_set_trust" + or + name = "SSL_CTX_set_verify" + or + name = "SSL_CTX_set_verify_depth" + or + name = "SSL_CTX_up_ref" + or + name = "SSL_CTX_use_PrivateKey" + or + name = "SSL_CTX_use_PrivateKey_ASN1" + or + name = "SSL_CTX_use_PrivateKey_file" + or + name = "SSL_CTX_use_RSAPrivateKey" + or + name = "SSL_CTX_use_RSAPrivateKey_ASN1" + or + name = "SSL_CTX_use_RSAPrivateKey_file" + or + name = "SSL_CTX_use_cert_and_key" + or + name = "SSL_CTX_use_certificate" + or + name = "SSL_CTX_use_certificate_ASN1" + or + name = "SSL_CTX_use_certificate_chain_file" + or + name = "SSL_CTX_use_certificate_file" + or + name = "SSL_CTX_use_psk_identity_hint" + or + name = "SSL_CTX_use_serverinfo" + or + name = "SSL_CTX_use_serverinfo_ex" + or + name = "SSL_CTX_use_serverinfo_file" + or + name = "SSL_OP_BIT" + or + name = "SSL_SESSION_dup" + or + name = "SSL_SESSION_free" + or + name = "SSL_SESSION_get0_alpn_selected" + or + name = "SSL_SESSION_get0_cipher" + or + name = "SSL_SESSION_get0_hostname" + or + name = "SSL_SESSION_get0_id_context" + or + name = "SSL_SESSION_get0_peer" + or + name = "SSL_SESSION_get0_peer_rpk" + or + name = "SSL_SESSION_get0_ticket" + or + name = "SSL_SESSION_get0_ticket_appdata" + or + name = "SSL_SESSION_get_app_data" + or + name = "SSL_SESSION_get_compress_id" + or + name = "SSL_SESSION_get_ex_data" + or + name = "SSL_SESSION_get_ex_new_index" + or + name = "SSL_SESSION_get_id" + or + name = "SSL_SESSION_get_master_key" + or + name = "SSL_SESSION_get_max_early_data" + or + name = "SSL_SESSION_get_max_fragment_length" + or + name = "SSL_SESSION_get_protocol_version" + or + name = "SSL_SESSION_get_ticket_lifetime_hint" + or + name = "SSL_SESSION_get_time" + or + name = "SSL_SESSION_get_timeout" + or + name = "SSL_SESSION_has_ticket" + or + name = "SSL_SESSION_is_resumable" + or + name = "SSL_SESSION_new" + or + name = "SSL_SESSION_print" + or + name = "SSL_SESSION_print_fp" + or + name = "SSL_SESSION_print_keylog" + or + name = "SSL_SESSION_set1_alpn_selected" + or + name = "SSL_SESSION_set1_hostname" + or + name = "SSL_SESSION_set1_id" + or + name = "SSL_SESSION_set1_id_context" + or + name = "SSL_SESSION_set1_master_key" + or + name = "SSL_SESSION_set1_ticket_appdata" + or + name = "SSL_SESSION_set_app_data" + or + name = "SSL_SESSION_set_cipher" + or + name = "SSL_SESSION_set_ex_data" + or + name = "SSL_SESSION_set_max_early_data" + or + name = "SSL_SESSION_set_protocol_version" + or + name = "SSL_SESSION_set_time" + or + name = "SSL_SESSION_set_timeout" + or + name = "SSL_SESSION_up_ref" + or + name = "SSL_accept" + or + name = "SSL_add0_chain_cert" + or + name = "SSL_add1_chain_cert" + or + name = "SSL_add1_host" + or + name = "SSL_add1_to_CA_list" + or + name = "SSL_add_client_CA" + or + name = "SSL_add_dir_cert_subjects_to_stack" + or + name = "SSL_add_expected_rpk" + or + name = "SSL_add_file_cert_subjects_to_stack" + or + name = "SSL_add_session" + or + name = "SSL_add_store_cert_subjects_to_stack" + or + name = "SSL_alert_desc_string" + or + name = "SSL_alert_desc_string_long" + or + name = "SSL_alert_type_string" + or + name = "SSL_alert_type_string_long" + or + name = "SSL_alloc_buffers" + or + name = "SSL_allow_early_data_cb_fn" + or + name = "SSL_async_callback_fn" + or + name = "SSL_build_cert_chain" + or + name = "SSL_bytes_to_cipher_list" + or + name = "SSL_callback_ctrl" + or + name = "SSL_check_chain" + or + name = "SSL_check_private_key" + or + name = "SSL_clear" + or + name = "SSL_clear_chain_certs" + or + name = "SSL_clear_mode" + or + name = "SSL_clear_options" + or + name = "SSL_client_hello_cb_fn" + or + name = "SSL_client_hello_get0_ciphers" + or + name = "SSL_client_hello_get0_compression_methods" + or + name = "SSL_client_hello_get0_ext" + or + name = "SSL_client_hello_get0_legacy_version" + or + name = "SSL_client_hello_get0_random" + or + name = "SSL_client_hello_get0_session_id" + or + name = "SSL_client_hello_get1_extensions_present" + or + name = "SSL_client_hello_get_extension_order" + or + name = "SSL_client_hello_isv2" + or + name = "SSL_client_version" + or + name = "SSL_compress_certs" + or + name = "SSL_config" + or + name = "SSL_connect" + or + name = "SSL_ct_is_enabled" + or + name = "SSL_ctrl" + or + name = "SSL_custom_ext_add_cb_ex" + or + name = "SSL_custom_ext_free_cb_ex" + or + name = "SSL_custom_ext_parse_cb_ex" + or + name = "SSL_dane_clear_flags" + or + name = "SSL_dane_enable" + or + name = "SSL_dane_set_flags" + or + name = "SSL_dane_tlsa_add" + or + name = "SSL_disable_ct" + or + name = "SSL_do_handshake" + or + name = "SSL_dup" + or + name = "SSL_enable_ct" + or + name = "SSL_export_keying_material" + or + name = "SSL_export_keying_material_early" + or + name = "SSL_extension_supported" + or + name = "SSL_flush_sessions" + or + name = "SSL_free" + or + name = "SSL_free_buffers" + or + name = "SSL_get0_CA_list" + or + name = "SSL_get0_alpn_selected" + or + name = "SSL_get0_chain_cert_store" + or + name = "SSL_get0_chain_certs" + or + name = "SSL_get0_client_cert_type" + or + name = "SSL_get0_dane_authority" + or + name = "SSL_get0_dane_tlsa" + or + name = "SSL_get0_iana_groups" + or + name = "SSL_get0_next_proto_negotiated" + or + name = "SSL_get0_param" + or + name = "SSL_get0_peer_CA_list" + or + name = "SSL_get0_peer_certificate" + or + name = "SSL_get0_peer_rpk" + or + name = "SSL_get0_peer_scts" + or + name = "SSL_get0_peername" + or + name = "SSL_get0_security_ex_data" + or + name = "SSL_get0_server_cert_type" + or + name = "SSL_get0_session" + or + name = "SSL_get0_verified_chain" + or + name = "SSL_get0_verify_cert_store" + or + name = "SSL_get1_compressed_cert" + or + name = "SSL_get1_curves" + or + name = "SSL_get1_groups" + or + name = "SSL_get1_peer_certificate" + or + name = "SSL_get1_session" + or + name = "SSL_get1_supported_ciphers" + or + name = "SSL_get_SSL_CTX" + or + name = "SSL_get_accept_state" + or + name = "SSL_get_all_async_fds" + or + name = "SSL_get_app_data" + or + name = "SSL_get_async_status" + or + name = "SSL_get_blocking_mode" + or + name = "SSL_get_certificate" + or + name = "SSL_get_changed_async_fds" + or + name = "SSL_get_cipher" + or + name = "SSL_get_cipher_bits" + or + name = "SSL_get_cipher_list" + or + name = "SSL_get_cipher_name" + or + name = "SSL_get_cipher_version" + or + name = "SSL_get_ciphers" + or + name = "SSL_get_client_CA_list" + or + name = "SSL_get_client_ciphers" + or + name = "SSL_get_client_random" + or + name = "SSL_get_current_cipher" + or + name = "SSL_get_default_passwd_cb" + or + name = "SSL_get_default_passwd_cb_userdata" + or + name = "SSL_get_default_timeout" + or + name = "SSL_get_early_data_status" + or + name = "SSL_get_error" + or + name = "SSL_get_ex_data" + or + name = "SSL_get_ex_data_X509_STORE_CTX_idx" + or + name = "SSL_get_ex_new_index" + or + name = "SSL_get_extms_support" + or + name = "SSL_get_fd" + or + name = "SSL_get_info_callback" + or + name = "SSL_get_key_update_type" + or + name = "SSL_get_max_cert_list" + or + name = "SSL_get_max_early_data" + or + name = "SSL_get_max_proto_version" + or + name = "SSL_get_min_proto_version" + or + name = "SSL_get_mode" + or + name = "SSL_get_msg_callback_arg" + or + name = "SSL_get_negotiated_client_cert_type" + or + name = "SSL_get_negotiated_group" + or + name = "SSL_get_negotiated_server_cert_type" + or + name = "SSL_get_num_tickets" + or + name = "SSL_get_options" + or + name = "SSL_get_peer_cert_chain" + or + name = "SSL_get_peer_certificate" + or + name = "SSL_get_peer_signature_nid" + or + name = "SSL_get_peer_signature_type_nid" + or + name = "SSL_get_peer_tmp_key" + or + name = "SSL_get_pending_cipher" + or + name = "SSL_get_privatekey" + or + name = "SSL_get_psk_identity" + or + name = "SSL_get_psk_identity_hint" + or + name = "SSL_get_quiet_shutdown" + or + name = "SSL_get_rbio" + or + name = "SSL_get_read_ahead" + or + name = "SSL_get_record_padding_callback_arg" + or + name = "SSL_get_recv_max_early_data" + or + name = "SSL_get_rfd" + or + name = "SSL_get_rpoll_descriptor" + or + name = "SSL_get_secure_renegotiation_support" + or + name = "SSL_get_security_callback" + or + name = "SSL_get_security_level" + or + name = "SSL_get_selected_srtp_profile" + or + name = "SSL_get_server_random" + or + name = "SSL_get_server_tmp_key" + or + name = "SSL_get_servername" + or + name = "SSL_get_servername_type" + or + name = "SSL_get_session" + or + name = "SSL_get_shared_ciphers" + or + name = "SSL_get_shared_curve" + or + name = "SSL_get_shared_group" + or + name = "SSL_get_shared_sigalgs" + or + name = "SSL_get_shutdown" + or + name = "SSL_get_sigalgs" + or + name = "SSL_get_signature_nid" + or + name = "SSL_get_signature_type_nid" + or + name = "SSL_get_srp_N" + or + name = "SSL_get_srp_g" + or + name = "SSL_get_srp_userinfo" + or + name = "SSL_get_srp_username" + or + name = "SSL_get_srtp_profiles" + or + name = "SSL_get_ssl_method" + or + name = "SSL_get_state" + or + name = "SSL_get_tick_timeout" + or + name = "SSL_get_time" + or + name = "SSL_get_timeout" + or + name = "SSL_get_tlsext_status_ocsp_resp" + or + name = "SSL_get_tlsext_status_type" + or + name = "SSL_get_tmp_key" + or + name = "SSL_get_verify_callback" + or + name = "SSL_get_verify_depth" + or + name = "SSL_get_verify_mode" + or + name = "SSL_get_verify_result" + or + name = "SSL_get_version" + or + name = "SSL_get_wbio" + or + name = "SSL_get_wfd" + or + name = "SSL_get_wpoll_descriptor" + or + name = "SSL_group_to_name" + or + name = "SSL_has_matching_session_id" + or + name = "SSL_has_pending" + or + name = "SSL_in_accept_init" + or + name = "SSL_in_before" + or + name = "SSL_in_connect_init" + or + name = "SSL_in_init" + or + name = "SSL_inject_net_dgram" + or + name = "SSL_is_dtls" + or + name = "SSL_is_init_finished" + or + name = "SSL_is_quic" + or + name = "SSL_is_server" + or + name = "SSL_is_tls" + or + name = "SSL_key_update" + or + name = "SSL_library_init" + or + name = "SSL_load_client_CA_file" + or + name = "SSL_load_client_CA_file_ex" + or + name = "SSL_load_error_strings" + or + name = "SSL_need_tmp_rsa" + or + name = "SSL_net_read_desired" + or + name = "SSL_net_write_desired" + or + name = "SSL_new" + or + name = "SSL_new_session_ticket" + or + name = "SSL_peek" + or + name = "SSL_peek_ex" + or + name = "SSL_pending" + or + name = "SSL_psk_client_cb_func" + or + name = "SSL_psk_find_session_cb_func" + or + name = "SSL_psk_server_cb_func" + or + name = "SSL_psk_use_session_cb_func" + or + name = "SSL_read" + or + name = "SSL_read_early_data" + or + name = "SSL_read_ex" + or + name = "SSL_remove_session" + or + name = "SSL_renegotiate" + or + name = "SSL_renegotiate_abbreviated" + or + name = "SSL_renegotiate_pending" + or + name = "SSL_rstate_string" + or + name = "SSL_rstate_string_long" + or + name = "SSL_select_current_cert" + or + name = "SSL_select_next_proto" + or + name = "SSL_sendfile" + or + name = "SSL_session_reused" + or + name = "SSL_set0_CA_list" + or + name = "SSL_set0_chain" + or + name = "SSL_set0_chain_cert_store" + or + name = "SSL_set0_rbio" + or + name = "SSL_set0_security_ex_data" + or + name = "SSL_set0_tmp_dh_pkey" + or + name = "SSL_set0_verify_cert_store" + or + name = "SSL_set0_wbio" + or + name = "SSL_set1_cert_comp_preference" + or + name = "SSL_set1_chain" + or + name = "SSL_set1_chain_cert_store" + or + name = "SSL_set1_client_cert_type" + or + name = "SSL_set1_client_sigalgs" + or + name = "SSL_set1_client_sigalgs_list" + or + name = "SSL_set1_compressed_cert" + or + name = "SSL_set1_curves" + or + name = "SSL_set1_curves_list" + or + name = "SSL_set1_groups" + or + name = "SSL_set1_groups_list" + or + name = "SSL_set1_host" + or + name = "SSL_set1_param" + or + name = "SSL_set1_server_cert_type" + or + name = "SSL_set1_sigalgs" + or + name = "SSL_set1_sigalgs_list" + or + name = "SSL_set1_verify_cert_store" + or + name = "SSL_set_accept_state" + or + name = "SSL_set_allow_early_data_cb" + or + name = "SSL_set_alpn_protos" + or + name = "SSL_set_app_data" + or + name = "SSL_set_async_callback" + or + name = "SSL_set_async_callback_arg" + or + name = "SSL_set_bio" + or + name = "SSL_set_block_padding" + or + name = "SSL_set_blocking_mode" + or + name = "SSL_set_cert_cb" + or + name = "SSL_set_cipher_list" + or + name = "SSL_set_ciphersuites" + or + name = "SSL_set_client_CA_list" + or + name = "SSL_set_connect_state" + or + name = "SSL_set_ct_validation_callback" + or + name = "SSL_set_current_cert" + or + name = "SSL_set_default_passwd_cb" + or + name = "SSL_set_default_passwd_cb_userdata" + or + name = "SSL_set_default_read_buffer_len" + or + name = "SSL_set_dh_auto" + or + name = "SSL_set_ecdh_auto" + or + name = "SSL_set_ex_data" + or + name = "SSL_set_fd" + or + name = "SSL_set_generate_session_id" + or + name = "SSL_set_hostflags" + or + name = "SSL_set_info_callback" + or + name = "SSL_set_initial_peer_addr" + or + name = "SSL_set_max_cert_list" + or + name = "SSL_set_max_early_data" + or + name = "SSL_set_max_pipelines" + or + name = "SSL_set_max_proto_version" + or + name = "SSL_set_max_send_fragment" + or + name = "SSL_set_min_proto_version" + or + name = "SSL_set_mode" + or + name = "SSL_set_msg_callback" + or + name = "SSL_set_msg_callback_arg" + or + name = "SSL_set_num_tickets" + or + name = "SSL_set_options" + or + name = "SSL_set_post_handshake_auth" + or + name = "SSL_set_psk_client_callback" + or + name = "SSL_set_psk_find_session_callback" + or + name = "SSL_set_psk_server_callback" + or + name = "SSL_set_psk_use_session_callback" + or + name = "SSL_set_purpose" + or + name = "SSL_set_quiet_shutdown" + or + name = "SSL_set_read_ahead" + or + name = "SSL_set_record_padding_callback" + or + name = "SSL_set_record_padding_callback_arg" + or + name = "SSL_set_recv_max_early_data" + or + name = "SSL_set_retry_verify" + or + name = "SSL_set_rfd" + or + name = "SSL_set_security_callback" + or + name = "SSL_set_security_level" + or + name = "SSL_set_session" + or + name = "SSL_set_session_id_context" + or + name = "SSL_set_shutdown" + or + name = "SSL_set_split_send_fragment" + or + name = "SSL_set_srp_server_param" + or + name = "SSL_set_srp_server_param_pw" + or + name = "SSL_set_ssl_method" + or + name = "SSL_set_time" + or + name = "SSL_set_timeout" + or + name = "SSL_set_tlsext_host_name" + or + name = "SSL_set_tlsext_max_fragment_length" + or + name = "SSL_set_tlsext_status_ocsp_resp" + or + name = "SSL_set_tlsext_status_type" + or + name = "SSL_set_tlsext_use_srtp" + or + name = "SSL_set_tmp_dh" + or + name = "SSL_set_tmp_dh_callback" + or + name = "SSL_set_tmp_ecdh" + or + name = "SSL_set_tmp_rsa" + or + name = "SSL_set_tmp_rsa_callback" + or + name = "SSL_set_trust" + or + name = "SSL_set_verify" + or + name = "SSL_set_verify_depth" + or + name = "SSL_set_verify_result" + or + name = "SSL_set_wfd" + or + name = "SSL_shutdown" + or + name = "SSL_shutdown_ex" + or + name = "SSL_state_string" + or + name = "SSL_state_string_long" + or + name = "SSL_stateless" + or + name = "SSL_stream_conclude" + or + name = "SSL_tick" + or + name = "SSL_up_ref" + or + name = "SSL_use_PrivateKey" + or + name = "SSL_use_PrivateKey_ASN1" + or + name = "SSL_use_PrivateKey_file" + or + name = "SSL_use_RSAPrivateKey" + or + name = "SSL_use_RSAPrivateKey_ASN1" + or + name = "SSL_use_RSAPrivateKey_file" + or + name = "SSL_use_cert_and_key" + or + name = "SSL_use_certificate" + or + name = "SSL_use_certificate_ASN1" + or + name = "SSL_use_certificate_chain_file" + or + name = "SSL_use_certificate_file" + or + name = "SSL_use_psk_identity_hint" + or + name = "SSL_verify_cb" + or + name = "SSL_verify_client_post_handshake" + or + name = "SSL_version" + or + name = "SSL_waiting_for_async" + or + name = "SSL_want" + or + name = "SSL_want_async" + or + name = "SSL_want_async_job" + or + name = "SSL_want_client_hello_cb" + or + name = "SSL_want_nothing" + or + name = "SSL_want_read" + or + name = "SSL_want_retry_verify" + or + name = "SSL_want_write" + or + name = "SSL_want_x509_lookup" + or + name = "SSL_write" + or + name = "SSL_write_early_data" + or + name = "SSL_write_ex" + or + name = "SSLeay" + or + name = "SSLeay_add_ssl_algorithms" + or + name = "SSLeay_version" + or + name = "SSLv23_client_method" + or + name = "SSLv23_method" + or + name = "SSLv23_server_method" + or + name = "SSLv2_client_method" + or + name = "SSLv2_method" + or + name = "SSLv2_server_method" + or + name = "SSLv3_client_method" + or + name = "SSLv3_method" + or + name = "SSLv3_server_method" + or + name = "SXNETID_free" + or + name = "SXNETID_new" + or + name = "SXNET_free" + or + name = "SXNET_new" + or + name = "TLS_FEATURE_free" + or + name = "TLS_FEATURE_new" + or + name = "TLS_client_method" + or + name = "TLS_method" + or + name = "TLS_server_method" + or + name = "TLSv1_1_client_method" + or + name = "TLSv1_1_method" + or + name = "TLSv1_1_server_method" + or + name = "TLSv1_2_client_method" + or + name = "TLSv1_2_method" + or + name = "TLSv1_2_server_method" + or + name = "TLSv1_client_method" + or + name = "TLSv1_method" + or + name = "TLSv1_server_method" + or + name = "TS_ACCURACY_dup" + or + name = "TS_ACCURACY_free" + or + name = "TS_ACCURACY_new" + or + name = "TS_MSG_IMPRINT_dup" + or + name = "TS_MSG_IMPRINT_free" + or + name = "TS_MSG_IMPRINT_new" + or + name = "TS_REQ_dup" + or + name = "TS_REQ_free" + or + name = "TS_REQ_new" + or + name = "TS_RESP_CTX_free" + or + name = "TS_RESP_CTX_new" + or + name = "TS_RESP_CTX_new_ex" + or + name = "TS_RESP_dup" + or + name = "TS_RESP_free" + or + name = "TS_RESP_new" + or + name = "TS_STATUS_INFO_dup" + or + name = "TS_STATUS_INFO_free" + or + name = "TS_STATUS_INFO_new" + or + name = "TS_TST_INFO_dup" + or + name = "TS_TST_INFO_free" + or + name = "TS_TST_INFO_new" + or + name = "TS_VERIFY_CTS_set_certs" + or + name = "TS_VERIFY_CTX_set_certs" + or + name = "UI" + or + name = "UI_METHOD" + or + name = "UI_OpenSSL" + or + name = "UI_STRING" + or + name = "UI_UTIL_read_pw" + or + name = "UI_UTIL_read_pw_string" + or + name = "UI_UTIL_wrap_read_pem_callback" + or + name = "UI_add_error_string" + or + name = "UI_add_info_string" + or + name = "UI_add_input_boolean" + or + name = "UI_add_input_string" + or + name = "UI_add_user_data" + or + name = "UI_add_verify_string" + or + name = "UI_construct_prompt" + or + name = "UI_create_method" + or + name = "UI_ctrl" + or + name = "UI_destroy_method" + or + name = "UI_dup_error_string" + or + name = "UI_dup_info_string" + or + name = "UI_dup_input_boolean" + or + name = "UI_dup_input_string" + or + name = "UI_dup_user_data" + or + name = "UI_dup_verify_string" + or + name = "UI_free" + or + name = "UI_get0_action_string" + or + name = "UI_get0_output_string" + or + name = "UI_get0_result" + or + name = "UI_get0_result_string" + or + name = "UI_get0_test_string" + or + name = "UI_get0_user_data" + or + name = "UI_get_app_data" + or + name = "UI_get_default_method" + or + name = "UI_get_ex_data" + or + name = "UI_get_ex_new_index" + or + name = "UI_get_input_flags" + or + name = "UI_get_method" + or + name = "UI_get_result_length" + or + name = "UI_get_result_maxsize" + or + name = "UI_get_result_minsize" + or + name = "UI_get_result_string_length" + or + name = "UI_get_string_type" + or + name = "UI_method_get_closer" + or + name = "UI_method_get_data_destructor" + or + name = "UI_method_get_data_duplicator" + or + name = "UI_method_get_ex_data" + or + name = "UI_method_get_flusher" + or + name = "UI_method_get_opener" + or + name = "UI_method_get_prompt_constructor" + or + name = "UI_method_get_reader" + or + name = "UI_method_get_writer" + or + name = "UI_method_set_closer" + or + name = "UI_method_set_data_duplicator" + or + name = "UI_method_set_ex_data" + or + name = "UI_method_set_flusher" + or + name = "UI_method_set_opener" + or + name = "UI_method_set_prompt_constructor" + or + name = "UI_method_set_reader" + or + name = "UI_method_set_writer" + or + name = "UI_new" + or + name = "UI_new_method" + or + name = "UI_null" + or + name = "UI_process" + or + name = "UI_set_app_data" + or + name = "UI_set_default_method" + or + name = "UI_set_ex_data" + or + name = "UI_set_method" + or + name = "UI_set_result" + or + name = "UI_set_result_ex" + or + name = "UI_string_types" + or + name = "USERNOTICE_free" + or + name = "USERNOTICE_new" + or + name = "X509V3_EXT_d2i" + or + name = "X509V3_EXT_i2d" + or + name = "X509V3_add1_i2d" + or + name = "X509V3_get_d2i" + or + name = "X509V3_set_ctx" + or + name = "X509V3_set_issuer_pkey" + or + name = "X509_ALGOR_cmp" + or + name = "X509_ALGOR_copy" + or + name = "X509_ALGOR_dup" + or + name = "X509_ALGOR_free" + or + name = "X509_ALGOR_get0" + or + name = "X509_ALGOR_it" + or + name = "X509_ALGOR_new" + or + name = "X509_ALGOR_set0" + or + name = "X509_ALGOR_set_md" + or + name = "X509_ATTRIBUTE_dup" + or + name = "X509_ATTRIBUTE_free" + or + name = "X509_ATTRIBUTE_new" + or + name = "X509_CERT_AUX_free" + or + name = "X509_CERT_AUX_new" + or + name = "X509_CINF_free" + or + name = "X509_CINF_new" + or + name = "X509_CRL_INFO_free" + or + name = "X509_CRL_INFO_new" + or + name = "X509_CRL_add0_revoked" + or + name = "X509_CRL_add1_ext_i2d" + or + name = "X509_CRL_add_ext" + or + name = "X509_CRL_cmp" + or + name = "X509_CRL_delete_ext" + or + name = "X509_CRL_digest" + or + name = "X509_CRL_dup" + or + name = "X509_CRL_free" + or + name = "X509_CRL_get0_by_cert" + or + name = "X509_CRL_get0_by_serial" + or + name = "X509_CRL_get0_extensions" + or + name = "X509_CRL_get0_lastUpdate" + or + name = "X509_CRL_get0_nextUpdate" + or + name = "X509_CRL_get0_signature" + or + name = "X509_CRL_get_REVOKED" + or + name = "X509_CRL_get_ext" + or + name = "X509_CRL_get_ext_by_NID" + or + name = "X509_CRL_get_ext_by_OBJ" + or + name = "X509_CRL_get_ext_by_critical" + or + name = "X509_CRL_get_ext_count" + or + name = "X509_CRL_get_ext_d2i" + or + name = "X509_CRL_get_issuer" + or + name = "X509_CRL_get_signature_nid" + or + name = "X509_CRL_get_version" + or + name = "X509_CRL_http_nbio" + or + name = "X509_CRL_load_http" + or + name = "X509_CRL_match" + or + name = "X509_CRL_new" + or + name = "X509_CRL_new_ex" + or + name = "X509_CRL_set1_lastUpdate" + or + name = "X509_CRL_set1_nextUpdate" + or + name = "X509_CRL_set_issuer_name" + or + name = "X509_CRL_set_version" + or + name = "X509_CRL_sign" + or + name = "X509_CRL_sign_ctx" + or + name = "X509_CRL_sort" + or + name = "X509_CRL_verify" + or + name = "X509_EXTENSION_create_by_NID" + or + name = "X509_EXTENSION_create_by_OBJ" + or + name = "X509_EXTENSION_dup" + or + name = "X509_EXTENSION_free" + or + name = "X509_EXTENSION_get_critical" + or + name = "X509_EXTENSION_get_data" + or + name = "X509_EXTENSION_get_object" + or + name = "X509_EXTENSION_new" + or + name = "X509_EXTENSION_set_critical" + or + name = "X509_EXTENSION_set_data" + or + name = "X509_EXTENSION_set_object" + or + name = "X509_LOOKUP" + or + name = "X509_LOOKUP_METHOD" + or + name = "X509_LOOKUP_TYPE" + or + name = "X509_LOOKUP_add_dir" + or + name = "X509_LOOKUP_add_store" + or + name = "X509_LOOKUP_add_store_ex" + or + name = "X509_LOOKUP_by_alias" + or + name = "X509_LOOKUP_by_fingerprint" + or + name = "X509_LOOKUP_by_issuer_serial" + or + name = "X509_LOOKUP_by_subject" + or + name = "X509_LOOKUP_by_subject_ex" + or + name = "X509_LOOKUP_ctrl" + or + name = "X509_LOOKUP_ctrl_ex" + or + name = "X509_LOOKUP_ctrl_fn" + or + name = "X509_LOOKUP_file" + or + name = "X509_LOOKUP_free" + or + name = "X509_LOOKUP_get_by_alias_fn" + or + name = "X509_LOOKUP_get_by_fingerprint_fn" + or + name = "X509_LOOKUP_get_by_issuer_serial_fn" + or + name = "X509_LOOKUP_get_by_subject_fn" + or + name = "X509_LOOKUP_get_method_data" + or + name = "X509_LOOKUP_get_store" + or + name = "X509_LOOKUP_hash_dir" + or + name = "X509_LOOKUP_init" + or + name = "X509_LOOKUP_load_file" + or + name = "X509_LOOKUP_load_file_ex" + or + name = "X509_LOOKUP_load_store" + or + name = "X509_LOOKUP_load_store_ex" + or + name = "X509_LOOKUP_meth_free" + or + name = "X509_LOOKUP_meth_get_ctrl" + or + name = "X509_LOOKUP_meth_get_free" + or + name = "X509_LOOKUP_meth_get_get_by_alias" + or + name = "X509_LOOKUP_meth_get_get_by_fingerprint" + or + name = "X509_LOOKUP_meth_get_get_by_issuer_serial" + or + name = "X509_LOOKUP_meth_get_get_by_subject" + or + name = "X509_LOOKUP_meth_get_init" + or + name = "X509_LOOKUP_meth_get_new_item" + or + name = "X509_LOOKUP_meth_get_shutdown" + or + name = "X509_LOOKUP_meth_new" + or + name = "X509_LOOKUP_meth_set_ctrl" + or + name = "X509_LOOKUP_meth_set_free" + or + name = "X509_LOOKUP_meth_set_get_by_alias" + or + name = "X509_LOOKUP_meth_set_get_by_fingerprint" + or + name = "X509_LOOKUP_meth_set_get_by_issuer_serial" + or + name = "X509_LOOKUP_meth_set_get_by_subject" + or + name = "X509_LOOKUP_meth_set_init" + or + name = "X509_LOOKUP_meth_set_new_item" + or + name = "X509_LOOKUP_meth_set_shutdown" + or + name = "X509_LOOKUP_new" + or + name = "X509_LOOKUP_set_method_data" + or + name = "X509_LOOKUP_shutdown" + or + name = "X509_LOOKUP_store" + or + name = "X509_NAME_ENTRY_create_by_NID" + or + name = "X509_NAME_ENTRY_create_by_OBJ" + or + name = "X509_NAME_ENTRY_create_by_txt" + or + name = "X509_NAME_ENTRY_dup" + or + name = "X509_NAME_ENTRY_free" + or + name = "X509_NAME_ENTRY_get_data" + or + name = "X509_NAME_ENTRY_get_object" + or + name = "X509_NAME_ENTRY_new" + or + name = "X509_NAME_ENTRY_set_data" + or + name = "X509_NAME_ENTRY_set_object" + or + name = "X509_NAME_add_entry" + or + name = "X509_NAME_add_entry_by_NID" + or + name = "X509_NAME_add_entry_by_OBJ" + or + name = "X509_NAME_add_entry_by_txt" + or + name = "X509_NAME_cmp" + or + name = "X509_NAME_delete_entry" + or + name = "X509_NAME_digest" + or + name = "X509_NAME_dup" + or + name = "X509_NAME_entry_count" + or + name = "X509_NAME_free" + or + name = "X509_NAME_get0_der" + or + name = "X509_NAME_get_entry" + or + name = "X509_NAME_get_index_by_NID" + or + name = "X509_NAME_get_index_by_OBJ" + or + name = "X509_NAME_get_text_by_NID" + or + name = "X509_NAME_get_text_by_OBJ" + or + name = "X509_NAME_hash" + or + name = "X509_NAME_hash_ex" + or + name = "X509_NAME_new" + or + name = "X509_NAME_oneline" + or + name = "X509_NAME_print" + or + name = "X509_NAME_print_ex" + or + name = "X509_NAME_print_ex_fp" + or + name = "X509_OBJECT_set1_X509" + or + name = "X509_OBJECT_set1_X509_CRL" + or + name = "X509_PUBKEY_dup" + or + name = "X509_PUBKEY_eq" + or + name = "X509_PUBKEY_free" + or + name = "X509_PUBKEY_get" + or + name = "X509_PUBKEY_get0" + or + name = "X509_PUBKEY_get0_param" + or + name = "X509_PUBKEY_new" + or + name = "X509_PUBKEY_new_ex" + or + name = "X509_PUBKEY_set" + or + name = "X509_PUBKEY_set0_param" + or + name = "X509_PUBKEY_set0_public_key" + or + name = "X509_REQ_INFO_free" + or + name = "X509_REQ_INFO_new" + or + name = "X509_REQ_add_extensions" + or + name = "X509_REQ_add_extensions_nid" + or + name = "X509_REQ_check_private_key" + or + name = "X509_REQ_digest" + or + name = "X509_REQ_dup" + or + name = "X509_REQ_free" + or + name = "X509_REQ_get0_distinguishing_id" + or + name = "X509_REQ_get0_pubkey" + or + name = "X509_REQ_get0_signature" + or + name = "X509_REQ_get_X509_PUBKEY" + or + name = "X509_REQ_get_extensions" + or + name = "X509_REQ_get_pubkey" + or + name = "X509_REQ_get_signature_nid" + or + name = "X509_REQ_get_subject_name" + or + name = "X509_REQ_get_version" + or + name = "X509_REQ_new" + or + name = "X509_REQ_new_ex" + or + name = "X509_REQ_set0_distinguishing_id" + or + name = "X509_REQ_set0_signature" + or + name = "X509_REQ_set1_signature_algo" + or + name = "X509_REQ_set_pubkey" + or + name = "X509_REQ_set_subject_name" + or + name = "X509_REQ_set_version" + or + name = "X509_REQ_sign" + or + name = "X509_REQ_sign_ctx" + or + name = "X509_REQ_verify" + or + name = "X509_REQ_verify_ex" + or + name = "X509_REVOKED_add1_ext_i2d" + or + name = "X509_REVOKED_add_ext" + or + name = "X509_REVOKED_delete_ext" + or + name = "X509_REVOKED_dup" + or + name = "X509_REVOKED_free" + or + name = "X509_REVOKED_get0_extensions" + or + name = "X509_REVOKED_get0_revocationDate" + or + name = "X509_REVOKED_get0_serialNumber" + or + name = "X509_REVOKED_get_ext" + or + name = "X509_REVOKED_get_ext_by_NID" + or + name = "X509_REVOKED_get_ext_by_OBJ" + or + name = "X509_REVOKED_get_ext_by_critical" + or + name = "X509_REVOKED_get_ext_count" + or + name = "X509_REVOKED_get_ext_d2i" + or + name = "X509_REVOKED_new" + or + name = "X509_REVOKED_set_revocationDate" + or + name = "X509_REVOKED_set_serialNumber" + or + name = "X509_SIG_INFO_get" + or + name = "X509_SIG_INFO_set" + or + name = "X509_SIG_free" + or + name = "X509_SIG_get0" + or + name = "X509_SIG_getm" + or + name = "X509_SIG_new" + or + name = "X509_STORE" + or + name = "X509_STORE_CTX_cert_crl_fn" + or + name = "X509_STORE_CTX_check_crl_fn" + or + name = "X509_STORE_CTX_check_issued_fn" + or + name = "X509_STORE_CTX_check_policy_fn" + or + name = "X509_STORE_CTX_check_revocation_fn" + or + name = "X509_STORE_CTX_cleanup" + or + name = "X509_STORE_CTX_cleanup_fn" + or + name = "X509_STORE_CTX_free" + or + name = "X509_STORE_CTX_get0_cert" + or + name = "X509_STORE_CTX_get0_chain" + or + name = "X509_STORE_CTX_get0_param" + or + name = "X509_STORE_CTX_get0_rpk" + or + name = "X509_STORE_CTX_get0_untrusted" + or + name = "X509_STORE_CTX_get1_chain" + or + name = "X509_STORE_CTX_get1_issuer" + or + name = "X509_STORE_CTX_get_app_data" + or + name = "X509_STORE_CTX_get_by_subject" + or + name = "X509_STORE_CTX_get_cert_crl" + or + name = "X509_STORE_CTX_get_check_crl" + or + name = "X509_STORE_CTX_get_check_issued" + or + name = "X509_STORE_CTX_get_check_policy" + or + name = "X509_STORE_CTX_get_check_revocation" + or + name = "X509_STORE_CTX_get_cleanup" + or + name = "X509_STORE_CTX_get_crl_fn" + or + name = "X509_STORE_CTX_get_current_cert" + or + name = "X509_STORE_CTX_get_error" + or + name = "X509_STORE_CTX_get_error_depth" + or + name = "X509_STORE_CTX_get_ex_data" + or + name = "X509_STORE_CTX_get_ex_new_index" + or + name = "X509_STORE_CTX_get_get_crl" + or + name = "X509_STORE_CTX_get_get_issuer" + or + name = "X509_STORE_CTX_get_issuer_fn" + or + name = "X509_STORE_CTX_get_lookup_certs" + or + name = "X509_STORE_CTX_get_lookup_crls" + or + name = "X509_STORE_CTX_get_num_untrusted" + or + name = "X509_STORE_CTX_get_obj_by_subject" + or + name = "X509_STORE_CTX_get_verify" + or + name = "X509_STORE_CTX_get_verify_cb" + or + name = "X509_STORE_CTX_init" + or + name = "X509_STORE_CTX_init_rpk" + or + name = "X509_STORE_CTX_lookup_certs_fn" + or + name = "X509_STORE_CTX_lookup_crls_fn" + or + name = "X509_STORE_CTX_new" + or + name = "X509_STORE_CTX_new_ex" + or + name = "X509_STORE_CTX_print_verify_cb" + or + name = "X509_STORE_CTX_purpose_inherit" + or + name = "X509_STORE_CTX_set0_crls" + or + name = "X509_STORE_CTX_set0_param" + or + name = "X509_STORE_CTX_set0_rpk" + or + name = "X509_STORE_CTX_set0_trusted_stack" + or + name = "X509_STORE_CTX_set0_untrusted" + or + name = "X509_STORE_CTX_set0_verified_chain" + or + name = "X509_STORE_CTX_set_app_data" + or + name = "X509_STORE_CTX_set_cert" + or + name = "X509_STORE_CTX_set_chain" + or + name = "X509_STORE_CTX_set_current_cert" + or + name = "X509_STORE_CTX_set_default" + or + name = "X509_STORE_CTX_set_error" + or + name = "X509_STORE_CTX_set_error_depth" + or + name = "X509_STORE_CTX_set_ex_data" + or + name = "X509_STORE_CTX_set_purpose" + or + name = "X509_STORE_CTX_set_trust" + or + name = "X509_STORE_CTX_set_verify" + or + name = "X509_STORE_CTX_set_verify_cb" + or + name = "X509_STORE_CTX_trusted_stack" + or + name = "X509_STORE_CTX_verify" + or + name = "X509_STORE_CTX_verify_cb" + or + name = "X509_STORE_CTX_verify_fn" + or + name = "X509_STORE_add_cert" + or + name = "X509_STORE_add_crl" + or + name = "X509_STORE_add_lookup" + or + name = "X509_STORE_free" + or + name = "X509_STORE_get0_objects" + or + name = "X509_STORE_get0_param" + or + name = "X509_STORE_get1_all_certs" + or + name = "X509_STORE_get_cert_crl" + or + name = "X509_STORE_get_check_crl" + or + name = "X509_STORE_get_check_issued" + or + name = "X509_STORE_get_check_policy" + or + name = "X509_STORE_get_check_revocation" + or + name = "X509_STORE_get_cleanup" + or + name = "X509_STORE_get_ex_data" + or + name = "X509_STORE_get_ex_new_index" + or + name = "X509_STORE_get_get_crl" + or + name = "X509_STORE_get_get_issuer" + or + name = "X509_STORE_get_lookup_certs" + or + name = "X509_STORE_get_lookup_crls" + or + name = "X509_STORE_get_verify_cb" + or + name = "X509_STORE_load_file" + or + name = "X509_STORE_load_file_ex" + or + name = "X509_STORE_load_locations" + or + name = "X509_STORE_load_locations_ex" + or + name = "X509_STORE_load_path" + or + name = "X509_STORE_load_store" + or + name = "X509_STORE_load_store_ex" + or + name = "X509_STORE_lock" + or + name = "X509_STORE_new" + or + name = "X509_STORE_set1_param" + or + name = "X509_STORE_set_cert_crl" + or + name = "X509_STORE_set_check_crl" + or + name = "X509_STORE_set_check_issued" + or + name = "X509_STORE_set_check_policy" + or + name = "X509_STORE_set_check_revocation" + or + name = "X509_STORE_set_cleanup" + or + name = "X509_STORE_set_default_paths" + or + name = "X509_STORE_set_default_paths_ex" + or + name = "X509_STORE_set_depth" + or + name = "X509_STORE_set_ex_data" + or + name = "X509_STORE_set_flags" + or + name = "X509_STORE_set_get_crl" + or + name = "X509_STORE_set_get_issuer" + or + name = "X509_STORE_set_lookup_certs" + or + name = "X509_STORE_set_lookup_crls" + or + name = "X509_STORE_set_lookup_crls_cb" + or + name = "X509_STORE_set_purpose" + or + name = "X509_STORE_set_trust" + or + name = "X509_STORE_set_verify" + or + name = "X509_STORE_set_verify_cb" + or + name = "X509_STORE_set_verify_cb_func" + or + name = "X509_STORE_set_verify_func" + or + name = "X509_STORE_unlock" + or + name = "X509_STORE_up_ref" + or + name = "X509_VAL_free" + or + name = "X509_VAL_new" + or + name = "X509_VERIFY_PARAM_add0_policy" + or + name = "X509_VERIFY_PARAM_add1_host" + or + name = "X509_VERIFY_PARAM_clear_flags" + or + name = "X509_VERIFY_PARAM_get0_email" + or + name = "X509_VERIFY_PARAM_get0_host" + or + name = "X509_VERIFY_PARAM_get0_peername" + or + name = "X509_VERIFY_PARAM_get1_ip_asc" + or + name = "X509_VERIFY_PARAM_get_auth_level" + or + name = "X509_VERIFY_PARAM_get_depth" + or + name = "X509_VERIFY_PARAM_get_flags" + or + name = "X509_VERIFY_PARAM_get_hostflags" + or + name = "X509_VERIFY_PARAM_get_inh_flags" + or + name = "X509_VERIFY_PARAM_get_time" + or + name = "X509_VERIFY_PARAM_set1_email" + or + name = "X509_VERIFY_PARAM_set1_host" + or + name = "X509_VERIFY_PARAM_set1_ip" + or + name = "X509_VERIFY_PARAM_set1_ip_asc" + or + name = "X509_VERIFY_PARAM_set1_policies" + or + name = "X509_VERIFY_PARAM_set_auth_level" + or + name = "X509_VERIFY_PARAM_set_depth" + or + name = "X509_VERIFY_PARAM_set_flags" + or + name = "X509_VERIFY_PARAM_set_hostflags" + or + name = "X509_VERIFY_PARAM_set_inh_flags" + or + name = "X509_VERIFY_PARAM_set_purpose" + or + name = "X509_VERIFY_PARAM_set_time" + or + name = "X509_VERIFY_PARAM_set_trust" + or + name = "X509_add1_ext_i2d" + or + name = "X509_add_cert" + or + name = "X509_add_certs" + or + name = "X509_add_ext" + or + name = "X509_build_chain" + or + name = "X509_chain_up_ref" + or + name = "X509_check_ca" + or + name = "X509_check_email" + or + name = "X509_check_host" + or + name = "X509_check_ip" + or + name = "X509_check_ip_asc" + or + name = "X509_check_issued" + or + name = "X509_check_private_key" + or + name = "X509_check_purpose" + or + name = "X509_cmp" + or + name = "X509_cmp_current_time" + or + name = "X509_cmp_time" + or + name = "X509_cmp_timeframe" + or + name = "X509_delete_ext" + or + name = "X509_digest" + or + name = "X509_digest_sig" + or + name = "X509_dup" + or + name = "X509_free" + or + name = "X509_get0_authority_issuer" + or + name = "X509_get0_authority_key_id" + or + name = "X509_get0_authority_serial" + or + name = "X509_get0_distinguishing_id" + or + name = "X509_get0_extensions" + or + name = "X509_get0_notAfter" + or + name = "X509_get0_notBefore" + or + name = "X509_get0_pubkey" + or + name = "X509_get0_serialNumber" + or + name = "X509_get0_signature" + or + name = "X509_get0_subject_key_id" + or + name = "X509_get0_tbs_sigalg" + or + name = "X509_get0_uids" + or + name = "X509_get_X509_PUBKEY" + or + name = "X509_get_default_cert_dir" + or + name = "X509_get_default_cert_dir_env" + or + name = "X509_get_default_cert_file" + or + name = "X509_get_default_cert_file_env" + or + name = "X509_get_default_cert_path_env" + or + name = "X509_get_default_cert_uri" + or + name = "X509_get_default_cert_uri_env" + or + name = "X509_get_ex_data" + or + name = "X509_get_ex_new_index" + or + name = "X509_get_ext" + or + name = "X509_get_ext_by_NID" + or + name = "X509_get_ext_by_OBJ" + or + name = "X509_get_ext_by_critical" + or + name = "X509_get_ext_count" + or + name = "X509_get_ext_d2i" + or + name = "X509_get_extended_key_usage" + or + name = "X509_get_extension_flags" + or + name = "X509_get_issuer_name" + or + name = "X509_get_key_usage" + or + name = "X509_get_pathlen" + or + name = "X509_get_proxy_pathlen" + or + name = "X509_get_pubkey" + or + name = "X509_get_serialNumber" + or + name = "X509_get_signature_info" + or + name = "X509_get_signature_nid" + or + name = "X509_get_subject_name" + or + name = "X509_get_version" + or + name = "X509_getm_notAfter" + or + name = "X509_getm_notBefore" + or + name = "X509_gmtime_adj" + or + name = "X509_http_nbio" + or + name = "X509_issuer_and_serial_cmp" + or + name = "X509_issuer_name_cmp" + or + name = "X509_issuer_name_hash" + or + name = "X509_load_cert_crl_file" + or + name = "X509_load_cert_crl_file_ex" + or + name = "X509_load_cert_file" + or + name = "X509_load_cert_file_ex" + or + name = "X509_load_crl_file" + or + name = "X509_load_http" + or + name = "X509_new" + or + name = "X509_new_ex" + or + name = "X509_pubkey_digest" + or + name = "X509_self_signed" + or + name = "X509_set0_distinguishing_id" + or + name = "X509_set1_notAfter" + or + name = "X509_set1_notBefore" + or + name = "X509_set_ex_data" + or + name = "X509_set_issuer_name" + or + name = "X509_set_proxy_flag" + or + name = "X509_set_proxy_pathlen" + or + name = "X509_set_pubkey" + or + name = "X509_set_serialNumber" + or + name = "X509_set_subject_name" + or + name = "X509_set_version" + or + name = "X509_sign" + or + name = "X509_sign_ctx" + or + name = "X509_subject_name_cmp" + or + name = "X509_subject_name_hash" + or + name = "X509_time_adj" + or + name = "X509_time_adj_ex" + or + name = "X509_up_ref" + or + name = "X509_verify" + or + name = "X509_verify_cert" + or + name = "X509_verify_cert_error_string" + or + name = "X509v3_add_ext" + or + name = "X509v3_delete_ext" + or + name = "X509v3_get_ext" + or + name = "X509v3_get_ext_by_NID" + or + name = "X509v3_get_ext_by_OBJ" + or + name = "X509v3_get_ext_by_critical" + or + name = "X509v3_get_ext_count" + or + name = "b2i_PVK_bio" + or + name = "b2i_PVK_bio_ex" + or + name = "bio" + or + name = "blowfish" + or + name = "bn" + or + name = "bn_add_words" + or + name = "bn_check_top" + or + name = "bn_cmp_words" + or + name = "bn_div_words" + or + name = "bn_dump" + or + name = "bn_expand" + or + name = "bn_expand2" + or + name = "bn_fix_top" + or + name = "bn_internal" + or + name = "bn_mul_add_words" + or + name = "bn_mul_comba4" + or + name = "bn_mul_comba8" + or + name = "bn_mul_high" + or + name = "bn_mul_low_normal" + or + name = "bn_mul_low_recursive" + or + name = "bn_mul_normal" + or + name = "bn_mul_part_recursive" + or + name = "bn_mul_recursive" + or + name = "bn_mul_words" + or + name = "bn_print" + or + name = "bn_set_high" + or + name = "bn_set_low" + or + name = "bn_set_max" + or + name = "bn_sqr_comba4" + or + name = "bn_sqr_comba8" + or + name = "bn_sqr_normal" + or + name = "bn_sqr_recursive" + or + name = "bn_sqr_words" + or + name = "bn_sub_words" + or + name = "bn_wexpand" + or + name = "buffer" + or + name = "crypto" + or + name = "custom_ext_add_cb" + or + name = "custom_ext_free_cb" + or + name = "custom_ext_parse_cb" + or + name = "d2i_ACCESS_DESCRIPTION" + or + name = "d2i_ADMISSIONS" + or + name = "d2i_ADMISSION_SYNTAX" + or + name = "d2i_ASIdOrRange" + or + name = "d2i_ASIdentifierChoice" + or + name = "d2i_ASIdentifiers" + or + name = "d2i_ASN1_BIT_STRING" + or + name = "d2i_ASN1_BMPSTRING" + or + name = "d2i_ASN1_ENUMERATED" + or + name = "d2i_ASN1_GENERALIZEDTIME" + or + name = "d2i_ASN1_GENERALSTRING" + or + name = "d2i_ASN1_IA5STRING" + or + name = "d2i_ASN1_INTEGER" + or + name = "d2i_ASN1_NULL" + or + name = "d2i_ASN1_OBJECT" + or + name = "d2i_ASN1_OCTET_STRING" + or + name = "d2i_ASN1_PRINTABLE" + or + name = "d2i_ASN1_PRINTABLESTRING" + or + name = "d2i_ASN1_SEQUENCE_ANY" + or + name = "d2i_ASN1_SET_ANY" + or + name = "d2i_ASN1_T61STRING" + or + name = "d2i_ASN1_TIME" + or + name = "d2i_ASN1_TYPE" + or + name = "d2i_ASN1_UINTEGER" + or + name = "d2i_ASN1_UNIVERSALSTRING" + or + name = "d2i_ASN1_UTCTIME" + or + name = "d2i_ASN1_UTF8STRING" + or + name = "d2i_ASN1_VISIBLESTRING" + or + name = "d2i_ASRange" + or + name = "d2i_AUTHORITY_INFO_ACCESS" + or + name = "d2i_AUTHORITY_KEYID" + or + name = "d2i_AutoPrivateKey" + or + name = "d2i_AutoPrivateKey_ex" + or + name = "d2i_BASIC_CONSTRAINTS" + or + name = "d2i_CERTIFICATEPOLICIES" + or + name = "d2i_CMS_ContentInfo" + or + name = "d2i_CMS_ReceiptRequest" + or + name = "d2i_CMS_bio" + or + name = "d2i_CRL_DIST_POINTS" + or + name = "d2i_DHparams" + or + name = "d2i_DHparams_bio" + or + name = "d2i_DHparams_fp" + or + name = "d2i_DHxparams" + or + name = "d2i_DIRECTORYSTRING" + or + name = "d2i_DISPLAYTEXT" + or + name = "d2i_DIST_POINT" + or + name = "d2i_DIST_POINT_NAME" + or + name = "d2i_DSAPrivateKey" + or + name = "d2i_DSAPrivateKey_bio" + or + name = "d2i_DSAPrivateKey_fp" + or + name = "d2i_DSAPublicKey" + or + name = "d2i_DSA_PUBKEY" + or + name = "d2i_DSA_PUBKEY_bio" + or + name = "d2i_DSA_PUBKEY_fp" + or + name = "d2i_DSA_SIG" + or + name = "d2i_DSAparams" + or + name = "d2i_ECDSA_SIG" + or + name = "d2i_ECPKParameters" + or + name = "d2i_ECPKParameters_bio" + or + name = "d2i_ECPKParameters_fp" + or + name = "d2i_ECParameters" + or + name = "d2i_ECPrivateKey" + or + name = "d2i_ECPrivateKey_bio" + or + name = "d2i_ECPrivateKey_fp" + or + name = "d2i_ECPrivate_key" + or + name = "d2i_EC_PUBKEY" + or + name = "d2i_EC_PUBKEY_bio" + or + name = "d2i_EC_PUBKEY_fp" + or + name = "d2i_EDIPARTYNAME" + or + name = "d2i_ESS_CERT_ID" + or + name = "d2i_ESS_CERT_ID_V2" + or + name = "d2i_ESS_ISSUER_SERIAL" + or + name = "d2i_ESS_SIGNING_CERT" + or + name = "d2i_ESS_SIGNING_CERT_V2" + or + name = "d2i_EXTENDED_KEY_USAGE" + or + name = "d2i_GENERAL_NAME" + or + name = "d2i_GENERAL_NAMES" + or + name = "d2i_IPAddressChoice" + or + name = "d2i_IPAddressFamily" + or + name = "d2i_IPAddressOrRange" + or + name = "d2i_IPAddressRange" + or + name = "d2i_ISSUER_SIGN_TOOL" + or + name = "d2i_ISSUING_DIST_POINT" + or + name = "d2i_KeyParams" + or + name = "d2i_KeyParams_bio" + or + name = "d2i_NAMING_AUTHORITY" + or + name = "d2i_NETSCAPE_CERT_SEQUENCE" + or + name = "d2i_NETSCAPE_SPKAC" + or + name = "d2i_NETSCAPE_SPKI" + or + name = "d2i_NOTICEREF" + or + name = "d2i_Netscape_RSA" + or + name = "d2i_OCSP_BASICRESP" + or + name = "d2i_OCSP_CERTID" + or + name = "d2i_OCSP_CERTSTATUS" + or + name = "d2i_OCSP_CRLID" + or + name = "d2i_OCSP_ONEREQ" + or + name = "d2i_OCSP_REQINFO" + or + name = "d2i_OCSP_REQUEST" + or + name = "d2i_OCSP_RESPBYTES" + or + name = "d2i_OCSP_RESPDATA" + or + name = "d2i_OCSP_RESPID" + or + name = "d2i_OCSP_RESPONSE" + or + name = "d2i_OCSP_REVOKEDINFO" + or + name = "d2i_OCSP_SERVICELOC" + or + name = "d2i_OCSP_SIGNATURE" + or + name = "d2i_OCSP_SINGLERESP" + or + name = "d2i_OSSL_CMP_MSG" + or + name = "d2i_OSSL_CMP_MSG_bio" + or + name = "d2i_OSSL_CMP_PKIHEADER" + or + name = "d2i_OSSL_CMP_PKISI" + or + name = "d2i_OSSL_CRMF_CERTID" + or + name = "d2i_OSSL_CRMF_CERTTEMPLATE" + or + name = "d2i_OSSL_CRMF_ENCRYPTEDVALUE" + or + name = "d2i_OSSL_CRMF_MSG" + or + name = "d2i_OSSL_CRMF_MSGS" + or + name = "d2i_OSSL_CRMF_PBMPARAMETER" + or + name = "d2i_OSSL_CRMF_PKIPUBLICATIONINFO" + or + name = "d2i_OSSL_CRMF_SINGLEPUBINFO" + or + name = "d2i_OTHERNAME" + or + name = "d2i_PBE2PARAM" + or + name = "d2i_PBEPARAM" + or + name = "d2i_PBKDF2PARAM" + or + name = "d2i_PKCS12" + or + name = "d2i_PKCS12_BAGS" + or + name = "d2i_PKCS12_MAC_DATA" + or + name = "d2i_PKCS12_SAFEBAG" + or + name = "d2i_PKCS12_bio" + or + name = "d2i_PKCS12_fp" + or + name = "d2i_PKCS7" + or + name = "d2i_PKCS7_DIGEST" + or + name = "d2i_PKCS7_ENCRYPT" + or + name = "d2i_PKCS7_ENC_CONTENT" + or + name = "d2i_PKCS7_ENVELOPE" + or + name = "d2i_PKCS7_ISSUER_AND_SERIAL" + or + name = "d2i_PKCS7_RECIP_INFO" + or + name = "d2i_PKCS7_SIGNED" + or + name = "d2i_PKCS7_SIGNER_INFO" + or + name = "d2i_PKCS7_SIGN_ENVELOPE" + or + name = "d2i_PKCS7_bio" + or + name = "d2i_PKCS7_fp" + or + name = "d2i_PKCS8PrivateKey" + or + name = "d2i_PKCS8PrivateKey_bio" + or + name = "d2i_PKCS8PrivateKey_fp" + or + name = "d2i_PKCS8_PRIV_KEY_INFO" + or + name = "d2i_PKCS8_PRIV_KEY_INFO_bio" + or + name = "d2i_PKCS8_PRIV_KEY_INFO_fp" + or + name = "d2i_PKCS8_bio" + or + name = "d2i_PKCS8_fp" + or + name = "d2i_PKEY_USAGE_PERIOD" + or + name = "d2i_POLICYINFO" + or + name = "d2i_POLICYQUALINFO" + or + name = "d2i_PROFESSION_INFO" + or + name = "d2i_PROXY_CERT_INFO_EXTENSION" + or + name = "d2i_PROXY_POLICY" + or + name = "d2i_PUBKEY" + or + name = "d2i_PUBKEY_bio" + or + name = "d2i_PUBKEY_ex" + or + name = "d2i_PUBKEY_ex_bio" + or + name = "d2i_PUBKEY_ex_fp" + or + name = "d2i_PUBKEY_fp" + or + name = "d2i_PrivateKey" + or + name = "d2i_PrivateKey_bio" + or + name = "d2i_PrivateKey_ex" + or + name = "d2i_PrivateKey_ex_bio" + or + name = "d2i_PrivateKey_ex_fp" + or + name = "d2i_PrivateKey_fp" + or + name = "d2i_Private_key" + or + name = "d2i_PublicKey" + or + name = "d2i_RSAPrivateKey" + or + name = "d2i_RSAPrivateKey_bio" + or + name = "d2i_RSAPrivateKey_fp" + or + name = "d2i_RSAPublicKey" + or + name = "d2i_RSAPublicKey_bio" + or + name = "d2i_RSAPublicKey_fp" + or + name = "d2i_RSA_OAEP_PARAMS" + or + name = "d2i_RSA_PSS_PARAMS" + or + name = "d2i_RSA_PUBKEY" + or + name = "d2i_RSA_PUBKEY_bio" + or + name = "d2i_RSA_PUBKEY_fp" + or + name = "d2i_SCRYPT_PARAMS" + or + name = "d2i_SCT_LIST" + or + name = "d2i_SSL_SESSION" + or + name = "d2i_SSL_SESSION_ex" + or + name = "d2i_SXNET" + or + name = "d2i_SXNETID" + or + name = "d2i_TS_ACCURACY" + or + name = "d2i_TS_MSG_IMPRINT" + or + name = "d2i_TS_MSG_IMPRINT_bio" + or + name = "d2i_TS_MSG_IMPRINT_fp" + or + name = "d2i_TS_REQ" + or + name = "d2i_TS_REQ_bio" + or + name = "d2i_TS_REQ_fp" + or + name = "d2i_TS_RESP" + or + name = "d2i_TS_RESP_bio" + or + name = "d2i_TS_RESP_fp" + or + name = "d2i_TS_STATUS_INFO" + or + name = "d2i_TS_TST_INFO" + or + name = "d2i_TS_TST_INFO_bio" + or + name = "d2i_TS_TST_INFO_fp" + or + name = "d2i_USERNOTICE" + or + name = "d2i_X509" + or + name = "d2i_X509_ALGOR" + or + name = "d2i_X509_ALGORS" + or + name = "d2i_X509_ATTRIBUTE" + or + name = "d2i_X509_AUX" + or + name = "d2i_X509_CERT_AUX" + or + name = "d2i_X509_CINF" + or + name = "d2i_X509_CRL" + or + name = "d2i_X509_CRL_INFO" + or + name = "d2i_X509_CRL_bio" + or + name = "d2i_X509_CRL_fp" + or + name = "d2i_X509_EXTENSION" + or + name = "d2i_X509_EXTENSIONS" + or + name = "d2i_X509_NAME" + or + name = "d2i_X509_NAME_ENTRY" + or + name = "d2i_X509_PUBKEY" + or + name = "d2i_X509_PUBKEY_bio" + or + name = "d2i_X509_PUBKEY_fp" + or + name = "d2i_X509_REQ" + or + name = "d2i_X509_REQ_INFO" + or + name = "d2i_X509_REQ_bio" + or + name = "d2i_X509_REQ_fp" + or + name = "d2i_X509_REVOKED" + or + name = "d2i_X509_SIG" + or + name = "d2i_X509_VAL" + or + name = "d2i_X509_bio" + or + name = "d2i_X509_fp" + or + name = "des" + or + name = "des_read_2passwords" + or + name = "des_read_password" + or + name = "des_read_pw" + or + name = "des_read_pw_string" + or + name = "dh" + or + name = "dsa" + or + name = "ec" + or + name = "ecdsa" + or + name = "engine" + or + name = "err" + or + name = "evp" + or + name = "hmac" + or + name = "i2b_PVK_bio" + or + name = "i2b_PVK_bio_ex" + or + name = "i2d_ACCESS_DESCRIPTION" + or + name = "i2d_ADMISSIONS" + or + name = "i2d_ADMISSION_SYNTAX" + or + name = "i2d_ASIdOrRange" + or + name = "i2d_ASIdentifierChoice" + or + name = "i2d_ASIdentifiers" + or + name = "i2d_ASN1_BIT_STRING" + or + name = "i2d_ASN1_BMPSTRING" + or + name = "i2d_ASN1_ENUMERATED" + or + name = "i2d_ASN1_GENERALIZEDTIME" + or + name = "i2d_ASN1_GENERALSTRING" + or + name = "i2d_ASN1_IA5STRING" + or + name = "i2d_ASN1_INTEGER" + or + name = "i2d_ASN1_NULL" + or + name = "i2d_ASN1_OBJECT" + or + name = "i2d_ASN1_OCTET_STRING" + or + name = "i2d_ASN1_PRINTABLE" + or + name = "i2d_ASN1_PRINTABLESTRING" + or + name = "i2d_ASN1_SEQUENCE_ANY" + or + name = "i2d_ASN1_SET_ANY" + or + name = "i2d_ASN1_T61STRING" + or + name = "i2d_ASN1_TIME" + or + name = "i2d_ASN1_TYPE" + or + name = "i2d_ASN1_UNIVERSALSTRING" + or + name = "i2d_ASN1_UTCTIME" + or + name = "i2d_ASN1_UTF8STRING" + or + name = "i2d_ASN1_VISIBLESTRING" + or + name = "i2d_ASN1_bio_stream" + or + name = "i2d_ASRange" + or + name = "i2d_AUTHORITY_INFO_ACCESS" + or + name = "i2d_AUTHORITY_KEYID" + or + name = "i2d_BASIC_CONSTRAINTS" + or + name = "i2d_CERTIFICATEPOLICIES" + or + name = "i2d_CMS_ContentInfo" + or + name = "i2d_CMS_ReceiptRequest" + or + name = "i2d_CMS_bio" + or + name = "i2d_CMS_bio_stream" + or + name = "i2d_CRL_DIST_POINTS" + or + name = "i2d_DHparams" + or + name = "i2d_DHparams_bio" + or + name = "i2d_DHparams_fp" + or + name = "i2d_DHxparams" + or + name = "i2d_DIRECTORYSTRING" + or + name = "i2d_DISPLAYTEXT" + or + name = "i2d_DIST_POINT" + or + name = "i2d_DIST_POINT_NAME" + or + name = "i2d_DSAPrivateKey" + or + name = "i2d_DSAPrivateKey_bio" + or + name = "i2d_DSAPrivateKey_fp" + or + name = "i2d_DSAPublicKey" + or + name = "i2d_DSA_PUBKEY" + or + name = "i2d_DSA_PUBKEY_bio" + or + name = "i2d_DSA_PUBKEY_fp" + or + name = "i2d_DSA_SIG" + or + name = "i2d_DSAparams" + or + name = "i2d_ECDSA_SIG" + or + name = "i2d_ECPKParameters" + or + name = "i2d_ECPKParameters_bio" + or + name = "i2d_ECPKParameters_fp" + or + name = "i2d_ECParameters" + or + name = "i2d_ECPrivateKey" + or + name = "i2d_ECPrivateKey_bio" + or + name = "i2d_ECPrivateKey_fp" + or + name = "i2d_EC_PUBKEY" + or + name = "i2d_EC_PUBKEY_bio" + or + name = "i2d_EC_PUBKEY_fp" + or + name = "i2d_EDIPARTYNAME" + or + name = "i2d_ESS_CERT_ID" + or + name = "i2d_ESS_CERT_ID_V2" + or + name = "i2d_ESS_ISSUER_SERIAL" + or + name = "i2d_ESS_SIGNING_CERT" + or + name = "i2d_ESS_SIGNING_CERT_V2" + or + name = "i2d_EXTENDED_KEY_USAGE" + or + name = "i2d_GENERAL_NAME" + or + name = "i2d_GENERAL_NAMES" + or + name = "i2d_IPAddressChoice" + or + name = "i2d_IPAddressFamily" + or + name = "i2d_IPAddressOrRange" + or + name = "i2d_IPAddressRange" + or + name = "i2d_ISSUER_SIGN_TOOL" + or + name = "i2d_ISSUING_DIST_POINT" + or + name = "i2d_KeyParams" + or + name = "i2d_KeyParams_bio" + or + name = "i2d_NAMING_AUTHORITY" + or + name = "i2d_NETSCAPE_CERT_SEQUENCE" + or + name = "i2d_NETSCAPE_SPKAC" + or + name = "i2d_NETSCAPE_SPKI" + or + name = "i2d_NOTICEREF" + or + name = "i2d_Netscape_RSA" + or + name = "i2d_OCSP_BASICRESP" + or + name = "i2d_OCSP_CERTID" + or + name = "i2d_OCSP_CERTSTATUS" + or + name = "i2d_OCSP_CRLID" + or + name = "i2d_OCSP_ONEREQ" + or + name = "i2d_OCSP_REQINFO" + or + name = "i2d_OCSP_REQUEST" + or + name = "i2d_OCSP_RESPBYTES" + or + name = "i2d_OCSP_RESPDATA" + or + name = "i2d_OCSP_RESPID" + or + name = "i2d_OCSP_RESPONSE" + or + name = "i2d_OCSP_REVOKEDINFO" + or + name = "i2d_OCSP_SERVICELOC" + or + name = "i2d_OCSP_SIGNATURE" + or + name = "i2d_OCSP_SINGLERESP" + or + name = "i2d_OSSL_CMP_MSG" + or + name = "i2d_OSSL_CMP_MSG_bio" + or + name = "i2d_OSSL_CMP_PKIHEADER" + or + name = "i2d_OSSL_CMP_PKISI" + or + name = "i2d_OSSL_CRMF_CERTID" + or + name = "i2d_OSSL_CRMF_CERTTEMPLATE" + or + name = "i2d_OSSL_CRMF_ENCRYPTEDVALUE" + or + name = "i2d_OSSL_CRMF_MSG" + or + name = "i2d_OSSL_CRMF_MSGS" + or + name = "i2d_OSSL_CRMF_PBMPARAMETER" + or + name = "i2d_OSSL_CRMF_PKIPUBLICATIONINFO" + or + name = "i2d_OSSL_CRMF_SINGLEPUBINFO" + or + name = "i2d_OTHERNAME" + or + name = "i2d_PBE2PARAM" + or + name = "i2d_PBEPARAM" + or + name = "i2d_PBKDF2PARAM" + or + name = "i2d_PKCS12" + or + name = "i2d_PKCS12_BAGS" + or + name = "i2d_PKCS12_MAC_DATA" + or + name = "i2d_PKCS12_SAFEBAG" + or + name = "i2d_PKCS12_bio" + or + name = "i2d_PKCS12_fp" + or + name = "i2d_PKCS7" + or + name = "i2d_PKCS7_DIGEST" + or + name = "i2d_PKCS7_ENCRYPT" + or + name = "i2d_PKCS7_ENC_CONTENT" + or + name = "i2d_PKCS7_ENVELOPE" + or + name = "i2d_PKCS7_ISSUER_AND_SERIAL" + or + name = "i2d_PKCS7_NDEF" + or + name = "i2d_PKCS7_RECIP_INFO" + or + name = "i2d_PKCS7_SIGNED" + or + name = "i2d_PKCS7_SIGNER_INFO" + or + name = "i2d_PKCS7_SIGN_ENVELOPE" + or + name = "i2d_PKCS7_bio" + or + name = "i2d_PKCS7_bio_stream" + or + name = "i2d_PKCS7_fp" + or + name = "i2d_PKCS8PrivateKeyInfo_bio" + or + name = "i2d_PKCS8PrivateKeyInfo_fp" + or + name = "i2d_PKCS8PrivateKey_bio" + or + name = "i2d_PKCS8PrivateKey_fp" + or + name = "i2d_PKCS8PrivateKey_nid_bio" + or + name = "i2d_PKCS8PrivateKey_nid_fp" + or + name = "i2d_PKCS8_PRIV_KEY_INFO" + or + name = "i2d_PKCS8_PRIV_KEY_INFO_bio" + or + name = "i2d_PKCS8_PRIV_KEY_INFO_fp" + or + name = "i2d_PKCS8_bio" + or + name = "i2d_PKCS8_fp" + or + name = "i2d_PKEY_USAGE_PERIOD" + or + name = "i2d_POLICYINFO" + or + name = "i2d_POLICYQUALINFO" + or + name = "i2d_PROFESSION_INFO" + or + name = "i2d_PROXY_CERT_INFO_EXTENSION" + or + name = "i2d_PROXY_POLICY" + or + name = "i2d_PUBKEY" + or + name = "i2d_PUBKEY_bio" + or + name = "i2d_PUBKEY_fp" + or + name = "i2d_PrivateKey" + or + name = "i2d_PrivateKey_bio" + or + name = "i2d_PrivateKey_fp" + or + name = "i2d_PublicKey" + or + name = "i2d_RSAPrivateKey" + or + name = "i2d_RSAPrivateKey_bio" + or + name = "i2d_RSAPrivateKey_fp" + or + name = "i2d_RSAPublicKey" + or + name = "i2d_RSAPublicKey_bio" + or + name = "i2d_RSAPublicKey_fp" + or + name = "i2d_RSA_OAEP_PARAMS" + or + name = "i2d_RSA_PSS_PARAMS" + or + name = "i2d_RSA_PUBKEY" + or + name = "i2d_RSA_PUBKEY_bio" + or + name = "i2d_RSA_PUBKEY_fp" + or + name = "i2d_SCRYPT_PARAMS" + or + name = "i2d_SCT_LIST" + or + name = "i2d_SSL_SESSION" + or + name = "i2d_SXNET" + or + name = "i2d_SXNETID" + or + name = "i2d_TS_ACCURACY" + or + name = "i2d_TS_MSG_IMPRINT" + or + name = "i2d_TS_MSG_IMPRINT_bio" + or + name = "i2d_TS_MSG_IMPRINT_fp" + or + name = "i2d_TS_REQ" + or + name = "i2d_TS_REQ_bio" + or + name = "i2d_TS_REQ_fp" + or + name = "i2d_TS_RESP" + or + name = "i2d_TS_RESP_bio" + or + name = "i2d_TS_RESP_fp" + or + name = "i2d_TS_STATUS_INFO" + or + name = "i2d_TS_TST_INFO" + or + name = "i2d_TS_TST_INFO_bio" + or + name = "i2d_TS_TST_INFO_fp" + or + name = "i2d_USERNOTICE" + or + name = "i2d_X509" + or + name = "i2d_X509_ALGOR" + or + name = "i2d_X509_ALGORS" + or + name = "i2d_X509_ATTRIBUTE" + or + name = "i2d_X509_AUX" + or + name = "i2d_X509_CERT_AUX" + or + name = "i2d_X509_CINF" + or + name = "i2d_X509_CRL" + or + name = "i2d_X509_CRL_INFO" + or + name = "i2d_X509_CRL_bio" + or + name = "i2d_X509_CRL_fp" + or + name = "i2d_X509_EXTENSION" + or + name = "i2d_X509_EXTENSIONS" + or + name = "i2d_X509_NAME" + or + name = "i2d_X509_NAME_ENTRY" + or + name = "i2d_X509_PUBKEY" + or + name = "i2d_X509_PUBKEY_bio" + or + name = "i2d_X509_PUBKEY_fp" + or + name = "i2d_X509_REQ" + or + name = "i2d_X509_REQ_INFO" + or + name = "i2d_X509_REQ_bio" + or + name = "i2d_X509_REQ_fp" + or + name = "i2d_X509_REVOKED" + or + name = "i2d_X509_SIG" + or + name = "i2d_X509_VAL" + or + name = "i2d_X509_bio" + or + name = "i2d_X509_fp" + or + name = "i2d_re_X509_CRL_tbs" + or + name = "i2d_re_X509_REQ_tbs" + or + name = "i2d_re_X509_tbs" + or + name = "i2o_SCT" + or + name = "i2o_SCT_LIST" + or + name = "i2s_ASN1_ENUMERATED" + or + name = "i2s_ASN1_ENUMERATED_TABLE" + or + name = "i2s_ASN1_IA5STRING" + or + name = "i2s_ASN1_INTEGER" + or + name = "i2s_ASN1_OCTET_STRING" + or + name = "i2s_ASN1_UTF8STRING" + or + name = "i2t_ASN1_OBJECT" + or + name = "lh_TYPE_delete" + or + name = "lh_TYPE_doall" + or + name = "lh_TYPE_doall_arg" + or + name = "lh_TYPE_error" + or + name = "lh_TYPE_flush" + or + name = "lh_TYPE_free" + or + name = "lh_TYPE_insert" + or + name = "lh_TYPE_new" + or + name = "lh_TYPE_retrieve" + or + name = "lh_delete" + or + name = "lh_doall" + or + name = "lh_doall_arg" + or + name = "lh_error" + or + name = "lh_free" + or + name = "lh_insert" + or + name = "lh_new" + or + name = "lh_node_stats" + or + name = "lh_node_stats_bio" + or + name = "lh_node_usage_stats" + or + name = "lh_node_usage_stats_bio" + or + name = "lh_retrieve" + or + name = "lh_stats" + or + name = "lh_stats_bio" + or + name = "lhash" + or + name = "md5" + or + name = "mdc2" + or + name = "o2i_SCT" + or + name = "o2i_SCT_LIST" + or + name = "pem" + or + name = "pem_password_cb" + or + name = "rand" + or + name = "rc4" + or + name = "ripemd" + or + name = "rsa" + or + name = "s2i_ASN1_IA5STRING" + or + name = "s2i_ASN1_INTEGER" + or + name = "s2i_ASN1_OCTET_STRING" + or + name = "s2i_ASN1_UTF8STRING" + or + name = "sha" + or + name = "sk_TYPE_deep_copy" + or + name = "sk_TYPE_delete" + or + name = "sk_TYPE_delete_ptr" + or + name = "sk_TYPE_dup" + or + name = "sk_TYPE_find" + or + name = "sk_TYPE_find_all" + or + name = "sk_TYPE_find_ex" + or + name = "sk_TYPE_free" + or + name = "sk_TYPE_insert" + or + name = "sk_TYPE_is_sorted" + or + name = "sk_TYPE_new" + or + name = "sk_TYPE_new_null" + or + name = "sk_TYPE_new_reserve" + or + name = "sk_TYPE_num" + or + name = "sk_TYPE_pop" + or + name = "sk_TYPE_pop_free" + or + name = "sk_TYPE_push" + or + name = "sk_TYPE_reserve" + or + name = "sk_TYPE_set" + or + name = "sk_TYPE_set_cmp_func" + or + name = "sk_TYPE_shift" + or + name = "sk_TYPE_sort" + or + name = "sk_TYPE_unshift" + or + name = "sk_TYPE_value" + or + name = "sk_TYPE_zero" + or + name = "ssl" + or + name = "ssl_ct_validation_cb" + or + name = "threads" + or + name = "ui" + or + name = "ui_compat" + or + name = "x509" +} diff --git a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll new file mode 100644 index 00000000000..f772f85afb1 --- /dev/null +++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll @@ -0,0 +1,59 @@ +import cpp +import experimental.cryptography.utils.OpenSSL.LibraryFunction +import semmle.code.cpp.ir.dataflow.DataFlow + +// TODO: possible use of extensible predicates here +// NOTE: -1 for outInd represents the return value +predicate knownPassthroughFunction(Function f, int inInd, int outInd) { + // Trace through functions + // See https://www.openssl.org/docs/man1.1.1/man3/OBJ_obj2txt + // https://www.openssl.org/docs/man3.0/man3/EVP_CIPHER_get0_name + openSSLLibraryFunc(f) and + ( + f.getName() in [ + "OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn", "OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", + "OBJ_txt2nid", "OBJ_txt2obj", "OBJ_dup", "EVP_CIPHER_get0_name" + ] and + inInd = 0 and + outInd = -1 + or + f.getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and + inInd = 2 and + outInd = 0 + or + // Dup/copy pattern occurs in more places, + //see: https://www.openssl.org/docs/manmaster/man3/EC_KEY_copy.html and https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_dup.html + f.getName().matches("%_dup") and inInd = 0 and outInd = -1 + or + f.getName().matches("%_copy") and inInd = 0 and outInd = -1 + ) +} + +/** + * `c` is a call to a function that preserves the algorithm but changes its form. + * `onExpr` is the input argument passing through to, `outExpr` is the next expression in a dataflow step associated with `c` + */ +predicate knownPassthoughCall(Call c, Expr inExpr, Expr outExpr) { + exists(int inInd, int outInd | + knownPassthroughFunction(c.getTarget(), inInd, outInd) and + inExpr = c.getArgument(inInd) and + if outInd = -1 then outExpr = c else outExpr = c.getArgument(outInd) + ) +} + +/* + * Explicitly add flow through openssl functions that preserve the algorithm but alter the form (e.g., from NID to string) + */ + +predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(Expr cur, Expr next | + (cur = node1.asExpr() or cur = node1.asIndirectArgument()) and + ( + next = node2.asExpr() or + next = node2.asIndirectArgument() or + next = node2.asDefiningArgument() + ) + | + exists(Call c | knownPassthoughCall(c, cur, next)) + ) +} diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 1a8ab0be7bb..cb5488af594 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.9.2-dev +version: 0.10.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll b/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll index df52735f653..12434f17f01 100644 --- a/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll +++ b/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll @@ -158,9 +158,7 @@ class NameQualifyingElement extends Element, @namequalifyingelement { /** * A special name-qualifying element. For example: `__super`. */ -library class SpecialNameQualifyingElement extends NameQualifyingElement, - @specialnamequalifyingelement -{ +class SpecialNameQualifyingElement extends NameQualifyingElement, @specialnamequalifyingelement { /** Gets the name of this special qualifying element. */ override string getName() { specialnamequalifyingelements(underlyingElement(this), result) } diff --git a/cpp/ql/lib/semmle/code/cpp/Type.qll b/cpp/ql/lib/semmle/code/cpp/Type.qll index 43757ce0b2d..16d589e9995 100644 --- a/cpp/ql/lib/semmle/code/cpp/Type.qll +++ b/cpp/ql/lib/semmle/code/cpp/Type.qll @@ -819,6 +819,30 @@ private predicate floatingPointTypeMapping( or // _Complex _Float16 kind = 53 and base = 2 and domain = TComplexDomain() and realKind = 52 and extended = false + or + // __fp16 + kind = 54 and base = 2 and domain = TRealDomain() and realKind = 54 and extended = false + or + // __bf16 + kind = 55 and base = 2 and domain = TRealDomain() and realKind = 55 and extended = false + or + // std::float16_t + kind = 56 and base = 2 and domain = TRealDomain() and realKind = 56 and extended = false + or + // _Complex _Float32 + kind = 57 and base = 2 and domain = TComplexDomain() and realKind = 45 and extended = false + or + // _Complex _Float32x + kind = 58 and base = 2 and domain = TComplexDomain() and realKind = 46 and extended = true + or + // _Complex _Float64 + kind = 59 and base = 2 and domain = TComplexDomain() and realKind = 47 and extended = false + or + // _Complex _Float64x + kind = 60 and base = 2 and domain = TComplexDomain() and realKind = 48 and extended = true + or + // _Complex _Float128 + kind = 61 and base = 2 and domain = TComplexDomain() and realKind = 49 and extended = false } /** diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll index 1c557af797e..6bf7764d7e9 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll @@ -73,6 +73,10 @@ private int isSource(Expr bufferExpr, Element why) { ) } +/** Same as `getBufferSize`, but with the `why` column projected away to prevent large duplications. */ +pragma[nomagic] +int getBufferSizeProj(Expr bufferExpr) { result = getBufferSize(bufferExpr, _) } + /** * Get the size in bytes of the buffer pointed to by an expression (if this can be determined). */ @@ -87,7 +91,7 @@ int getBufferSize(Expr bufferExpr, Element why) { why = bufferVar and parentPtr = bufferExpr.(VariableAccess).getQualifier() and parentPtr.getTarget().getUnspecifiedType().(PointerType).getBaseType() = parentClass and - result = getBufferSize(parentPtr, _) + bufferSize - parentClass.getSize() + result = getBufferSizeProj(parentPtr) + bufferSize - parentClass.getSize() | if exists(bufferVar.getType().getSize()) then bufferSize = bufferVar.getType().getSize() @@ -95,7 +99,6 @@ int getBufferSize(Expr bufferExpr, Element why) { ) or // dataflow (all sources must be the same size) - result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSize(def, _)) and - // find reason + result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSizeProj(def)) and exists(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | exists(getBufferSize(def, why))) } diff --git a/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll b/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll index 40689adda30..a2ae417b99e 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll @@ -27,9 +27,6 @@ predicate canValueFlow(Expr fromExpr, Expr toExpr) { fromExpr = toExpr.(ConditionalExpr).getElse() } -/** DEPRECATED: Alias for AnalyzedString */ -deprecated class AnalysedString = AnalyzedString; - /** * An analyzed null terminated string. */ diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll index 6a18f6cc149..10ae0ef0fe6 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll @@ -78,7 +78,7 @@ predicate parameterUsePair(Parameter p, VariableAccess va) { /** * Utility class: A definition or use of a stack variable. */ -library class DefOrUse extends ControlFlowNodeBase { +class DefOrUse extends ControlFlowNodeBase { DefOrUse() { // Uninstantiated templates are purely syntax, and only on instantiation // will they be complete with information about types, conversions, call @@ -140,7 +140,7 @@ library class DefOrUse extends ControlFlowNodeBase { } /** A definition of a stack variable. */ -library class Def extends DefOrUse { +class Def extends DefOrUse { Def() { definition(_, this) } override SemanticStackVariable getVariable(boolean isDef) { @@ -155,7 +155,7 @@ private predicate parameterIsOverwritten(Function f, Parameter p) { } /** A definition of a parameter. */ -library class ParameterDef extends DefOrUse { +class ParameterDef extends DefOrUse { ParameterDef() { // Optimization: parameters that are not overwritten do not require // reachability analysis @@ -169,7 +169,7 @@ library class ParameterDef extends DefOrUse { } /** A use of a stack variable. */ -library class Use extends DefOrUse { +class Use extends DefOrUse { Use() { useOfVar(_, this) } override SemanticStackVariable getVariable(boolean isDef) { diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/SSA.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/SSA.qll index f9dad008661..1e0b39be1ac 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/SSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/SSA.qll @@ -10,7 +10,7 @@ import SSAUtils * The SSA logic comes in two versions: the standard SSA and range-analysis RangeSSA. * This class provides the standard SSA logic. */ -library class StandardSsa extends SsaHelper { +class StandardSsa extends SsaHelper { StandardSsa() { this = 0 } } diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll index 5e9f85581b8..137136a281e 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll @@ -114,7 +114,7 @@ private predicate live_at_exit_of_bb(StackVariable v, BasicBlock b) { /** Common SSA logic for standard SSA and range-analysis SSA. */ cached -library class SsaHelper extends int { +class SsaHelper extends int { /* 0 = StandardSSA, 1 = RangeSSA */ cached SsaHelper() { this in [0 .. 1] } diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll index 4930282c8bf..dfb5782238b 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll @@ -366,12 +366,12 @@ class CompileTimeConstantInt extends Expr { int getIntValue() { result = val } } -library class CompileTimeVariableExpr extends Expr { +class CompileTimeVariableExpr extends Expr { CompileTimeVariableExpr() { not this instanceof CompileTimeConstantInt } } /** A helper class for evaluation of expressions. */ -library class ExprEvaluator extends int { +class ExprEvaluator extends int { /* * 0 = ConditionEvaluator, * 1 = SwitchEvaluator, @@ -956,7 +956,7 @@ private predicate returnStmt(Function f, Expr value) { } /** A helper class for evaluation of conditions. */ -library class ConditionEvaluator extends ExprEvaluator { +class ConditionEvaluator extends ExprEvaluator { ConditionEvaluator() { this = 0 } override predicate interesting(Expr e) { @@ -967,7 +967,7 @@ library class ConditionEvaluator extends ExprEvaluator { } /** A helper class for evaluation of switch expressions. */ -library class SwitchEvaluator extends ExprEvaluator { +class SwitchEvaluator extends ExprEvaluator { SwitchEvaluator() { this = 1 } override predicate interesting(Expr e) { e = getASwitchExpr(_, _) } @@ -976,7 +976,7 @@ library class SwitchEvaluator extends ExprEvaluator { private int getSwitchValue(Expr e) { exists(SwitchEvaluator x | result = x.getValue(e)) } /** A helper class for evaluation of loop entry conditions. */ -library class LoopEntryConditionEvaluator extends ExprEvaluator { +class LoopEntryConditionEvaluator extends ExprEvaluator { LoopEntryConditionEvaluator() { this in [2 .. 3] } abstract override predicate interesting(Expr e); @@ -1149,7 +1149,7 @@ library class LoopEntryConditionEvaluator extends ExprEvaluator { } /** A helper class for evaluation of while-loop entry conditions. */ -library class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator { +class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator { WhileLoopEntryConditionEvaluator() { this = 2 } override predicate interesting(Expr e) { exists(WhileStmt while | e = while.getCondition()) } @@ -1162,7 +1162,7 @@ library class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluat } /** A helper class for evaluation of for-loop entry conditions. */ -library class ForLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator { +class ForLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator { ForLoopEntryConditionEvaluator() { this = 3 } override predicate interesting(Expr e) { exists(ForStmt for | e = for.getCondition()) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index bf5a54cd05d..10338b18927 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -874,28 +874,3 @@ module BarrierGuard { ) } } - -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends GuardCondition { - /** Override this predicate to hold if this guard validates `e` upon evaluating to `b`. */ - abstract predicate checks(Expr e, boolean b); - - /** Gets a node guarded by this guard. */ - final ExprNode getAGuardedNode() { - exists(SsaDefinition def, Variable v, boolean branch | - result.getExpr() = def.getAUse(v) and - this.checks(def.getAUse(v), branch) and - this.controls(result.getExpr().getBasicBlock(), branch) - ) - } -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll index 9774ad7168b..86c64edc847 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll @@ -7,9 +7,12 @@ private import DataFlowImplCommon as DataFlowImplCommon /** * Gets a function that might be called by `call`. + * + * This predicate does not take additional call targets + * from `AdditionalCallTarget` into account. */ cached -DataFlowCallable viableCallable(DataFlowCall call) { +DataFlowCallable defaultViableCallable(DataFlowCall call) { DataFlowImplCommon::forceCachingInSameStage() and result = call.getStaticCallTarget() or @@ -29,6 +32,17 @@ DataFlowCallable viableCallable(DataFlowCall call) { result = call.(VirtualDispatch::DataSensitiveCall).resolve() } +/** + * Gets a function that might be called by `call`. + */ +cached +DataFlowCallable viableCallable(DataFlowCall call) { + result = defaultViableCallable(call) + or + // Additional call targets + result = any(AdditionalCallTarget additional).viableTarget(call.getUnconvertedResultExpression()) +} + /** * Provides virtual dispatch support compatible with the original * implementation of `semmle.code.cpp.security.TaintTracking`. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 066e177fea0..fa54c9c736a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -555,7 +555,7 @@ predicate instructionForFullyConvertedCall(Instruction instr, CallInstruction ca } /** Holds if `node` represents the output node for `call`. */ -private predicate simpleOutNode(Node node, CallInstruction call) { +predicate simpleOutNode(Node node, CallInstruction call) { operandForFullyConvertedCall(node.asOperand(), call) or instructionForFullyConvertedCall(node.asInstruction(), call) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index db95fa94f9f..992e995094e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -14,6 +14,7 @@ private import DataFlowPrivate private import ModelUtil private import SsaInternals as Ssa private import DataFlowImplCommon as DataFlowImplCommon +private import codeql.util.Unit /** * The IR dataflow graph consists of the following nodes: @@ -1696,16 +1697,7 @@ private module Cached { // Reverse flow: data that flows from the definition node back into the indirection returned // by a function. This allows data to flow 'in' through references returned by a modeled // function such as `operator[]`. - exists(Operand address, int indirectionIndex | - nodeHasOperand(nodeTo.(IndirectReturnOutNode), address, indirectionIndex) - | - exists(StoreInstruction store | - nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and - store.getDestinationAddressOperand() = address - ) - or - Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex) - ) + reverseFlow(nodeFrom, nodeTo) } private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) { @@ -1736,6 +1728,39 @@ private module Cached { ) ) } + + private predicate reverseFlow(Node nodeFrom, Node nodeTo) { + reverseFlowOperand(nodeFrom, nodeTo) + or + reverseFlowInstruction(nodeFrom, nodeTo) + } + + private predicate reverseFlowOperand(Node nodeFrom, IndirectReturnOutNode nodeTo) { + exists(Operand address, int indirectionIndex | + nodeHasOperand(nodeTo, address, indirectionIndex) + | + exists(StoreInstruction store | + nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and + store.getDestinationAddressOperand() = address + ) + or + // We also want a write coming out of an `OutNode` to flow `nodeTo`. + // This is different from `reverseFlowInstruction` since `nodeFrom` can never + // be an `OutNode` when it's defined by an instruction. + Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex) + ) + } + + private predicate reverseFlowInstruction(Node nodeFrom, IndirectReturnOutNode nodeTo) { + exists(Instruction address, int indirectionIndex | + nodeHasInstruction(nodeTo, address, indirectionIndex) + | + exists(StoreInstruction store | + nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and + store.getDestinationAddress() = address + ) + ) + } } import Cached @@ -2215,33 +2240,41 @@ module InstructionBarrierGuard @compilation - 9948 + 9704 @externalDataElement @@ -18,71 +18,71 @@ @location_default - 29769315 + 29768422 @location_stmt - 3813678 + 3814079 @location_expr - 13166528 + 13167909 @diagnostic - 72036 + 5200 @file - 123102 + 122996 @folder - 15387 + 15374 @macro_expansion - 33954616 + 33130540 @other_macro_reference - 857985 + 857248 @function - 4638253 + 4640789 @fun_decl - 5001965 + 5004188 @var_decl - 8416189 + 8413615 @type_decl - 3241228 + 3238442 @namespace_decl - 308863 + 308610 @using - 369307 + 368989 @static_assert - 130544 + 133393 @parameter - 6569654 + 6568667 @membervariable - 1052983 + 1053094 @globalvariable @@ -90,235 +90,267 @@ @localvariable - 581199 + 581163 @enumconstant - 241278 + 241303 @errortype - 466 + 465 @unknowntype - 466 + 465 @void - 466 + 465 @boolean - 466 + 465 @char - 466 + 465 @unsigned_char - 466 + 465 @signed_char - 466 + 465 @short - 466 + 465 @unsigned_short - 466 + 465 @signed_short - 466 + 465 @int - 466 + 465 @unsigned_int - 466 + 465 @signed_int - 466 + 465 @long - 466 + 465 @unsigned_long - 466 + 465 @signed_long - 466 + 465 @long_long - 466 + 465 @unsigned_long_long - 466 + 465 @signed_long_long - 466 + 465 @float - 466 + 465 @double - 466 + 465 @long_double - 466 + 465 @complex_float - 466 + 465 @complex_double - 466 + 465 @complex_long_double - 466 + 465 @imaginary_float - 466 + 465 @imaginary_double - 466 + 465 @imaginary_long_double - 466 + 465 @wchar_t - 466 + 465 @decltype_nullptr - 466 + 465 @int128 - 466 + 465 @unsigned_int128 - 466 + 465 @signed_int128 - 466 + 465 @float128 - 466 + 465 @complex_float128 - 466 + 465 @decimal32 - 466 + 465 @decimal64 - 466 + 465 @decimal128 - 466 + 465 @char16_t - 466 + 465 @char32_t - 466 + 465 @std_float32 - 466 + 465 @float32x - 466 + 465 @std_float64 - 466 + 465 @float64x - 466 + 465 @std_float128 - 466 + 465 @char8_t - 466 + 465 @float16 - 466 + 465 @complex_float16 - 466 + 465 + + + @fp16 + 465 + + + @std_bfloat16 + 465 + + + @std_float16 + 465 + + + @complex_std_float32 + 465 + + + @complex_float32x + 465 + + + @complex_std_float64 + 465 + + + @complex_float64x + 465 + + + @complex_std_float128 + 465 @pointer - 567483 + 566995 @type_with_specifiers - 1009066 + 1010528 @array - 110046 + 109951 @routineptr - 635462 + 634074 @reference - 1747669 + 1729592 @gnu_vector - 714 + 697 @routinereference - 242 + 236 @rvalue_reference - 613493 + 627842 @block @@ -326,43 +358,43 @@ @decltype - 27045 + 27021 @usertype - 5225787 + 5224557 @mangledname - 4988979 + 6441011 @type_mention - 4022590 + 4023013 @routinetype - 547147 + 545951 @ptrtomember - 37770 + 37737 @specifier - 24713 + 24692 @gnuattribute - 685456 + 684867 @stdattribute - 492036 + 491264 @declspec - 243716 + 243334 @msattribute @@ -370,15 +402,15 @@ @alignas - 9792 + 9783 @attribute_arg_token - 39168 + 39135 @attribute_arg_constant_expr - 370239 + 369921 @attribute_arg_empty @@ -390,43 +422,43 @@ @attribute_arg_type - 466 + 465 @derivation - 368257 + 395653 @frienddecl - 716121 + 714556 @comment - 8774227 + 8760472 @namespace - 12123 + 12113 @specialnamequalifyingelement - 466 + 465 @namequalifier - 1533233 + 1573473 @value - 10759232 + 10760361 @initialiser - 1699706 + 1698635 @lambdacapture - 27977 + 27953 @address_of @@ -434,15 +466,15 @@ @indirect - 292170 + 292201 @array_to_pointer - 1428626 + 1428777 @parexpr - 3581934 + 3582309 @arithnegexpr @@ -450,115 +482,115 @@ @unaryplusexpr - 2911 + 2912 @complementexpr - 27792 + 27795 @notexpr - 275977 + 276006 @postincrexpr - 61944 + 61951 @postdecrexpr - 41970 + 41975 @preincrexpr - 70459 + 70466 @predecrexpr - 26165 + 26168 @conditionalexpr - 656221 + 656290 @addexpr - 397749 + 397790 @subexpr - 340231 + 340267 @mulexpr - 305860 + 305892 @divexpr - 132951 + 132965 @remexpr - 15842 + 15807 @paddexpr - 86521 + 86530 @psubexpr - 49819 + 49824 @pdiffexpr - 35459 + 35403 @lshiftexpr - 565385 + 565445 @rshiftexpr - 140612 + 140626 @andexpr - 488264 + 488315 @orexpr - 145229 + 145244 @xorexpr - 54087 + 54092 @eqexpr - 469885 + 469935 @neexpr - 301200 + 301232 @gtexpr - 99787 + 103894 @ltexpr - 101652 + 101565 @geexpr - 59152 + 59159 @leexpr - 212181 + 212203 @assignexpr - 935434 + 935533 @assignaddexpr @@ -566,19 +598,19 @@ @assignsubexpr - 11181 + 11182 @assignmulexpr - 7147 + 8253 @assigndivexpr - 4985 + 4986 @assignremexpr - 418 + 417 @assignlshiftexpr @@ -594,15 +626,15 @@ @assignorexpr - 23830 + 23829 @assignxorexpr - 21808 + 21810 @assignpaddexpr - 13606 + 13608 @assignpsubexpr @@ -610,27 +642,27 @@ @andlogicalexpr - 249546 + 249572 @orlogicalexpr - 864709 + 864800 @commaexpr - 124055 + 123860 @subscriptexpr - 367599 + 367576 @callexpr - 302160 + 301900 @vastartexpr - 3706 + 3703 @vaargexpr @@ -638,47 +670,47 @@ @vaendexpr - 2797 + 2795 @vacopyexpr - 141 + 140 @varaccess - 6019333 + 6019964 @runtime_sizeof - 295357 + 295388 @runtime_alignof - 49891 + 49782 @expr_stmt - 94234 + 94244 @routineexpr - 2917246 + 2914964 @type_operand - 1126930 + 1127048 @offsetofexpr - 19960 + 19962 @typescompexpr - 562865 + 562924 @literal - 4406808 + 4406828 @aggregateliteral @@ -686,43 +718,43 @@ @c_style_cast - 4209495 + 4210119 @temp_init - 826674 + 826451 @errorexpr - 46892 + 46789 @reference_to - 1592467 + 1588987 @ref_indirect - 1938672 + 1934436 @vacuous_destructor_call - 8150 + 8132 @assume - 3203 + 3200 @conjugation - 1 + 11 @realpartexpr - 69 + 78 @imagpartexpr - 69 + 78 @jmulexpr @@ -762,35 +794,35 @@ @thisaccess - 1127035 + 1126162 @new_expr - 47668 + 47564 @delete_expr - 11749 + 11723 @throw_expr - 21695 + 21163 @condition_decl - 42427 + 42374 @braced_init_list - 1108 + 1107 @type_id - 36483 + 36403 @sizeof_pack - 5595 + 5590 @hasassignexpr @@ -838,19 +870,19 @@ @isbaseofexpr - 37 + 150 @isclassexpr - 1837 + 1836 @isconvtoexpr - 104 + 208 @isemptyexpr - 1481 + 1478 @isenumexpr @@ -858,7 +890,7 @@ @ispodexpr - 634 + 618 @ispolyexpr @@ -874,19 +906,19 @@ @hastrivialdestructor - 466 + 465 @uuidof - 20120 + 20103 @delete_array_expr - 1406 + 1371 @new_array_expr - 5103 + 5099 @foldexpr @@ -894,55 +926,55 @@ @ctordirectinit - 112978 + 112732 @ctorvirtualinit - 6513 + 6353 @ctorfieldinit - 201118 + 200678 @ctordelegatinginit - 3351 + 3344 @dtordirectdestruct - 41776 + 41684 @dtorvirtualdestruct - 4128 + 4119 @dtorfielddestruct - 41705 + 41614 @static_cast - 210934 + 215491 @reinterpret_cast - 30752 + 30704 @const_cast - 35250 + 35194 @dynamic_cast - 1037 + 1012 @lambdaexpr - 21449 + 21431 @param_ref - 245656 + 245349 @noopexpr @@ -950,7 +982,7 @@ @istriviallyconstructibleexpr - 732 + 1357 @isdestructibleexpr @@ -962,7 +994,7 @@ @istriviallydestructibleexpr - 836 + 835 @istriviallyassignableexpr @@ -970,11 +1002,11 @@ @isnothrowassignableexpr - 4183 + 4177 @istrivialexpr - 932 + 931 @isstandardlayoutexpr @@ -982,7 +1014,7 @@ @istriviallycopyableexpr - 3730 + 3727 @isliteraltypeexpr @@ -1002,11 +1034,11 @@ @isconstructibleexpr - 466 + 465 @isnothrowconstructibleexpr - 14434 + 14412 @hasfinalizerexpr @@ -1042,11 +1074,11 @@ @isfinalexpr - 1693 + 1689 @noexceptexpr - 25737 + 25705 @builtinshufflevector @@ -1054,11 +1086,11 @@ @builtinchooseexpr - 9050 + 9051 @builtinaddressof - 13302 + 13272 @vec_fill @@ -1102,7 +1134,7 @@ @builtinshuffle - 1959 + 1911 @blockassignexpr @@ -1218,71 +1250,71 @@ @stmt_expr - 1483611 + 1483766 @stmt_if - 724735 + 724811 @stmt_while - 30110 + 29372 @stmt_goto - 110511 + 110523 @stmt_label - 53056 + 53061 @stmt_return - 1284647 + 1283543 @stmt_block - 1423603 + 1422380 @stmt_end_test_while - 148632 + 148648 @stmt_for - 61456 + 61463 @stmt_switch_case - 209643 + 209381 @stmt_switch - 20753 + 20755 @stmt_asm - 109804 + 109816 @stmt_decl - 606553 + 592150 @stmt_empty - 193321 + 193309 @stmt_continue - 22525 + 22528 @stmt_break - 102331 + 102247 @stmt_try_block - 46921 + 46863 @stmt_microsoft_try @@ -1302,15 +1334,15 @@ @stmt_range_based_for - 8393 + 8386 @stmt_handler - 65314 + 65232 @stmt_constexpr_if - 52508 + 52426 @stmt_co_return @@ -1318,55 +1350,55 @@ @ppd_if - 666338 + 665765 @ppd_ifdef - 262991 + 262765 @ppd_ifndef - 266255 + 266026 @ppd_elif - 25180 + 25158 @ppd_else - 208900 + 208721 @ppd_endif - 1195584 + 1194557 @ppd_plain_include - 311019 + 310752 @ppd_define - 2433298 + 2429484 @ppd_undef - 258328 + 258106 @ppd_include_next - 1865 + 1863 @ppd_line - 27757 + 27755 @ppd_error - 46 + 44 @ppd_pragma - 312020 + 311531 @ppd_objc_import @@ -1408,11 +1440,11 @@ compilations - 9948 + 9704 id - 9948 + 9704 cwd @@ -1430,7 +1462,7 @@ 1 2 - 9948 + 9704 @@ -1456,7 +1488,7 @@ compilation_args - 651494 + 651562 id @@ -1464,11 +1496,11 @@ num - 707 + 708 arg - 34405 + 34409 @@ -1706,7 +1738,7 @@ 1 2 - 32344 + 32348 2 @@ -1727,7 +1759,7 @@ 1 2 - 33200 + 33204 2 @@ -1742,7 +1774,7 @@ compilation_compiling_files - 11527 + 11528 id @@ -1754,7 +1786,7 @@ file - 10011 + 10012 @@ -1875,12 +1907,12 @@ 2 3 - 717 + 718 3 4 - 358 + 359 4 @@ -1911,12 +1943,12 @@ 2 3 - 717 + 718 3 4 - 358 + 359 4 @@ -1942,7 +1974,7 @@ 1 2 - 9014 + 9015 2 @@ -1968,7 +2000,7 @@ 1 2 - 9174 + 9175 2 @@ -1988,7 +2020,7 @@ compilation_time - 46109 + 46114 id @@ -2004,7 +2036,7 @@ seconds - 14798 + 9972 @@ -2082,55 +2114,55 @@ 12 + + 2 + 3 + 39 + 3 4 - 239 + 797 4 5 - 757 + 159 - 6 + 5 8 - 119 + 159 8 10 - 119 + 159 10 - 11 - 119 - - - 11 - 14 + 12 159 - 14 - 17 - 79 + 12 + 18 + 159 18 - 21 + 22 159 - 21 - 45 + 22 + 55 159 - 64 - 130 - 79 + 83 + 84 + 39 @@ -2151,12 +2183,12 @@ 2 3 - 717 + 718 3 4 - 358 + 359 4 @@ -2198,47 +2230,42 @@ 3 4 - 398 + 1515 4 5 - 1356 + 239 5 6 - 199 + 279 6 7 - 239 + 398 7 8 - 279 + 79 8 9 - 39 + 239 9 - 10 - 319 - - - 11 - 28 + 24 279 - 28 - 96 - 199 + 24 + 91 + 279 @@ -2284,18 +2311,23 @@ 12 - 4 - 5 - 79 - - - 182 - 183 + 3 + 4 39 - 189 - 190 + 4 + 5 + 39 + + + 123 + 124 + 39 + + + 130 + 131 39 @@ -2312,22 +2344,27 @@ 1 2 - 10011 + 5465 2 3 - 3549 + 2273 3 - 5 + 4 1116 - 18 - 47 - 119 + 4 + 6 + 877 + + + 6 + 43 + 239 @@ -2343,22 +2380,32 @@ 1 2 - 9572 + 4627 2 3 - 3470 + 2114 3 4 - 1037 + 1276 4 - 74 - 717 + 5 + 797 + + + 5 + 7 + 917 + + + 7 + 66 + 239 @@ -2374,12 +2421,12 @@ 1 2 - 14518 + 9573 2 - 4 - 279 + 3 + 398 @@ -2389,23 +2436,23 @@ diagnostic_for - 841626 + 5674 diagnostic - 72036 + 5200 compilation - 9556 + 850 file_number - 11 + 19 file_number_diagnostic_number - 6778 + 415 @@ -2419,17 +2466,12 @@ 1 2 - 9602 + 5042 2 - 3 - 59655 - - - 254 - 825 - 2778 + 7 + 158 @@ -2445,7 +2487,7 @@ 1 2 - 72036 + 5200 @@ -2461,7 +2503,7 @@ 1 2 - 72036 + 5200 @@ -2475,29 +2517,29 @@ 12 - 2 - 3 - 6132 + 5 + 6 + 632 - 3 - 4 - 495 + 7 + 8 + 79 - 242 - 243 - 1959 + 9 + 12 + 59 - 258 - 439 - 760 + 13 + 16 + 39 - 441 - 589 - 207 + 21 + 22 + 39 @@ -2513,7 +2555,7 @@ 1 2 - 9556 + 850 @@ -2527,29 +2569,29 @@ 12 - 2 - 3 - 6132 + 5 + 6 + 632 - 3 - 4 - 495 + 7 + 8 + 79 - 242 - 243 - 1959 + 9 + 12 + 59 - 258 - 439 - 760 + 13 + 16 + 39 - 441 - 589 - 207 + 21 + 22 + 39 @@ -2563,9 +2605,9 @@ 12 - 6249 - 6250 - 11 + 263 + 264 + 19 @@ -2579,9 +2621,9 @@ 12 - 829 - 830 - 11 + 43 + 44 + 19 @@ -2595,9 +2637,9 @@ 12 - 588 - 589 - 11 + 21 + 22 + 19 @@ -2611,49 +2653,44 @@ 12 - 1 - 2 - 2755 + 2 + 3 + 118 - 2 + 3 + 4 + 39 + + + 4 5 - 599 + 39 5 6 - 1014 + 39 7 - 14 - 541 + 8 + 39 - 15 - 16 - 57 + 11 + 12 + 39 - 17 - 18 - 599 + 37 + 38 + 79 - 18 - 23 - 461 - - - 26 - 40 - 553 - - - 42 - 830 - 195 + 43 + 44 + 19 @@ -2666,55 +2703,40 @@ 12 + + 2 + 3 + 118 + + + 3 + 4 + 39 + 4 - 9 - 587 + 5 + 39 - 10 - 11 - 1002 + 5 + 6 + 39 - 14 - 27 - 541 + 7 + 8 + 39 - 30 - 31 - 57 + 11 + 12 + 39 - 34 - 35 - 599 - - - 36 - 45 - 461 - - - 52 - 79 - 553 - - - 84 - 85 - 184 - - - 254 - 255 - 2755 - - - 297 - 830 - 34 + 43 + 44 + 98 @@ -2730,7 +2752,7 @@ 1 2 - 6778 + 415 @@ -2740,19 +2762,19 @@ compilation_finished - 9948 + 9704 id - 9948 + 9704 cpu_seconds - 7389 + 7343 elapsed_seconds - 138 + 146 @@ -2766,7 +2788,7 @@ 1 2 - 9948 + 9704 @@ -2782,7 +2804,7 @@ 1 2 - 9948 + 9704 @@ -2798,16 +2820,16 @@ 1 2 - 5948 + 5982 2 3 - 979 + 899 3 - 15 + 18 461 @@ -2824,12 +2846,12 @@ 1 2 - 6778 + 6758 2 3 - 610 + 584 @@ -2845,51 +2867,51 @@ 1 2 + 33 + + + 3 + 4 + 22 + + + 6 + 7 11 - 2 - 3 - 34 - - - 7 - 8 + 8 + 9 11 - 9 - 10 + 14 + 15 11 - 12 - 13 + 35 + 36 11 - 37 - 38 + 144 + 145 11 - 150 - 151 + 174 + 175 11 - 172 - 173 + 225 + 226 11 - 211 - 212 - 11 - - - 258 - 259 + 248 + 249 11 @@ -2906,51 +2928,51 @@ 1 2 + 33 + + + 3 + 4 + 22 + + + 6 + 7 11 - 2 - 3 - 34 - - - 7 - 8 + 8 + 9 11 - 9 - 10 + 14 + 15 11 - 12 - 13 + 34 + 35 11 - 36 - 37 + 124 + 125 11 - 125 - 126 + 128 + 129 11 - 126 - 127 + 159 + 160 11 - 145 - 146 - 11 - - - 227 - 228 + 223 + 224 11 @@ -3177,11 +3199,11 @@ sourceLocationPrefix - 466 + 465 prefix - 466 + 465 @@ -4675,31 +4697,31 @@ locations_default - 29769315 + 29768422 id - 29769315 + 29768422 container - 138490 + 138371 startLine - 2092739 + 2090941 startColumn - 36837 + 36805 endLine - 2096936 + 2095134 endColumn - 48028 + 47987 @@ -4713,7 +4735,7 @@ 1 2 - 29769315 + 29768422 @@ -4729,7 +4751,7 @@ 1 2 - 29769315 + 29768422 @@ -4745,7 +4767,7 @@ 1 2 - 29769315 + 29768422 @@ -4761,7 +4783,7 @@ 1 2 - 29769315 + 29768422 @@ -4777,7 +4799,7 @@ 1 2 - 29769315 + 29768422 @@ -4793,67 +4815,67 @@ 1 2 - 15854 + 15840 2 12 - 10724 + 10715 13 20 - 11657 + 11647 21 36 - 11191 + 11181 36 55 - 11191 + 11181 55 77 - 10724 + 10715 77 102 - 10724 + 10715 102 149 - 10724 + 10715 149 227 - 11191 + 11181 228 350 - 10724 + 10715 352 604 - 10724 + 10715 630 1494 - 10724 + 10715 1829 2380 - 2331 + 2329 @@ -4869,67 +4891,67 @@ 1 2 - 15854 + 15840 2 9 - 10724 + 10715 9 16 - 11657 + 11647 16 25 - 11191 + 11181 25 40 - 10724 + 10715 40 57 - 10724 + 10715 58 72 - 10724 + 10715 73 103 - 11191 + 11181 106 141 - 11657 + 11647 148 225 - 10724 + 10715 225 360 - 10724 + 10715 372 1255 - 10724 + 10715 1455 1569 - 1865 + 1863 @@ -4945,67 +4967,67 @@ 1 2 - 15854 + 15840 2 4 - 8393 + 8386 4 5 - 7927 + 7920 5 6 - 7460 + 7454 6 8 - 11191 + 11181 8 13 - 12123 + 12113 13 17 - 11191 + 11181 17 25 - 11191 + 11181 25 31 - 12123 + 12113 31 39 - 11191 + 11181 39 54 - 11191 + 11181 54 67 - 10724 + 10715 67 77 - 7927 + 7920 @@ -5021,67 +5043,67 @@ 1 2 - 15854 + 15840 2 9 - 10724 + 10715 9 16 - 11657 + 11647 16 25 - 11191 + 11181 25 40 - 10724 + 10715 40 57 - 10724 + 10715 58 71 - 10724 + 10715 72 98 - 10724 + 10715 101 140 - 11657 + 11647 140 222 - 10724 + 10715 223 360 - 11191 + 11181 372 1255 - 10724 + 10715 1452 1566 - 1865 + 1863 @@ -5097,62 +5119,62 @@ 1 2 - 15854 + 15840 2 10 - 11191 + 11181 10 14 - 10724 + 10715 14 21 - 11191 + 11181 22 31 - 11191 + 11181 31 39 - 12590 + 12579 39 48 - 12123 + 12113 48 56 - 11657 + 11647 56 64 - 12123 + 12113 64 73 - 12123 + 12113 73 78 - 10724 + 10715 78 90 - 6994 + 6988 @@ -5168,52 +5190,52 @@ 1 2 - 583803 + 580506 2 3 - 314750 + 314479 3 4 - 192580 + 194744 4 6 - 161804 + 162131 6 10 - 183720 + 183097 10 16 - 162271 + 161665 16 25 - 167400 + 168188 25 45 - 157141 + 157006 45 160 - 157608 + 157472 160 298 - 11657 + 11647 @@ -5229,42 +5251,42 @@ 1 2 - 870109 + 869361 2 3 - 273716 + 273015 3 5 - 193046 + 193346 5 8 - 173462 + 173313 8 13 - 187917 + 187756 13 20 - 160872 + 160734 20 51 - 159473 + 159336 51 298 - 74141 + 74077 @@ -5280,47 +5302,47 @@ 1 2 - 614112 + 610789 2 3 - 310087 + 312616 3 4 - 198642 + 198005 4 6 - 182322 + 182631 6 9 - 173462 + 172847 9 13 - 162737 + 163063 13 19 - 173928 + 173779 19 29 - 165069 + 164927 29 52 - 112377 + 112280 @@ -5336,22 +5358,22 @@ 1 2 - 1529919 + 1528604 2 3 - 348323 + 348024 3 5 - 161804 + 161665 5 16 - 52691 + 52646 @@ -5367,52 +5389,47 @@ 1 2 - 588466 + 585165 2 3 - 316149 + 315877 3 4 - 195378 + 197539 4 6 - 167866 + 168188 6 - 9 - 158074 + 10 + 191483 - 9 - 14 - 170198 + 10 + 15 + 165393 - 14 - 21 - 174394 + 15 + 22 + 167722 - 21 - 32 - 163670 + 22 + 34 + 163995 - 32 - 63 - 157608 - - - 64 + 34 66 - 932 + 135575 @@ -5428,72 +5445,72 @@ 1 31 - 2797 + 2795 42 85 - 2797 + 2795 86 128 - 2797 + 2795 129 229 - 2797 + 2795 - 248 + 247 292 - 2797 + 2795 293 360 - 2797 + 2795 373 - 456 - 2797 + 457 + 2795 475 565 - 2797 + 2795 - 565 - 619 - 2797 + 566 + 620 + 2795 - 622 + 623 689 - 2797 + 2795 - 695 - 793 - 2797 + 696 + 807 + 2795 820 1563 - 2797 + 2795 1638 - 5626 - 2797 + 5632 + 2795 15295 15296 - 466 + 465 @@ -5509,67 +5526,67 @@ 1 18 - 2797 + 2795 23 35 - 3264 + 3261 38 43 - 2797 + 2795 44 61 - 2797 + 2795 65 73 - 2797 + 2795 73 84 - 3264 + 3261 84 96 - 2797 + 2795 96 101 - 3264 + 3261 101 105 - 3264 + 3261 107 112 - 2797 + 2795 112 126 - 2797 + 2795 137 170 - 2797 + 2795 195 298 - 1398 + 1397 @@ -5585,72 +5602,72 @@ 1 19 - 2797 + 2795 30 72 - 2797 + 2795 83 122 - 2797 + 2795 122 205 - 2797 + 2795 214 261 - 2797 + 2795 265 322 - 2797 + 2795 322 379 - 2797 + 2795 404 430 - 2797 + 2795 - 452 + 453 474 - 2797 + 2795 478 505 - 2797 + 2795 511 583 - 2797 + 2795 - 584 + 585 836 - 2797 + 2795 1104 2196 - 2797 + 2795 - 2381 - 2382 - 466 + 2387 + 2388 + 465 @@ -5666,72 +5683,72 @@ 1 19 - 2797 + 2795 30 72 - 2797 + 2795 83 122 - 2797 + 2795 122 205 - 2797 + 2795 214 261 - 2797 + 2795 265 322 - 2797 + 2795 322 380 - 2797 + 2795 404 430 - 2797 + 2795 - 452 + 453 474 - 2797 + 2795 477 504 - 2797 + 2795 514 582 - 2797 + 2795 - 584 + 585 835 - 2797 + 2795 1109 2203 - 2797 + 2795 - 2376 - 2377 - 466 + 2382 + 2383 + 465 @@ -5747,67 +5764,67 @@ 1 7 - 2797 + 2795 7 11 - 3264 + 3261 11 16 - 3264 + 3261 16 22 - 2797 + 2795 22 24 - 3264 + 3261 24 28 - 2797 + 2795 29 34 - 3264 + 3261 34 41 - 3264 + 3261 41 46 - 2797 + 2795 - 46 + 47 49 - 1865 + 1863 49 54 - 2797 + 2795 54 74 - 2797 + 2795 75 86 - 1865 + 1863 @@ -5823,52 +5840,52 @@ 1 2 - 594062 + 590756 2 3 - 306823 + 306559 3 4 - 195844 + 198005 4 6 - 159007 + 159336 6 10 - 183254 + 182631 10 16 - 160872 + 160268 16 25 - 169732 + 170517 25 45 - 158074 + 157938 45 160 - 158074 + 157938 160 298 - 11191 + 11181 @@ -5884,47 +5901,47 @@ 1 2 - 885497 + 884736 2 3 - 260193 + 259504 3 4 - 124501 + 124860 4 6 - 140821 + 140700 6 10 - 184653 + 184494 10 15 - 168333 + 168188 15 26 - 163203 + 163063 26 120 - 158074 + 157938 121 298 - 11657 + 11647 @@ -5940,22 +5957,22 @@ 1 2 - 1527588 + 1526275 2 3 - 341329 + 341035 3 5 - 170664 + 170517 5 10 - 57354 + 57305 @@ -5971,47 +5988,47 @@ 1 2 - 625303 + 621971 2 3 - 300295 + 302832 3 4 - 201906 + 201267 4 6 - 183254 + 183563 6 9 - 170198 + 169586 9 13 - 166001 + 166324 13 19 - 174861 + 174710 19 29 - 160872 + 160734 29 52 - 114242 + 114144 @@ -6027,52 +6044,52 @@ 1 2 - 600590 + 597278 2 3 - 306823 + 306559 3 4 - 193979 + 196142 4 6 - 168799 + 169120 6 9 - 155743 + 154677 9 14 - 167866 + 168188 14 21 - 178125 + 178438 21 32 - 163203 + 163063 32 60 - 158074 + 157938 60 65 - 3730 + 3727 @@ -6088,67 +6105,67 @@ 1 2 - 5129 + 5124 2 8 - 3730 + 3727 9 186 - 3730 + 3727 193 295 - 3730 + 3727 297 495 - 3730 + 3727 503 555 - 3730 + 3727 561 634 - 3730 + 3727 640 758 - 4196 + 3727 - 768 - 877 - 3730 + 758 + 869 + 3727 - 877 - 1076 - 3730 + 876 + 1074 + 3727 - 1193 - 1290 - 3730 + 1075 + 1281 + 3727 - 1295 - 1686 - 3730 + 1289 + 1590 + 3727 - 1875 + 1685 2418 - 1398 + 1863 @@ -6164,67 +6181,67 @@ 1 2 - 5595 + 5590 2 5 - 3730 + 3727 5 65 - 3730 + 3727 70 100 - 3730 + 3727 100 111 - 3730 + 3727 112 122 - 3730 + 3727 122 134 - 3730 + 3727 139 152 - 3730 + 3727 152 160 - 3730 + 3727 160 171 - 3730 + 3727 171 175 - 3730 + 3727 176 192 - 3730 + 3727 207 298 - 1398 + 1397 @@ -6240,67 +6257,67 @@ 1 2 - 5595 + 5590 2 8 - 3730 + 3727 9 105 - 3730 + 3727 155 241 - 3730 + 3727 253 336 - 3730 + 3727 - 339 + 340 426 - 3730 + 3727 - 435 + 434 488 - 3730 + 3727 489 572 - 3730 + 3727 573 623 - 3730 + 3727 628 696 - 4196 + 4193 701 - 816 - 3730 + 819 + 3727 - 836 + 837 1095 - 3730 + 3727 - 1163 + 1172 1174 - 932 + 931 @@ -6316,67 +6333,67 @@ 1 2 - 6061 + 6056 2 4 - 3730 + 3727 4 8 - 4196 + 4193 8 15 - 3730 + 3727 15 23 - 3730 + 3727 23 29 - 3730 + 3727 29 35 - 4196 + 4193 35 39 - 3264 + 3261 39 42 - 3730 + 3261 42 44 - 2797 + 3261 44 46 - 3730 + 3727 46 49 - 3730 + 3727 49 53 - 1398 + 1397 @@ -6392,67 +6409,67 @@ 1 2 - 5595 + 5590 2 8 - 3730 + 3727 9 156 - 3730 + 3727 159 240 - 3730 + 3727 251 335 - 3730 + 3727 - 341 + 342 430 - 3730 + 3727 - 433 + 432 490 - 3730 + 3727 490 573 - 3730 + 3727 - 573 + 574 622 - 3730 + 3727 628 698 - 3730 + 3727 700 - 810 - 3730 + 812 + 3727 - 811 + 812 987 - 3730 + 3727 1096 1180 - 1398 + 1397 @@ -6462,11 +6479,11 @@ locations_stmt - 3813678 + 3814079 id - 3813678 + 3814079 container @@ -6474,7 +6491,7 @@ startLine - 199846 + 199867 startColumn @@ -6482,7 +6499,7 @@ endLine - 194112 + 194132 endColumn @@ -6500,7 +6517,7 @@ 1 2 - 3813678 + 3814079 @@ -6516,7 +6533,7 @@ 1 2 - 3813678 + 3814079 @@ -6532,7 +6549,7 @@ 1 2 - 3813678 + 3814079 @@ -6548,7 +6565,7 @@ 1 2 - 3813678 + 3814079 @@ -6564,7 +6581,7 @@ 1 2 - 3813678 + 3814079 @@ -6777,7 +6794,7 @@ 19 21 - 184 + 185 21 @@ -6965,67 +6982,67 @@ 1 2 - 21540 + 21542 2 3 - 15292 + 15293 3 4 - 12476 + 12477 4 6 - 14449 + 14451 6 8 - 12517 + 12518 8 11 - 16710 + 16712 11 16 - 17265 + 17267 16 22 - 15353 + 15355 22 29 - 16977 + 16979 29 37 - 17368 + 17369 37 45 - 15086 + 15088 45 56 - 16176 + 16177 56 73 - 8632 + 8633 @@ -7041,67 +7058,67 @@ 1 2 - 22301 + 22303 2 3 - 15723 + 15725 3 4 - 12681 + 12683 4 6 - 14387 + 14389 6 8 - 12722 + 12724 8 11 - 17573 + 17575 11 16 - 16361 + 16362 16 22 - 16217 + 16218 22 29 - 16957 + 16958 29 36 - 15991 + 15992 36 44 - 16319 + 16321 44 54 - 15641 + 15643 54 69 - 6967 + 6968 @@ -7117,57 +7134,57 @@ 1 2 - 26823 + 26825 2 3 - 20841 + 20843 3 4 - 16813 + 16814 4 5 - 16073 + 16074 5 6 - 17429 + 17431 6 7 - 19855 + 19857 7 8 - 22753 + 22755 8 9 - 20389 + 20391 9 10 - 15004 + 15006 10 12 - 16648 + 16650 12 18 - 7214 + 7215 @@ -7183,67 +7200,67 @@ 1 2 - 34592 + 34596 2 3 - 25795 + 25798 3 4 - 18436 + 18438 4 5 - 16217 + 16218 5 6 - 12784 + 12785 6 7 - 12024 + 12025 7 8 - 10174 + 10175 8 9 - 10975 + 10977 9 10 - 10729 + 10730 10 11 - 10523 + 10524 11 12 - 10174 + 10175 12 14 - 15785 + 15787 14 24 - 11633 + 11634 @@ -7259,62 +7276,62 @@ 1 2 - 22136 + 22139 2 3 - 16196 + 16198 3 4 - 12949 + 12950 4 6 - 16073 + 16074 6 8 - 14696 + 14697 8 10 - 13195 + 13197 10 14 - 18293 + 18295 14 18 - 17018 + 17020 18 22 - 17573 + 17575 22 26 - 18498 + 18500 26 30 - 16381 + 16383 30 36 - 15230 + 15232 36 @@ -7705,67 +7722,67 @@ 1 2 - 17409 + 17411 2 3 - 14408 + 14409 3 4 - 11489 + 11490 4 6 - 15600 + 15602 6 8 - 12496 + 12498 8 11 - 15456 + 15458 11 15 - 14634 + 14636 15 21 - 16093 + 16095 21 27 - 15415 + 15417 27 34 - 14942 + 14944 34 42 - 15744 + 15746 42 52 - 16011 + 16013 52 130 - 14408 + 14409 @@ -7781,62 +7798,62 @@ 1 2 - 24952 + 24955 2 3 - 16134 + 16136 3 4 - 12764 + 12765 4 6 - 15662 + 15663 6 8 - 15004 + 15006 8 11 - 15888 + 15889 11 16 - 17450 + 17452 16 20 - 14593 + 14594 20 26 - 17162 + 17164 26 32 - 16258 + 16259 32 39 - 14860 + 14862 39 59 - 13380 + 13382 @@ -7852,62 +7869,62 @@ 1 2 - 32475 + 32478 2 3 - 23760 + 23762 3 4 - 18457 + 18459 4 5 - 15148 + 15149 5 6 - 13873 + 13875 6 7 - 11674 + 11675 7 8 - 11736 + 11737 8 9 - 10914 + 10915 9 10 - 10174 + 10175 10 12 - 17964 + 17966 12 15 - 17717 + 17719 15 100 - 10215 + 10216 @@ -7923,57 +7940,57 @@ 1 2 - 24952 + 24955 2 3 - 20389 + 20391 3 4 - 16833 + 16835 4 5 - 17799 + 17801 5 6 - 18580 + 18582 6 7 - 20430 + 20432 7 8 - 22424 + 22426 8 9 - 18745 + 18747 9 10 - 12928 + 12929 10 12 - 15025 + 15026 12 18 - 6001 + 6002 @@ -7989,62 +8006,62 @@ 1 2 - 24705 + 24708 2 3 - 16628 + 16629 3 4 - 12537 + 12539 4 6 - 17820 + 17822 6 8 - 15333 + 15334 8 10 - 12825 + 12827 10 13 - 14408 + 14409 13 16 - 15025 + 15026 16 19 - 14655 + 14656 19 22 - 14038 + 14039 22 26 - 17121 + 17123 26 31 - 15333 + 15334 31 @@ -8065,12 +8082,12 @@ 1 2 - 184 + 185 2 4 - 184 + 185 4 @@ -8080,47 +8097,47 @@ 7 16 - 184 + 185 23 133 - 184 + 185 151 393 - 184 + 185 394 681 - 184 + 185 708 1137 - 184 + 185 1138 1674 - 184 + 185 1885 2795 - 184 + 185 2939 4095 - 184 + 185 4142 4771 - 184 + 185 5032 @@ -8146,17 +8163,17 @@ 2 3 - 184 + 185 3 6 - 184 + 185 6 21 - 184 + 185 31 @@ -8166,17 +8183,17 @@ 74 96 - 184 + 185 97 108 - 184 + 185 108 114 - 184 + 185 115 @@ -8196,7 +8213,7 @@ 123 125 - 184 + 185 125 @@ -8217,12 +8234,12 @@ 1 2 - 184 + 185 2 4 - 184 + 185 4 @@ -8232,47 +8249,47 @@ 7 15 - 184 + 185 22 130 - 184 + 185 145 378 - 184 + 185 385 652 - 184 + 185 666 964 - 184 + 185 999 1431 - 184 + 185 1587 2171 - 184 + 185 2264 2917 - 184 + 185 2947 3215 - 184 + 185 3417 @@ -8308,12 +8325,12 @@ 5 8 - 184 + 185 8 12 - 184 + 185 12 @@ -8323,7 +8340,7 @@ 14 16 - 184 + 185 16 @@ -8338,17 +8355,17 @@ 21 23 - 184 + 185 23 25 - 184 + 185 25 28 - 184 + 185 28 @@ -8389,47 +8406,47 @@ 7 27 - 184 + 185 40 132 - 184 + 185 142 329 - 184 + 185 366 583 - 184 + 185 613 968 - 184 + 185 1056 1409 - 184 + 185 1420 2035 - 184 + 185 2066 2627 - 184 + 185 2651 3073 - 184 + 185 3086 @@ -8444,11 +8461,11 @@ locations_expr - 13166528 + 13167909 id - 13166528 + 13167909 container @@ -8456,7 +8473,7 @@ startLine - 191913 + 191933 startColumn @@ -8464,7 +8481,7 @@ endLine - 191892 + 191912 endColumn @@ -8482,7 +8499,7 @@ 1 2 - 13166528 + 13167909 @@ -8498,7 +8515,7 @@ 1 2 - 13166528 + 13167909 @@ -8514,7 +8531,7 @@ 1 2 - 13166528 + 13167909 @@ -8530,7 +8547,7 @@ 1 2 - 13166528 + 13167909 @@ -8546,7 +8563,7 @@ 1 2 - 13166528 + 13167909 @@ -8572,12 +8589,12 @@ 6 11 - 369 + 370 12 26 - 369 + 370 27 @@ -8648,12 +8665,12 @@ 2 4 - 369 + 370 4 10 - 369 + 370 10 @@ -8749,7 +8766,7 @@ 59 66 - 369 + 370 66 @@ -8769,7 +8786,7 @@ 70 71 - 184 + 185 71 @@ -8784,7 +8801,7 @@ 74 92 - 369 + 370 94 @@ -8810,12 +8827,12 @@ 2 4 - 369 + 370 4 10 - 369 + 370 10 @@ -8891,7 +8908,7 @@ 4 7 - 369 + 370 7 @@ -8962,67 +8979,67 @@ 1 5 - 16114 + 16116 5 9 - 16484 + 16486 9 15 - 16032 + 16033 15 23 - 15107 + 15108 23 32 - 15148 + 15149 32 44 - 15004 + 15006 44 60 - 14757 + 14759 60 80 - 14819 + 14821 80 103 - 14634 + 14636 103 130 - 14778 + 14779 130 159 - 14531 + 14533 159 194 - 14613 + 14615 194 302 - 9886 + 9887 @@ -9038,62 +9055,62 @@ 1 2 - 23513 + 23516 2 3 - 15621 + 15622 3 4 - 11345 + 11347 4 6 - 16361 + 16362 6 8 - 13627 + 13628 8 11 - 16443 + 16444 11 16 - 17347 + 17349 16 21 - 16443 + 16444 21 28 - 16648 + 16650 28 35 - 15806 + 15807 35 43 - 15847 + 15848 43 60 - 12907 + 12909 @@ -9109,57 +9126,57 @@ 1 4 - 15970 + 15972 4 7 - 17532 + 17534 7 11 - 16689 + 16691 11 16 - 17409 + 17411 16 21 - 17512 + 17513 21 26 - 15066 + 15067 26 31 - 16176 + 16177 31 36 - 17717 + 17719 36 40 - 15703 + 15704 40 44 - 16299 + 16301 44 49 - 16895 + 16897 49 @@ -9180,22 +9197,22 @@ 1 2 - 101948 + 101958 2 3 - 44622 + 44627 3 4 - 27645 + 27648 4 6 - 14572 + 14574 6 @@ -9216,62 +9233,62 @@ 1 4 - 16957 + 16958 4 7 - 16648 + 16650 7 11 - 16422 + 16424 11 16 - 16217 + 16218 16 21 - 16443 + 16444 21 27 - 16772 + 16773 27 33 - 16443 + 16444 33 38 - 14470 + 14471 38 43 - 15538 + 15540 43 47 - 14696 + 14697 47 52 - 16772 + 16773 52 65 - 14449 + 14451 65 @@ -9297,7 +9314,7 @@ 2 4 - 184 + 185 4 @@ -9312,42 +9329,42 @@ 43 253 - 184 + 185 280 849 - 184 + 185 956 1895 - 184 + 185 2100 4183 - 184 + 185 4242 7021 - 184 + 185 7174 11394 - 184 + 185 12337 15120 - 184 + 185 15374 30165 - 184 + 185 30211 @@ -9383,27 +9400,27 @@ 4 6 - 184 + 185 7 32 - 184 + 185 43 99 - 184 + 185 104 123 - 184 + 185 124 133 - 184 + 185 133 @@ -9454,57 +9471,57 @@ 2 4 - 184 + 185 4 7 - 184 + 185 7 19 - 184 + 185 20 152 - 184 + 185 199 589 - 184 + 185 633 1290 - 184 + 185 1370 2344 - 184 + 185 2574 3505 - 184 + 185 3527 4711 - 184 + 185 4734 5298 - 184 + 185 5332 5999 - 184 + 185 6158 @@ -9530,57 +9547,57 @@ 2 4 - 184 + 185 4 7 - 184 + 185 7 19 - 184 + 185 20 152 - 184 + 185 199 589 - 184 + 185 651 1292 - 184 + 185 1370 2348 - 184 + 185 2575 3511 - 184 + 185 3533 4712 - 184 + 185 4737 5324 - 184 + 185 5346 6023 - 184 + 185 6202 @@ -9611,37 +9628,37 @@ 3 5 - 184 + 185 5 9 - 184 + 185 9 13 - 184 + 185 13 20 - 184 + 185 20 30 - 184 + 185 30 42 - 184 + 185 44 59 - 184 + 185 59 @@ -9651,7 +9668,7 @@ 69 74 - 184 + 185 74 @@ -9677,67 +9694,67 @@ 1 5 - 16134 + 16136 5 9 - 16484 + 16486 9 15 - 15806 + 15807 15 23 - 15086 + 15088 23 32 - 15641 + 15643 32 44 - 14737 + 14738 44 60 - 14490 + 14492 60 80 - 15251 + 15252 80 103 - 14531 + 14533 103 130 - 14757 + 14759 130 160 - 14881 + 14882 160 195 - 14552 + 14553 195 299 - 9537 + 9538 @@ -9753,67 +9770,67 @@ 1 2 - 23513 + 23516 2 3 - 15559 + 15561 3 4 - 11345 + 11347 4 6 - 16052 + 16054 6 8 - 13483 + 13484 8 11 - 16504 + 16506 11 15 - 14428 + 14430 15 20 - 16772 + 16773 20 26 - 14983 + 14985 26 33 - 16052 + 16054 33 40 - 14634 + 14636 40 49 - 14593 + 14594 49 60 - 3966 + 3967 @@ -9829,22 +9846,22 @@ 1 2 - 95473 + 95483 2 3 - 50007 + 50013 3 4 - 29371 + 29374 4 6 - 15600 + 15602 6 @@ -9865,62 +9882,62 @@ 1 4 - 15826 + 15828 4 7 - 17450 + 17452 7 11 - 16484 + 16486 11 16 - 17347 + 17349 16 21 - 17306 + 17308 21 26 - 15148 + 15149 26 31 - 16299 + 16301 31 36 - 17676 + 17678 36 40 - 15292 + 15293 40 44 - 16443 + 16444 44 49 - 16977 + 16979 49 63 - 9639 + 9640 @@ -9936,62 +9953,62 @@ 1 4 - 17183 + 17184 4 7 - 16792 + 16794 7 11 - 16422 + 16424 11 16 - 16874 + 16876 16 21 - 16011 + 16013 21 26 - 14511 + 14512 26 32 - 16155 + 16157 32 38 - 17491 + 17493 38 43 - 16134 + 16136 43 47 - 14470 + 14471 47 52 - 16566 + 16568 52 69 - 13277 + 13279 @@ -10143,7 +10160,7 @@ 151 163 - 184 + 185 @@ -10376,23 +10393,23 @@ numlines - 1382103 + 1380915 element_id - 1375109 + 1373927 num_lines - 101652 + 101565 num_code - 84866 + 84793 num_comment - 59685 + 59634 @@ -10406,12 +10423,12 @@ 1 2 - 1368114 + 1366938 2 3 - 6994 + 6988 @@ -10427,12 +10444,12 @@ 1 2 - 1369047 + 1367870 2 3 - 6061 + 6056 @@ -10448,7 +10465,7 @@ 1 2 - 1375109 + 1373927 @@ -10464,27 +10481,27 @@ 1 2 - 68079 + 68020 2 3 - 12123 + 12113 3 4 - 7460 + 7454 4 21 - 7927 + 7920 29 921 - 6061 + 6056 @@ -10500,27 +10517,27 @@ 1 2 - 70410 + 70350 2 3 - 12123 + 12113 3 4 - 8393 + 8386 4 6 - 9325 + 9317 6 7 - 1398 + 1397 @@ -10536,22 +10553,22 @@ 1 2 - 69478 + 69418 2 3 - 14921 + 14908 3 4 - 10724 + 10715 4 7 - 6528 + 6522 @@ -10567,27 +10584,27 @@ 1 2 - 52691 + 52646 2 3 - 14455 + 14442 3 5 - 6528 + 6522 5 42 - 6528 + 6522 44 922 - 4662 + 4658 @@ -10603,27 +10620,27 @@ 1 2 - 52691 + 52646 2 3 - 16786 + 16772 3 5 - 6061 + 6056 5 8 - 6528 + 6522 8 12 - 2797 + 2795 @@ -10639,27 +10656,27 @@ 1 2 - 53157 + 53112 2 3 - 15854 + 15840 3 5 - 7460 + 7454 5 7 - 5129 + 5124 7 10 - 3264 + 3261 @@ -10675,32 +10692,32 @@ 1 2 - 34505 + 34476 2 3 - 9325 + 9317 3 4 - 4196 + 4193 4 6 - 4662 + 4658 6 11 - 5129 + 5124 17 2596 - 1865 + 1863 @@ -10716,32 +10733,32 @@ 1 2 - 34505 + 34476 2 3 - 9325 + 9317 3 4 - 4196 + 4193 4 6 - 4662 + 4658 6 8 - 4662 + 4658 10 38 - 2331 + 2329 @@ -10757,32 +10774,32 @@ 1 2 - 34505 + 34476 2 3 - 9325 + 9317 3 4 - 4196 + 4193 4 6 - 4662 + 4658 6 10 - 4662 + 4658 10 37 - 2331 + 2329 @@ -10792,31 +10809,31 @@ diagnostics - 72036 + 5200 id - 72036 + 5200 severity - 23 + 19 error_tag - 69 + 39 error_message - 115 + 415 full_error_message - 62491 + 4369 location - 92 + 177 @@ -10830,7 +10847,7 @@ 1 2 - 72036 + 5200 @@ -10846,7 +10863,7 @@ 1 2 - 72036 + 5200 @@ -10862,7 +10879,7 @@ 1 2 - 72036 + 5200 @@ -10878,7 +10895,7 @@ 1 2 - 72036 + 5200 @@ -10894,7 +10911,7 @@ 1 2 - 72036 + 5200 @@ -10908,14 +10925,9 @@ 12 - 4 - 5 - 11 - - - 6245 - 6246 - 11 + 263 + 264 + 19 @@ -10924,6 +10936,91 @@ severity error_tag + + + 12 + + + 2 + 3 + 19 + + + + + + + severity + error_message + + + 12 + + + 21 + 22 + 19 + + + + + + + severity + full_error_message + + + 12 + + + 221 + 222 + 19 + + + + + + + severity + location + + + 12 + + + 9 + 10 + 19 + + + + + + + error_tag + id + + + 12 + + + 43 + 44 + 19 + + + 220 + 221 + 19 + + + + + + + error_tag + severity 12 @@ -10931,514 +11028,379 @@ 1 2 - 11 + 39 + + + + + + + error_tag + error_message + + + 12 + + + 1 + 2 + 19 + + + 20 + 21 + 19 + + + + + + + error_tag + full_error_message + + + 12 + + + 1 + 2 + 19 + + + 220 + 221 + 19 + + + + + + + error_tag + location + + + 12 + + + 1 + 2 + 19 + + + 8 + 9 + 19 + + + + + + + error_message + id + + + 12 + + + 1 + 2 + 118 + + + 2 + 3 + 158 + + + 3 + 4 + 79 + + + 43 + 44 + 19 + + + 93 + 94 + 39 + + + + + + + error_message + severity + + + 12 + + + 1 + 2 + 415 + + + + + + + error_message + error_tag + + + 12 + + + 1 + 2 + 415 + + + + + + + error_message + full_error_message + + + 12 + + + 1 + 2 + 138 + + + 2 + 3 + 158 + + + 3 + 4 + 79 + + + 93 + 94 + 39 + + + + + + + error_message + location + + + 12 + + + 1 + 2 + 177 + + + 2 + 3 + 118 + + + 3 + 4 + 79 + + + 4 + 5 + 39 + + + + + + + full_error_message + id + + + 12 + + + 1 + 2 + 4350 + + + 43 + 44 + 19 + + + + + + + full_error_message + severity + + + 12 + + + 1 + 2 + 4369 + + + + + + + full_error_message + error_tag + + + 12 + + + 1 + 2 + 4369 + + + + + + + full_error_message + error_message + + + 12 + + + 1 + 2 + 4369 + + + + + + + full_error_message + location + + + 12 + + + 1 + 2 + 4369 + + + + + + + location + id + + + 12 + + + 6 + 7 + 39 + + + 22 + 23 + 39 + + + 41 + 42 + 79 + + + 43 + 44 + 19 + + + + + + + location + severity + + + 12 + + + 1 + 2 + 177 + + + + + + + location + error_tag + + + 12 + + + 1 + 2 + 177 + + + + + + + location + error_message + + + 12 + + + 1 + 2 + 19 + + + 3 + 4 + 39 5 6 - 11 - - - - - - - severity - error_message - - - 12 - - - 3 - 4 - 11 + 39 - 7 - 8 - 11 - - - - - - - severity - full_error_message - - - 12 - - - 4 - 5 - 11 - - - 5417 - 5418 - 11 - - - - - - - severity - location - - - 12 - - - 4 - 5 - 23 - - - - - - - error_tag - id - - - 12 - - - 1 - 2 - 11 - - - 2 - 3 - 11 - - - 4 - 5 - 11 - - - 417 - 418 - 11 - - - 829 - 830 - 11 - - - 4996 - 4997 - 11 - - - - - - - error_tag - severity - - - 12 - - - 1 - 2 - 69 - - - - - - - error_tag - error_message - - - 12 - - - 1 - 2 - 46 - - - 3 - 4 - 23 - - - - - - - error_tag - full_error_message - - - 12 - - - 1 - 2 - 23 - - - 2 - 3 - 11 - - - 4 - 5 - 11 - - - 417 - 418 - 11 - - - 4996 - 4997 - 11 - - - - - - - error_tag - location - - - 12 - - - 1 - 2 - 46 - - - 2 - 3 - 11 - - - 4 - 5 - 11 - - - - - - - error_message - id - - - 12 - - - 1 - 2 - 34 - - - 2 - 3 - 23 - - - 10 - 11 - 11 - - - 75 - 76 - 11 - - - 332 - 333 - 11 - - - 829 - 830 - 11 - - - 4996 - 4997 - 11 - - - - - - - error_message - severity - - - 12 - - - 1 - 2 - 115 - - - - - - - error_message - error_tag - - - 12 - - - 1 - 2 - 115 - - - - - - - error_message - full_error_message - - - 12 - - - 1 - 2 - 46 - - - 2 - 3 - 23 - - - 10 - 11 - 11 - - - 75 - 76 - 11 - - - 332 - 333 - 11 - - - 4996 - 4997 - 11 - - - - - - - error_message - location - - - 12 - - - 1 - 2 - 92 - - - 2 - 3 - 23 - - - - - - - full_error_message - id - - - 12 - - - 1 - 2 - 62480 - - - 829 - 830 - 11 - - - - - - - full_error_message - severity - - - 12 - - - 1 - 2 - 62491 - - - - - - - full_error_message - error_tag - - - 12 - - - 1 - 2 - 62491 - - - - - - - full_error_message - error_message - - - 12 - - - 1 - 2 - 62491 - - - - - - - full_error_message - location - - - 12 - - - 1 - 2 - 62491 - - - - - - - location - id - - - 12 - - - 1 - 2 - 80 - - - 6242 - 6243 - 11 - - - - - - - location - severity - - - 12 - - - 1 - 2 - 92 - - - - - - - location - error_tag - - - 12 - - - 1 - 2 - 80 - - - 3 - 4 - 11 - - - - - - - location - error_message - - - 12 - - - 1 - 2 - 80 - - - 5 - 6 - 11 + 6 + 7 + 79 @@ -11454,12 +11416,22 @@ 1 2 - 80 + 19 - 5414 - 5415 - 11 + 6 + 7 + 39 + + + 22 + 23 + 39 + + + 41 + 42 + 79 @@ -11469,15 +11441,15 @@ files - 123102 + 122996 id - 123102 + 122996 name - 123102 + 122996 @@ -11491,7 +11463,7 @@ 1 2 - 123102 + 122996 @@ -11507,7 +11479,7 @@ 1 2 - 123102 + 122996 @@ -11517,15 +11489,15 @@ folders - 15387 + 15374 id - 15387 + 15374 name - 15387 + 15374 @@ -11539,7 +11511,7 @@ 1 2 - 15387 + 15374 @@ -11555,7 +11527,7 @@ 1 2 - 15387 + 15374 @@ -11565,15 +11537,15 @@ containerparent - 137557 + 137439 parent - 15387 + 15374 child - 137557 + 137439 @@ -11587,32 +11559,32 @@ 1 2 - 6528 + 6522 2 3 - 3264 + 3261 3 5 - 1398 + 1397 5 12 - 1398 + 1397 23 28 - 1398 + 1397 40 67 - 1398 + 1397 @@ -11628,7 +11600,7 @@ 1 2 - 137557 + 137439 @@ -11638,23 +11610,23 @@ fileannotations - 5238006 + 5109644 id - 5003 + 4880 kind - 23 + 22 name - 55932 + 54561 value - 47021 + 45869 @@ -11668,12 +11640,12 @@ 1 2 - 172 + 168 2 3 - 4830 + 4711 @@ -11689,57 +11661,57 @@ 1 102 - 391 + 382 102 225 - 380 + 371 227 299 - 380 + 371 301 452 - 403 + 393 452 555 - 380 + 371 559 626 - 380 + 371 626 716 - 380 + 371 729 904 - 380 + 371 904 934 - 80 + 78 936 937 - 1452 + 1416 1083 2036 - 380 + 371 2293 @@ -11760,57 +11732,57 @@ 1 114 - 391 + 382 114 275 - 380 + 371 275 363 - 380 + 371 393 638 - 380 + 371 643 744 - 380 + 371 751 955 - 380 + 371 955 1087 - 380 + 371 1088 1501 - 253 + 247 1501 1502 - 1452 + 1416 1504 1874 - 380 + 371 1972 4080 - 242 + 236 @@ -11889,62 +11861,62 @@ 1 2 - 9049 + 8827 2 3 - 6351 + 6196 3 5 - 4265 + 4160 5 9 - 4357 + 4250 9 14 - 4069 + 3969 14 18 - 4265 + 4160 18 20 - 4818 + 4700 20 34 - 4311 + 4205 34 128 - 4599 + 4486 128 229 - 4207 + 4104 229 387 - 4334 + 4228 387 434 - 1302 + 1270 @@ -11960,7 +11932,7 @@ 1 2 - 55932 + 54561 @@ -11976,62 +11948,62 @@ 1 2 - 9060 + 8838 2 3 - 8230 + 8029 3 4 - 2616 + 2552 4 6 - 4611 + 4498 6 9 - 4219 + 4115 9 14 - 4299 + 4194 14 17 - 4219 + 4115 17 22 - 4691 + 4576 22 41 - 4299 + 4194 41 82 - 4253 + 4149 82 157 - 4196 + 4093 158 1895 - 1233 + 1203 @@ -12047,67 +12019,67 @@ 1 2 - 7308 + 7129 2 5 - 2282 + 2226 5 8 - 3400 + 3317 8 15 - 3608 + 3519 15 17 - 2593 + 2530 17 19 - 4230 + 4126 19 34 - 3400 + 3317 34 189 - 3700 + 3609 189 201 - 3688 + 3598 201 266 - 3631 + 3542 266 321 - 3758 + 3665 322 399 - 4034 + 3935 399 435 - 1383 + 1349 @@ -12123,7 +12095,7 @@ 1 2 - 47010 + 45857 2 @@ -12144,67 +12116,67 @@ 1 2 - 7331 + 7151 2 5 - 2639 + 2575 5 8 - 3585 + 3497 8 15 - 3631 + 3542 15 17 - 2893 + 2822 17 19 - 3665 + 3575 19 29 - 3585 + 3497 29 39 - 3746 + 3654 39 48 - 3688 + 3598 48 74 - 3642 + 3553 74 102 - 3527 + 3441 102 119 - 3677 + 3587 119 146 - 1406 + 1371 @@ -12214,15 +12186,15 @@ inmacroexpansion - 109609474 + 109620989 id - 17999527 + 18001413 inv - 2696000 + 2696281 @@ -12236,37 +12208,37 @@ 1 3 - 1579546 + 1579705 3 5 - 1076132 + 1076245 5 6 - 1183051 + 1183176 6 7 - 4812473 + 4812979 7 8 - 6376088 + 6376758 8 9 - 2601226 + 2601499 9 21 - 371008 + 371047 @@ -12282,32 +12254,32 @@ 1 2 - 377842 + 377880 2 3 - 543264 + 543313 3 4 - 350972 + 351008 4 7 - 200350 + 200369 7 8 - 206832 + 206853 8 9 - 241514 + 241540 9 @@ -12317,22 +12289,22 @@ 10 11 - 324983 + 325017 11 337 - 224502 + 224533 339 423 - 206034 + 206056 423 7616 - 17497 + 17499 @@ -12342,15 +12314,15 @@ affectedbymacroexpansion - 35633915 + 35637655 id - 5148773 + 5149311 inv - 2780470 + 2780761 @@ -12364,37 +12336,37 @@ 1 2 - 2811579 + 2811876 2 3 - 559267 + 559321 3 4 - 264497 + 264524 4 5 - 564919 + 564979 5 12 - 391297 + 391338 12 50 - 406771 + 406814 50 9900 - 150439 + 150455 @@ -12410,67 +12382,67 @@ 1 4 - 228764 + 228787 4 7 - 231430 + 231454 7 9 - 220137 + 220160 9 12 - 250699 + 250726 12 13 - 333461 + 333496 13 14 - 165332 + 165349 14 15 - 298382 + 298413 15 16 - 121654 + 121667 16 17 - 276181 + 276210 17 18 - 146713 + 146728 18 20 - 251745 + 251771 20 25 - 208656 + 208678 25 109 - 47310 + 47315 @@ -12480,23 +12452,23 @@ macroinvocations - 34192813 + 33362900 id - 34192813 + 33362900 macro_id - 81166 + 79177 location - 776483 + 757454 kind - 23 + 22 @@ -12510,7 +12482,7 @@ 1 2 - 34192813 + 33362900 @@ -12526,7 +12498,7 @@ 1 2 - 34192813 + 33362900 @@ -12542,7 +12514,7 @@ 1 2 - 34192813 + 33362900 @@ -12558,57 +12530,57 @@ 1 2 - 16599 + 16193 2 3 - 16922 + 16507 3 4 - 3181 + 3103 4 5 - 5383 + 5251 5 8 - 5809 + 5667 8 13 - 6236 + 6083 13 26 - 6328 + 6162 26 61 - 6190 + 6038 61 200 - 6098 + 5959 200 1697 - 6121 + 5971 1716 168807 - 2294 + 2237 @@ -12624,37 +12596,37 @@ 1 2 - 43367 + 42304 2 3 - 10617 + 10356 3 4 - 5268 + 5139 4 6 - 6985 + 6814 6 13 - 6616 + 6454 13 66 - 6132 + 5982 66 3614 - 2178 + 2125 @@ -12670,12 +12642,12 @@ 1 2 - 75310 + 73464 2 3 - 5856 + 5712 @@ -12691,37 +12663,42 @@ 1 2 - 287189 + 280140 2 3 - 173515 + 168970 3 4 - 72935 + 70484 4 5 - 60981 + 60060 5 - 9 - 71656 + 8 + 53729 - 9 - 21 - 60186 + 8 + 17 + 62602 - 21 + 17 + 525 + 56822 + + + 534 244764 - 50018 + 4644 @@ -12737,12 +12714,12 @@ 1 2 - 729335 + 711462 2 350 - 47148 + 45992 @@ -12758,7 +12735,7 @@ 1 2 - 776483 + 757454 @@ -12777,8 +12754,8 @@ 11 - 2945478 - 2945479 + 2946191 + 2946192 11 @@ -12831,15 +12808,15 @@ macroparent - 30581550 + 29835446 id - 30581550 + 29835446 parent_id - 23776789 + 23197420 @@ -12853,7 +12830,7 @@ 1 2 - 30581550 + 29835446 @@ -12869,17 +12846,17 @@ 1 2 - 18370535 + 17923630 2 3 - 4553929 + 4442353 3 88 - 852324 + 831437 @@ -12889,15 +12866,15 @@ macrolocationbind - 4036895 + 4037654 id - 2826216 + 2826847 location - 2017786 + 2017998 @@ -12911,22 +12888,22 @@ 1 2 - 2225964 + 2226533 2 3 - 340571 + 340607 3 7 - 230151 + 230175 7 57 - 29529 + 29532 @@ -12942,22 +12919,22 @@ 1 2 - 1608407 + 1608576 2 3 - 177393 + 177412 3 8 - 156621 + 156631 8 723 - 75364 + 75378 @@ -12967,19 +12944,19 @@ macro_argument_unexpanded - 86329774 + 84222788 invocation - 26761716 + 26113877 argument_index - 760 + 742 text - 325046 + 317081 @@ -12993,22 +12970,22 @@ 1 2 - 7582881 + 7404499 2 3 - 10899357 + 10632707 3 4 - 6268860 + 6115325 4 67 - 2010617 + 1961344 @@ -13024,22 +13001,22 @@ 1 2 - 7654526 + 7474388 2 3 - 11049010 + 10778692 3 4 - 6099011 + 5949638 4 67 - 1959168 + 1911157 @@ -13055,17 +13032,17 @@ 41230 41231 - 668 + 652 41432 174417 - 57 + 56 - 718224 - 2321513 - 34 + 718232 + 2322223 + 33 @@ -13081,17 +13058,17 @@ 2 3 - 668 + 652 13 995 - 57 + 56 6559 19579 - 34 + 33 @@ -13107,57 +13084,57 @@ 1 2 - 35816 + 34938 2 3 - 62756 + 61027 3 4 - 19412 + 17677 4 5 - 44773 + 44890 5 7 - 24427 + 23907 7 12 - 18790 + 18419 12 16 - 22006 + 21523 16 23 - 25614 + 24874 23 42 - 24703 + 24222 42 129 - 24588 + 23986 129 - 522415 - 22156 + 522417 + 21613 @@ -13173,17 +13150,17 @@ 1 2 - 235073 + 229312 2 3 - 79472 + 77524 3 9 - 10501 + 10244 @@ -13193,19 +13170,19 @@ macro_argument_expanded - 86329774 + 84222788 invocation - 26761716 + 26113877 argument_index - 760 + 742 text - 196985 + 192158 @@ -13219,22 +13196,22 @@ 1 2 - 7582881 + 7404499 2 3 - 10899357 + 10632707 3 4 - 6268860 + 6115325 4 67 - 2010617 + 1961344 @@ -13250,22 +13227,22 @@ 1 2 - 10908372 + 10648540 2 3 - 9395798 + 9165949 3 4 - 5318101 + 5187865 4 9 - 1139444 + 1111521 @@ -13281,17 +13258,17 @@ 41230 41231 - 668 + 652 41432 174417 - 57 + 56 - 718224 - 2321513 - 34 + 718232 + 2322223 + 33 @@ -13307,17 +13284,17 @@ 1 2 - 657 + 640 2 76 - 57 + 56 870 13879 - 46 + 44 @@ -13333,62 +13310,62 @@ 1 2 - 21234 + 20713 2 3 - 38295 + 37165 3 4 - 10340 + 9029 4 5 - 15712 + 16316 5 6 - 3539 + 2473 6 7 - 22352 + 22771 7 9 - 14847 + 14708 9 14 - 12622 + 11987 14 - 20 - 14986 + 19 + 14517 - 20 + 19 49 - 15666 + 15754 49 169 - 14790 + 14427 169 - 1060455 - 12599 + 1060462 + 12291 @@ -13404,17 +13381,17 @@ 1 2 - 99691 + 97248 2 3 - 82584 + 80560 3 66 - 14709 + 14348 @@ -13424,19 +13401,19 @@ functions - 4638253 + 4640789 id - 4638253 + 4640789 name - 1916013 + 1915298 kind - 3264 + 3261 @@ -13450,7 +13427,7 @@ 1 2 - 4638253 + 4640789 @@ -13466,7 +13443,7 @@ 1 2 - 4638253 + 4640789 @@ -13482,22 +13459,22 @@ 1 2 - 1503340 + 1502980 2 3 - 152479 + 151882 3 5 - 150147 + 150018 5 - 1666 - 110046 + 1676 + 110417 @@ -13513,12 +13490,12 @@ 1 2 - 1915546 + 1914832 2 3 - 466 + 465 @@ -13534,37 +13511,37 @@ 6 7 - 466 + 465 64 65 - 466 + 465 173 174 - 466 + 465 195 196 - 466 + 465 - 1350 - 1351 - 466 + 1354 + 1355 + 465 - 2372 - 2373 - 466 + 2382 + 2383 + 465 5787 5788 - 466 + 465 @@ -13580,37 +13557,37 @@ 3 4 - 466 + 465 33 34 - 466 + 465 39 40 - 466 + 465 94 95 - 466 + 465 195 196 - 466 + 465 - 243 - 244 - 466 + 245 + 246 + 465 3503 3504 - 466 + 465 @@ -13620,15 +13597,15 @@ function_entry_point - 1156415 + 1155421 id - 1146623 + 1145638 entry_point - 1156415 + 1155421 @@ -13642,12 +13619,12 @@ 1 2 - 1136831 + 1135854 2 3 - 9792 + 9783 @@ -13663,7 +13640,7 @@ 1 2 - 1156415 + 1155421 @@ -13673,15 +13650,15 @@ function_return_type - 4643382 + 4645914 id - 4638253 + 4640789 return_type - 984818 + 986301 @@ -13695,12 +13672,12 @@ 1 2 - 4633124 + 4635664 2 3 - 5129 + 5124 @@ -13716,22 +13693,22 @@ 1 2 - 510128 + 509690 2 3 - 373503 + 375512 3 10 - 75073 + 75009 10 - 2512 - 26112 + 2516 + 26090 @@ -14053,48 +14030,48 @@ purefunctions - 100053 + 99971 id - 100053 + 99971 function_deleted - 137557 + 137439 id - 137557 + 137439 function_defaulted - 73674 + 73611 id - 73674 + 73611 member_function_this_type - 553568 + 552359 id - 553568 + 552359 this_type - 189968 + 189553 @@ -14108,7 +14085,7 @@ 1 2 - 553568 + 552359 @@ -14124,32 +14101,32 @@ 1 2 - 68556 + 68406 2 3 - 45516 + 45416 3 4 - 30555 + 30489 4 5 - 15560 + 15526 5 7 - 15595 + 15561 7 66 - 14184 + 14153 @@ -14159,27 +14136,27 @@ fun_decls - 5007094 + 5009313 id - 5001965 + 5004188 function - 4494634 + 4497293 type_id - 983419 + 984904 name - 1818557 + 1817926 location - 3416556 + 3414551 @@ -14193,7 +14170,7 @@ 1 2 - 5001965 + 5004188 @@ -14209,12 +14186,12 @@ 1 2 - 4996835 + 4999063 2 3 - 5129 + 5124 @@ -14230,7 +14207,7 @@ 1 2 - 5001965 + 5004188 @@ -14246,7 +14223,7 @@ 1 2 - 5001965 + 5004188 @@ -14262,17 +14239,17 @@ 1 2 - 4066107 + 4069135 2 3 - 355784 + 355478 3 7 - 72742 + 72679 @@ -14288,12 +14265,12 @@ 1 2 - 4454998 + 4457692 2 3 - 39635 + 39601 @@ -14309,7 +14286,7 @@ 1 2 - 4494634 + 4497293 @@ -14325,17 +14302,17 @@ 1 2 - 4122529 + 4125508 2 4 - 371172 + 370853 5 6 - 932 + 931 @@ -14351,22 +14328,22 @@ 1 2 - 435521 + 435146 2 3 - 435987 + 437942 3 8 - 75073 + 75009 8 - 2757 - 36837 + 2761 + 36805 @@ -14382,22 +14359,22 @@ 1 2 - 519454 + 519008 2 3 - 365110 + 367126 3 11 - 75540 + 75475 11 - 2473 - 23314 + 2477 + 23294 @@ -14413,17 +14390,17 @@ 1 2 - 856120 + 857714 2 5 - 89528 + 89452 5 - 821 - 37770 + 823 + 37737 @@ -14439,22 +14416,22 @@ 1 2 - 752136 + 753819 2 3 - 131495 + 131382 3 10 - 74607 + 74543 10 - 2028 - 25180 + 2030 + 25158 @@ -14470,27 +14447,27 @@ 1 2 - 1233821 + 1233692 2 3 - 267188 + 266492 3 4 - 80203 + 80600 4 6 - 136624 + 136507 6 - 1700 - 100720 + 1710 + 100633 @@ -14506,22 +14483,22 @@ 1 2 - 1412879 + 1412596 2 3 - 151546 + 150950 3 5 - 144085 + 143961 5 - 1650 - 110046 + 1660 + 110417 @@ -14537,17 +14514,17 @@ 1 2 - 1600796 + 1600352 2 4 - 134293 + 134178 4 - 925 - 83467 + 930 + 83395 @@ -14563,27 +14540,27 @@ 1 2 - 1254804 + 1254657 2 3 - 293766 + 293514 3 4 - 79270 + 79202 4 8 - 137557 + 137439 8 - 651 - 53157 + 653 + 53112 @@ -14599,17 +14576,17 @@ 1 2 - 2961450 + 2958905 2 4 - 295165 + 295843 4 55 - 159939 + 159802 @@ -14625,17 +14602,17 @@ 1 2 - 3028597 + 3025994 2 6 - 261592 + 262299 6 55 - 126366 + 126257 @@ -14651,12 +14628,12 @@ 1 2 - 3207655 + 3204898 2 25 - 208900 + 209653 @@ -14672,12 +14649,12 @@ 1 2 - 3245425 + 3242635 2 13 - 171130 + 171915 @@ -14687,22 +14664,22 @@ fun_def - 1934665 + 1933002 id - 1934665 + 1933002 fun_specialized - 26112 + 26090 id - 26112 + 26090 @@ -14720,15 +14697,15 @@ fun_decl_specifiers - 2903163 + 2900668 id - 1687527 + 1686077 name - 2797 + 2795 @@ -14742,17 +14719,17 @@ 1 2 - 490544 + 490122 2 3 - 1178331 + 1177319 3 4 - 18651 + 18635 @@ -14768,32 +14745,32 @@ 50 51 - 466 + 465 203 204 - 466 + 465 209 210 - 466 + 465 639 640 - 466 + 465 2561 2562 - 466 + 465 2564 2565 - 466 + 465 @@ -14924,26 +14901,26 @@ fun_decl_empty_throws - 1926738 + 1931604 fun_decl - 1926738 + 1931604 fun_decl_noexcept - 61190 + 61094 fun_decl - 61190 + 61094 constant - 61086 + 60990 @@ -14957,7 +14934,7 @@ 1 2 - 61190 + 61094 @@ -14973,7 +14950,7 @@ 1 2 - 60981 + 60885 2 @@ -14988,22 +14965,22 @@ fun_decl_empty_noexcept - 869643 + 868895 fun_decl - 869643 + 868895 fun_decl_typedef_type - 2889 + 2888 fun_decl - 2889 + 2888 typedeftype_id @@ -15021,7 +14998,7 @@ 1 2 - 2889 + 2888 @@ -15097,19 +15074,19 @@ param_decl_bind - 7373083 + 7371405 id - 7373083 + 7371405 index - 7927 + 7920 fun_decl - 4217187 + 4218221 @@ -15123,7 +15100,7 @@ 1 2 - 7373083 + 7371405 @@ -15139,7 +15116,7 @@ 1 2 - 7373083 + 7371405 @@ -15155,72 +15132,72 @@ 2 3 - 932 + 931 5 6 - 466 + 465 7 8 - 466 + 465 10 11 - 932 + 931 11 12 - 466 + 465 12 13 - 932 + 931 13 14 - 466 + 465 25 26 - 466 + 465 78 79 - 466 + 465 245 246 - 466 + 465 636 637 - 466 + 465 1713 1714 - 466 + 465 3987 3988 - 466 + 465 - 9044 - 9045 - 466 + 9054 + 9055 + 465 @@ -15236,72 +15213,72 @@ 2 3 - 932 + 931 5 6 - 466 + 465 7 8 - 466 + 465 10 11 - 932 + 931 11 12 - 466 + 465 12 13 - 932 + 931 13 14 - 466 + 465 25 26 - 466 + 465 78 79 - 466 + 465 245 246 - 466 + 465 636 637 - 466 + 465 1713 1714 - 466 + 465 3987 3988 - 466 + 465 - 9044 - 9045 - 466 + 9054 + 9055 + 465 @@ -15317,22 +15294,22 @@ 1 2 - 2358062 + 2360694 2 3 - 1060358 + 1059447 3 4 - 502201 + 501769 4 18 - 296564 + 296309 @@ -15348,22 +15325,22 @@ 1 2 - 2358062 + 2360694 2 3 - 1060358 + 1059447 3 4 - 502201 + 501769 4 18 - 296564 + 296309 @@ -15373,27 +15350,27 @@ var_decls - 8487066 + 8484431 id - 8416189 + 8413615 variable - 7405258 + 7403552 type_id - 2379045 + 2381660 name - 666804 + 666231 location - 5305524 + 5300964 @@ -15407,7 +15384,7 @@ 1 2 - 8416189 + 8413615 @@ -15423,12 +15400,12 @@ 1 2 - 8348110 + 8345594 2 3 - 68079 + 68020 @@ -15444,7 +15421,7 @@ 1 2 - 8416189 + 8413615 @@ -15460,12 +15437,12 @@ 1 2 - 8413391 + 8410819 2 3 - 2797 + 2795 @@ -15481,17 +15458,17 @@ 1 2 - 6554266 + 6553292 2 3 - 697579 + 696980 3 7 - 153411 + 153279 @@ -15507,12 +15484,12 @@ 1 2 - 7234127 + 7232568 2 4 - 171130 + 170983 @@ -15528,12 +15505,12 @@ 1 2 - 7290083 + 7288476 2 3 - 115175 + 115076 @@ -15549,12 +15526,12 @@ 1 2 - 6860623 + 6859386 2 4 - 544634 + 544166 @@ -15570,27 +15547,27 @@ 1 2 - 1464171 + 1467572 2 3 - 509196 + 508758 3 4 - 97922 + 97838 4 7 - 186984 + 186824 7 762 - 120770 + 120667 @@ -15606,22 +15583,22 @@ 1 2 - 1597532 + 1600818 2 3 - 484482 + 484065 3 7 - 186518 + 186358 7 724 - 110512 + 110417 @@ -15637,17 +15614,17 @@ 1 2 - 1872181 + 1875231 2 3 - 384694 + 384364 3 128 - 122169 + 122064 @@ -15663,22 +15640,22 @@ 1 2 - 1700117 + 1703315 2 3 - 401481 + 401136 3 8 - 188383 + 188221 8 592 - 89062 + 88986 @@ -15694,37 +15671,37 @@ 1 2 - 340862 + 340569 2 3 - 86731 + 86656 3 4 - 48494 + 48453 4 6 - 51758 + 51714 6 12 - 52225 + 52180 12 33 - 50360 + 50316 34 - 3213 - 36371 + 3223 + 36339 @@ -15740,37 +15717,37 @@ 1 2 - 368374 + 368057 2 3 - 77871 + 77804 3 4 - 45230 + 45191 4 6 - 49427 + 49384 6 14 - 53157 + 53112 14 56 - 50826 + 50782 56 - 3130 - 21915 + 3140 + 21897 @@ -15786,27 +15763,27 @@ 1 2 - 456504 + 456112 2 3 - 93725 + 93645 3 5 - 46629 + 46589 5 19 - 50826 + 50782 19 - 1917 - 19118 + 1927 + 19101 @@ -15822,32 +15799,32 @@ 1 2 - 378632 + 378307 2 3 - 90461 + 90383 3 5 - 59685 + 59634 5 9 - 51292 + 51248 9 21 - 50360 + 50316 21 1010 - 36371 + 36339 @@ -15863,17 +15840,17 @@ 1 2 - 4490903 + 4487043 2 3 - 531111 + 530655 3 - 1725 - 283508 + 1735 + 283264 @@ -15889,17 +15866,17 @@ 1 2 - 4879795 + 4875601 2 17 - 415004 + 414647 17 - 1721 - 10724 + 1731 + 10715 @@ -15915,12 +15892,12 @@ 1 2 - 4955801 + 4951542 2 - 1503 - 349722 + 1513 + 349421 @@ -15936,12 +15913,12 @@ 1 2 - 5296198 + 5291646 2 6 - 9325 + 9317 @@ -15951,26 +15928,26 @@ var_def - 4023674 + 4020216 id - 4023674 + 4020216 var_decl_specifiers - 310553 + 310286 id - 310553 + 310286 name - 1398 + 1397 @@ -15984,7 +15961,7 @@ 1 2 - 310553 + 310286 @@ -16000,17 +15977,17 @@ 15 16 - 466 + 465 66 67 - 466 + 465 585 586 - 466 + 465 @@ -16031,19 +16008,19 @@ type_decls - 3241228 + 3238442 id - 3241228 + 3238442 type_id - 3190868 + 3188126 location - 3162424 + 3159706 @@ -16057,7 +16034,7 @@ 1 2 - 3241228 + 3238442 @@ -16073,7 +16050,7 @@ 1 2 - 3241228 + 3238442 @@ -16089,12 +16066,12 @@ 1 2 - 3149368 + 3146661 2 5 - 41500 + 41464 @@ -16110,12 +16087,12 @@ 1 2 - 3149368 + 3146661 2 5 - 41500 + 41464 @@ -16131,12 +16108,12 @@ 1 2 - 3122322 + 3119639 2 20 - 40101 + 40067 @@ -16152,12 +16129,12 @@ 1 2 - 3122322 + 3119639 2 20 - 40101 + 40067 @@ -16167,45 +16144,45 @@ type_def - 2623851 + 2621596 id - 2623851 + 2621596 type_decl_top - 742810 + 742172 type_decl - 742810 + 742172 namespace_decls - 308863 + 308610 id - 308863 + 308610 namespace_id - 1416 + 1414 location - 308863 + 308610 bodylocation - 308863 + 308610 @@ -16219,7 +16196,7 @@ 1 2 - 308863 + 308610 @@ -16235,7 +16212,7 @@ 1 2 - 308863 + 308610 @@ -16251,7 +16228,7 @@ 1 2 - 308863 + 308610 @@ -16465,7 +16442,7 @@ 1 2 - 308863 + 308610 @@ -16481,7 +16458,7 @@ 1 2 - 308863 + 308610 @@ -16497,7 +16474,7 @@ 1 2 - 308863 + 308610 @@ -16513,7 +16490,7 @@ 1 2 - 308863 + 308610 @@ -16529,7 +16506,7 @@ 1 2 - 308863 + 308610 @@ -16545,7 +16522,7 @@ 1 2 - 308863 + 308610 @@ -16555,19 +16532,19 @@ usings - 369307 + 368989 id - 369307 + 368989 element_id - 315216 + 314945 location - 247603 + 247390 @@ -16581,7 +16558,7 @@ 1 2 - 369307 + 368989 @@ -16597,7 +16574,7 @@ 1 2 - 369307 + 368989 @@ -16613,17 +16590,17 @@ 1 2 - 262991 + 262765 2 3 - 50826 + 50782 3 5 - 1398 + 1397 @@ -16639,17 +16616,17 @@ 1 2 - 262991 + 262765 2 3 - 50826 + 50782 3 5 - 1398 + 1397 @@ -16665,22 +16642,22 @@ 1 2 - 202372 + 202198 2 4 - 10724 + 10715 4 5 - 31241 + 31215 5 11 - 3264 + 3261 @@ -16696,22 +16673,22 @@ 1 2 - 202372 + 202198 2 4 - 10724 + 10715 4 5 - 31241 + 31215 5 11 - 3264 + 3261 @@ -16721,15 +16698,15 @@ using_container - 476682 + 465000 parent - 11285 + 11009 child - 302256 + 294849 @@ -16743,47 +16720,47 @@ 1 2 - 3366 + 3283 2 4 - 956 + 933 4 6 - 426 + 416 6 7 - 2547 + 2485 7 17 - 922 + 899 19 143 - 783 + 764 178 179 - 1325 + 1293 179 183 - 876 + 854 201 488 - 80 + 78 @@ -16799,22 +16776,22 @@ 1 2 - 222934 + 217471 2 3 - 52819 + 51525 3 11 - 24323 + 23727 13 41 - 2178 + 2125 @@ -16824,27 +16801,27 @@ static_asserts - 130544 + 133393 id - 130544 + 133393 condition - 130544 + 133393 message - 29484 + 29938 location - 16790 + 17399 enclosing - 1944 + 4603 @@ -16858,7 +16835,7 @@ 1 2 - 130544 + 133393 @@ -16874,7 +16851,7 @@ 1 2 - 130544 + 133393 @@ -16890,7 +16867,7 @@ 1 2 - 130544 + 133393 @@ -16906,7 +16883,7 @@ 1 2 - 130544 + 133393 @@ -16922,7 +16899,7 @@ 1 2 - 130544 + 133393 @@ -16938,7 +16915,7 @@ 1 2 - 130544 + 133393 @@ -16954,7 +16931,7 @@ 1 2 - 130544 + 133393 @@ -16970,7 +16947,7 @@ 1 2 - 130544 + 133393 @@ -16986,32 +16963,32 @@ 1 2 - 21970 + 22027 2 3 - 402 + 471 3 4 - 2769 + 2848 4 - 11 - 1422 + 12 + 1597 12 17 - 2378 + 2408 17 513 - 541 + 584 @@ -17027,32 +17004,32 @@ 1 2 - 21970 + 22027 2 3 - 402 + 471 3 4 - 2769 + 2848 4 - 11 - 1422 + 12 + 1597 12 17 - 2378 + 2408 17 513 - 541 + 584 @@ -17068,12 +17045,12 @@ 1 2 - 27370 + 27743 2 33 - 2114 + 2194 @@ -17089,27 +17066,27 @@ 1 2 - 23386 + 23442 2 3 - 188 + 257 3 4 - 2567 + 2647 4 - 11 - 1264 + 12 + 1440 12 - 21 - 2076 + 37 + 2150 @@ -17125,47 +17102,52 @@ 1 2 - 3134 + 3257 2 3 - 2699 + 2804 3 4 - 1309 + 1389 + + + 4 + 5 + 81 5 6 - 3625 + 3659 6 13 - 182 + 333 14 15 - 2051 + 2049 16 17 - 37 + 44 17 18 - 3404 + 3401 19 52 - 346 + 377 @@ -17181,47 +17163,52 @@ 1 2 - 3134 + 3257 2 3 - 2699 + 2804 3 4 - 1309 + 1389 + + + 4 + 5 + 81 5 6 - 3625 + 3659 6 13 - 182 + 333 14 15 - 2051 + 2049 16 17 - 37 + 44 17 18 - 3404 + 3401 19 52 - 346 + 377 @@ -17237,17 +17224,17 @@ 1 2 - 4631 + 5250 2 3 - 5947 + 5942 3 4 - 6029 + 6024 4 @@ -17268,37 +17255,37 @@ 1 2 - 3738 + 3861 2 3 - 6117 + 6219 3 4 - 1082 + 1163 4 5 - 3593 + 3672 5 - 6 - 188 + 13 + 377 13 14 - 2051 + 2049 16 - 21 - 18 + 23 + 56 @@ -17314,27 +17301,22 @@ 1 2 - 1371 + 3741 2 3 - 144 + 427 3 - 10 - 163 + 210 + 358 - 10 - 180 - 138 - - - 209 + 223 11052 - 125 + 75 @@ -17350,27 +17332,22 @@ 1 2 - 1371 + 3741 2 3 - 144 + 427 3 - 10 - 163 + 210 + 358 - 10 - 180 - 138 - - - 209 + 223 11052 - 125 + 75 @@ -17386,22 +17363,17 @@ 1 2 - 1541 + 3911 2 - 5 - 151 + 3 + 371 - 5 - 210 - 176 - - - 223 + 3 2936 - 75 + 320 @@ -17417,22 +17389,17 @@ 1 2 - 1529 + 3898 2 - 5 - 163 + 3 + 383 - 5 - 210 - 176 - - - 223 + 3 1929 - 75 + 320 @@ -17442,23 +17409,23 @@ params - 6733324 + 6732196 id - 6569654 + 6568667 function - 3873993 + 3875322 index - 7927 + 7920 type_id - 2183667 + 2186449 @@ -17472,7 +17439,7 @@ 1 2 - 6569654 + 6568667 @@ -17488,7 +17455,7 @@ 1 2 - 6569654 + 6568667 @@ -17504,12 +17471,12 @@ 1 2 - 6446086 + 6445204 2 4 - 123568 + 123462 @@ -17525,22 +17492,22 @@ 1 2 - 2251746 + 2254470 2 3 - 951711 + 950893 3 4 - 429459 + 429090 4 18 - 241075 + 240868 @@ -17556,22 +17523,22 @@ 1 2 - 2251746 + 2254470 2 3 - 951711 + 950893 3 4 - 429459 + 429090 4 18 - 241075 + 240868 @@ -17587,22 +17554,22 @@ 1 2 - 2549710 + 2552178 2 3 - 825811 + 825101 3 4 - 345992 + 345694 4 12 - 152479 + 152347 @@ -17618,72 +17585,72 @@ 2 3 - 932 + 931 4 5 - 466 + 465 6 7 - 466 + 465 8 9 - 932 + 931 9 10 - 466 + 465 10 11 - 932 + 931 11 12 - 466 + 465 19 20 - 466 + 465 64 65 - 466 + 465 194 195 - 466 + 465 517 518 - 466 + 465 1438 1439 - 466 + 465 3479 3480 - 466 + 465 - 8308 - 8309 - 466 + 8318 + 8319 + 465 @@ -17699,72 +17666,72 @@ 2 3 - 932 + 931 4 5 - 466 + 465 6 7 - 466 + 465 8 9 - 932 + 931 9 10 - 466 + 465 10 11 - 932 + 931 11 12 - 466 + 465 19 20 - 466 + 465 64 65 - 466 + 465 194 195 - 466 + 465 517 518 - 466 + 465 1438 1439 - 466 + 465 3479 3480 - 466 + 465 - 8308 - 8309 - 466 + 8318 + 8319 + 465 @@ -17780,67 +17747,67 @@ 1 2 - 932 + 931 3 4 - 466 + 465 4 5 - 466 + 465 5 6 - 466 + 465 6 7 - 1398 + 1397 7 8 - 932 + 931 11 12 - 466 + 465 42 43 - 466 + 465 106 107 - 466 + 465 228 229 - 466 + 465 582 583 - 466 + 465 1271 1272 - 466 + 465 - 3599 - 3600 - 466 + 3609 + 3610 + 465 @@ -17856,22 +17823,22 @@ 1 2 - 1483289 + 1486674 2 3 - 440184 + 439805 3 8 - 170198 + 170052 8 518 - 89995 + 89917 @@ -17887,22 +17854,22 @@ 1 2 - 1702915 + 1706110 2 3 - 248069 + 247856 3 9 - 168333 + 168188 9 502 - 64348 + 64293 @@ -17918,17 +17885,17 @@ 1 2 - 1756539 + 1759689 2 3 - 348323 + 348024 3 13 - 78804 + 78736 @@ -17938,15 +17905,15 @@ overrides - 159979 + 159848 new - 125145 + 125042 old - 15110 + 15098 @@ -17960,12 +17927,12 @@ 1 2 - 90317 + 90243 2 3 - 34821 + 34793 3 @@ -17986,37 +17953,37 @@ 1 2 - 7929 + 7923 2 3 - 1906 + 1905 3 4 - 988 + 987 4 5 - 1321 + 1320 5 11 - 1214 + 1213 11 60 - 1164 + 1163 61 231 - 585 + 584 @@ -18026,19 +17993,19 @@ membervariables - 1054778 + 1054889 id - 1052983 + 1053094 type_id - 327195 + 327229 name - 450885 + 450932 @@ -18052,7 +18019,7 @@ 1 2 - 1051268 + 1051379 2 @@ -18073,7 +18040,7 @@ 1 2 - 1052983 + 1053094 @@ -18089,22 +18056,22 @@ 1 2 - 242634 + 242659 2 3 - 51813 + 51818 3 10 - 25487 + 25490 10 4152 - 7259 + 7260 @@ -18120,17 +18087,17 @@ 1 2 - 254839 + 254866 2 3 - 46388 + 46393 3 40 - 24570 + 24573 41 @@ -18151,22 +18118,22 @@ 1 2 - 294846 + 294877 2 3 - 86395 + 86404 3 5 - 41123 + 41128 5 646 - 28519 + 28522 @@ -18182,17 +18149,17 @@ 1 2 - 367242 + 367280 2 3 - 51654 + 51659 3 650 - 31989 + 31992 @@ -18373,19 +18340,19 @@ localvariables - 581199 + 581163 id - 581199 + 581163 type_id - 37873 + 37870 name - 91325 + 91319 @@ -18399,7 +18366,7 @@ 1 2 - 581199 + 581163 @@ -18415,7 +18382,7 @@ 1 2 - 581199 + 581163 @@ -18431,7 +18398,7 @@ 1 2 - 21189 + 21188 2 @@ -18472,7 +18439,7 @@ 1 2 - 26976 + 26974 2 @@ -18508,12 +18475,12 @@ 1 2 - 57521 + 57517 2 3 - 14407 + 14406 3 @@ -18523,7 +18490,7 @@ 5 15 - 7042 + 7041 15 @@ -18544,7 +18511,7 @@ 1 2 - 77148 + 77144 2 @@ -18554,7 +18521,7 @@ 3 1486 - 6702 + 6701 @@ -18564,11 +18531,11 @@ autoderivation - 149368 + 149133 var - 149368 + 149133 derivation_type @@ -18586,7 +18553,7 @@ 1 2 - 149368 + 149133 @@ -18632,15 +18599,15 @@ orphaned_variables - 37894 + 37812 var - 37894 + 37812 function - 33307 + 33235 @@ -18654,7 +18621,7 @@ 1 2 - 37894 + 37812 @@ -18670,12 +18637,12 @@ 1 2 - 31226 + 31158 2 47 - 2081 + 2077 @@ -18685,19 +18652,19 @@ enumconstants - 241278 + 241303 id - 241278 + 241303 parent - 28479 + 28482 index - 10211 + 10212 type_id @@ -18705,11 +18672,11 @@ name - 240998 + 241024 location - 221214 + 221237 @@ -18723,7 +18690,7 @@ 1 2 - 241278 + 241303 @@ -18739,7 +18706,7 @@ 1 2 - 241278 + 241303 @@ -18755,7 +18722,7 @@ 1 2 - 241278 + 241303 @@ -18771,7 +18738,7 @@ 1 2 - 241278 + 241303 @@ -18787,7 +18754,7 @@ 1 2 - 241278 + 241303 @@ -18808,17 +18775,17 @@ 2 3 - 4028 + 4029 3 4 - 5783 + 5784 4 5 - 3908 + 3909 5 @@ -18828,7 +18795,7 @@ 6 7 - 1834 + 1835 7 @@ -18848,7 +18815,7 @@ 17 84 - 2153 + 2154 94 @@ -18874,17 +18841,17 @@ 2 3 - 4028 + 4029 3 4 - 5783 + 5784 4 5 - 3908 + 3909 5 @@ -18894,7 +18861,7 @@ 6 7 - 1834 + 1835 7 @@ -18914,7 +18881,7 @@ 17 84 - 2153 + 2154 94 @@ -18935,7 +18902,7 @@ 1 2 - 28479 + 28482 @@ -18956,17 +18923,17 @@ 2 3 - 4028 + 4029 3 4 - 5783 + 5784 4 5 - 3908 + 3909 5 @@ -18976,7 +18943,7 @@ 6 7 - 1834 + 1835 7 @@ -18996,7 +18963,7 @@ 17 84 - 2153 + 2154 94 @@ -19017,7 +18984,7 @@ 1 2 - 1435 + 1436 2 @@ -19027,7 +18994,7 @@ 3 4 - 5823 + 5824 4 @@ -19042,7 +19009,7 @@ 6 7 - 1794 + 1795 7 @@ -19052,7 +19019,7 @@ 8 11 - 2512 + 2513 11 @@ -19062,7 +19029,7 @@ 17 257 - 2153 + 2154 @@ -19190,7 +19157,7 @@ 1 2 - 10211 + 10212 @@ -19398,7 +19365,7 @@ 1 2 - 240719 + 240744 2 @@ -19419,7 +19386,7 @@ 1 2 - 240719 + 240744 2 @@ -19440,7 +19407,7 @@ 1 2 - 240998 + 241024 @@ -19456,7 +19423,7 @@ 1 2 - 240998 + 241024 @@ -19472,7 +19439,7 @@ 1 2 - 240719 + 240744 2 @@ -19493,7 +19460,7 @@ 1 2 - 220456 + 220480 2 @@ -19514,7 +19481,7 @@ 1 2 - 221214 + 221237 @@ -19530,7 +19497,7 @@ 1 2 - 220456 + 220480 2 @@ -19551,7 +19518,7 @@ 1 2 - 221214 + 221237 @@ -19567,7 +19534,7 @@ 1 2 - 220456 + 220480 2 @@ -19582,31 +19549,31 @@ builtintypes - 22382 + 26090 id - 22382 + 26090 name - 22382 + 26090 kind - 22382 + 26090 size - 3264 + 3261 sign - 1398 + 1397 alignment - 2331 + 2329 @@ -19620,7 +19587,7 @@ 1 2 - 22382 + 26090 @@ -19636,7 +19603,7 @@ 1 2 - 22382 + 26090 @@ -19652,7 +19619,7 @@ 1 2 - 22382 + 26090 @@ -19668,7 +19635,7 @@ 1 2 - 22382 + 26090 @@ -19684,7 +19651,7 @@ 1 2 - 22382 + 26090 @@ -19700,7 +19667,7 @@ 1 2 - 22382 + 26090 @@ -19716,7 +19683,7 @@ 1 2 - 22382 + 26090 @@ -19732,7 +19699,7 @@ 1 2 - 22382 + 26090 @@ -19748,7 +19715,7 @@ 1 2 - 22382 + 26090 @@ -19764,7 +19731,7 @@ 1 2 - 22382 + 26090 @@ -19780,7 +19747,7 @@ 1 2 - 22382 + 26090 @@ -19796,7 +19763,7 @@ 1 2 - 22382 + 26090 @@ -19812,7 +19779,7 @@ 1 2 - 22382 + 26090 @@ -19828,7 +19795,7 @@ 1 2 - 22382 + 26090 @@ -19844,7 +19811,7 @@ 1 2 - 22382 + 26090 @@ -19860,32 +19827,37 @@ 1 2 - 466 + 465 - 2 - 3 - 466 - - - 5 - 6 - 466 + 4 + 5 + 465 7 8 - 466 + 465 + + + 8 + 9 + 465 10 11 - 932 + 465 - 13 - 14 - 466 + 12 + 13 + 465 + + + 14 + 15 + 465 @@ -19901,32 +19873,37 @@ 1 2 - 466 + 465 - 2 - 3 - 466 - - - 5 - 6 - 466 + 4 + 5 + 465 7 8 - 466 + 465 + + + 8 + 9 + 465 10 11 - 932 + 465 - 13 - 14 - 466 + 12 + 13 + 465 + + + 14 + 15 + 465 @@ -19942,32 +19919,37 @@ 1 2 - 466 + 465 - 2 - 3 - 466 - - - 5 - 6 - 466 + 4 + 5 + 465 7 8 - 466 + 465 + + + 8 + 9 + 465 10 11 - 932 + 465 - 13 - 14 - 466 + 12 + 13 + 465 + + + 14 + 15 + 465 @@ -19983,12 +19965,12 @@ 1 2 - 932 + 931 3 4 - 2331 + 2329 @@ -20004,12 +19986,12 @@ 1 2 - 1865 + 1863 2 3 - 1398 + 1397 @@ -20025,17 +20007,17 @@ 6 7 - 466 + 465 12 13 - 466 + 465 - 30 - 31 - 466 + 38 + 39 + 465 @@ -20051,17 +20033,17 @@ 6 7 - 466 + 465 12 13 - 466 + 465 - 30 - 31 - 466 + 38 + 39 + 465 @@ -20077,17 +20059,17 @@ 6 7 - 466 + 465 12 13 - 466 + 465 - 30 - 31 - 466 + 38 + 39 + 465 @@ -20103,12 +20085,12 @@ 5 6 - 932 + 931 7 8 - 466 + 465 @@ -20124,7 +20106,7 @@ 5 6 - 1398 + 1397 @@ -20137,30 +20119,30 @@ 12 - - 6 - 7 - 466 - 8 9 - 466 + 465 - 10 - 11 - 466 + 9 + 10 + 465 11 12 - 466 + 465 13 14 - 466 + 465 + + + 15 + 16 + 465 @@ -20173,30 +20155,30 @@ 12 - - 6 - 7 - 466 - 8 9 - 466 + 465 - 10 - 11 - 466 + 9 + 10 + 465 11 12 - 466 + 465 13 14 - 466 + 465 + + + 15 + 16 + 465 @@ -20209,30 +20191,30 @@ 12 - - 6 - 7 - 466 - 8 9 - 466 + 465 - 10 - 11 - 466 + 9 + 10 + 465 11 12 - 466 + 465 13 14 - 466 + 465 + + + 15 + 16 + 465 @@ -20248,7 +20230,7 @@ 2 3 - 2331 + 2329 @@ -20264,7 +20246,7 @@ 3 4 - 2331 + 2329 @@ -20274,23 +20256,23 @@ derivedtypes - 4327233 + 4332832 id - 4327233 + 4332832 name - 2151026 + 2158495 kind - 2797 + 2795 type_id - 2670947 + 2673311 @@ -20304,7 +20286,7 @@ 1 2 - 4327233 + 4332832 @@ -20320,7 +20302,7 @@ 1 2 - 4327233 + 4332832 @@ -20336,7 +20318,7 @@ 1 2 - 4327233 + 4332832 @@ -20352,17 +20334,17 @@ 1 2 - 1889434 + 1897128 2 5 - 164602 + 164461 5 1165 - 96989 + 96906 @@ -20378,12 +20360,12 @@ 1 2 - 2150094 + 2157564 2 3 - 932 + 931 @@ -20399,17 +20381,17 @@ 1 2 - 1889434 + 1897128 2 5 - 164602 + 164461 5 1147 - 96989 + 96906 @@ -20425,32 +20407,32 @@ 236 237 - 466 + 465 - 1072 - 1073 - 466 + 1077 + 1078 + 465 1146 1147 - 466 + 465 1217 1218 - 466 + 465 - 2164 - 2165 - 466 + 2169 + 2170 + 465 - 3445 - 3446 - 466 + 3455 + 3456 + 465 @@ -20466,32 +20448,32 @@ 1 2 - 466 + 465 201 202 - 466 + 465 606 607 - 466 + 465 - 755 - 756 - 466 + 760 + 761 + 465 - 1123 - 1124 - 466 + 1128 + 1129 + 465 - 1929 - 1930 - 466 + 1939 + 1940 + 465 @@ -20507,32 +20489,32 @@ 84 85 - 466 + 465 - 1072 - 1073 - 466 + 1077 + 1078 + 465 1146 1147 - 466 + 465 1217 1218 - 466 + 465 - 2119 - 2120 - 466 + 2124 + 2125 + 465 - 3445 - 3446 - 466 + 3455 + 3456 + 465 @@ -20548,22 +20530,22 @@ 1 2 - 1652555 + 1653464 2 3 - 561421 + 560938 3 4 - 351587 + 353615 4 72 - 105383 + 105292 @@ -20579,22 +20561,22 @@ 1 2 - 1663746 + 1664646 2 3 - 553960 + 553484 3 4 - 348789 + 350819 4 72 - 104450 + 104360 @@ -20610,22 +20592,22 @@ 1 2 - 1656752 + 1657657 2 3 - 565151 + 564665 3 4 - 350655 + 352683 4 6 - 98388 + 98304 @@ -20635,19 +20617,19 @@ pointerishsize - 3208121 + 3212352 id - 3208121 + 3212352 size - 466 + 465 alignment - 466 + 465 @@ -20661,7 +20643,7 @@ 1 2 - 3208121 + 3212352 @@ -20677,7 +20659,7 @@ 1 2 - 3208121 + 3212352 @@ -20691,9 +20673,9 @@ 12 - 6880 - 6881 - 466 + 6895 + 6896 + 465 @@ -20709,7 +20691,7 @@ 1 2 - 466 + 465 @@ -20723,9 +20705,9 @@ 12 - 6880 - 6881 - 466 + 6895 + 6896 + 465 @@ -20741,7 +20723,7 @@ 1 2 - 466 + 465 @@ -20751,23 +20733,23 @@ arraysizes - 88130 + 88054 id - 88130 + 88054 num_elements - 31708 + 31680 bytesize - 33107 + 33078 alignment - 1865 + 1863 @@ -20781,7 +20763,7 @@ 1 2 - 88130 + 88054 @@ -20797,7 +20779,7 @@ 1 2 - 88130 + 88054 @@ -20813,7 +20795,7 @@ 1 2 - 88130 + 88054 @@ -20829,27 +20811,27 @@ 1 2 - 1865 + 1863 2 3 - 23781 + 23760 3 5 - 2797 + 2795 5 13 - 2797 + 2795 13 14 - 466 + 465 @@ -20865,17 +20847,17 @@ 1 2 - 26578 + 26556 2 3 - 2331 + 2329 3 7 - 2797 + 2795 @@ -20891,17 +20873,17 @@ 1 2 - 26578 + 26556 2 3 - 2797 + 2795 3 5 - 2331 + 2329 @@ -20917,27 +20899,27 @@ 1 2 - 1865 + 1863 2 3 - 23781 + 23760 3 4 - 3264 + 3261 4 6 - 2331 + 2329 7 16 - 1865 + 1863 @@ -20953,17 +20935,17 @@ 1 2 - 27511 + 27487 2 3 - 3730 + 3727 3 5 - 1865 + 1863 @@ -20979,17 +20961,17 @@ 1 2 - 27511 + 27487 2 3 - 4662 + 4658 4 5 - 932 + 931 @@ -21005,22 +20987,22 @@ 5 6 - 466 + 465 16 17 - 466 + 465 31 32 - 466 + 465 137 138 - 466 + 465 @@ -21036,17 +21018,17 @@ 4 5 - 466 + 465 7 8 - 932 + 931 68 69 - 466 + 465 @@ -21062,22 +21044,22 @@ 4 5 - 466 + 465 7 8 - 466 + 465 8 9 - 466 + 465 68 69 - 466 + 465 @@ -21087,15 +21069,15 @@ typedefbase - 1722355 + 1680889 id - 1722355 + 1680889 type_id - 809095 + 791235 @@ -21109,7 +21091,7 @@ 1 2 - 1722355 + 1680889 @@ -21125,22 +21107,22 @@ 1 2 - 629309 + 615765 2 3 - 85028 + 82989 3 6 - 63310 + 61803 6 5437 - 31447 + 30676 @@ -21150,19 +21132,19 @@ decltypes - 172581 + 172404 id - 17343 + 17321 expr - 172581 + 172404 base_type - 10354 + 10341 parentheses_would_change_meaning @@ -21180,32 +21162,32 @@ 1 2 - 5305 + 5279 2 3 - 6434 + 6426 3 5 - 1128 + 1146 5 12 - 1346 + 1344 12 18 - 1405 + 1403 18 46 - 1306 + 1305 51 @@ -21226,7 +21208,7 @@ 1 2 - 17343 + 17321 @@ -21242,7 +21224,7 @@ 1 2 - 17343 + 17321 @@ -21258,7 +21240,7 @@ 1 2 - 172581 + 172404 @@ -21274,7 +21256,7 @@ 1 2 - 172581 + 172404 @@ -21290,7 +21272,7 @@ 1 2 - 172581 + 172404 @@ -21306,17 +21288,17 @@ 1 2 - 7523 + 7513 2 3 - 2355 + 2353 4 149 - 475 + 474 @@ -21332,37 +21314,37 @@ 1 2 - 752 + 751 2 3 - 6375 + 6367 3 4 - 356 + 355 4 5 - 1009 + 1008 5 7 - 791 + 790 7 - 31 - 791 + 32 + 830 - 31 + 32 3888 - 277 + 237 @@ -21378,7 +21360,7 @@ 1 2 - 10354 + 10341 @@ -21408,8 +21390,8 @@ 12 - 8717 - 8718 + 8719 + 8720 19 @@ -21436,19 +21418,19 @@ usertypes - 5225787 + 5224557 id - 5225787 + 5224557 name - 1348063 + 1349700 kind - 5129 + 5124 @@ -21462,7 +21444,7 @@ 1 2 - 5225787 + 5224557 @@ -21478,7 +21460,7 @@ 1 2 - 5225787 + 5224557 @@ -21494,27 +21476,27 @@ 1 2 - 979689 + 981642 2 3 - 153411 + 153279 3 7 - 104450 + 104360 7 - 59 - 101186 + 61 + 101565 - 60 + 65 874 - 9325 + 8852 @@ -21530,17 +21512,17 @@ 1 2 - 1207708 + 1209465 2 3 - 124967 + 124860 3 7 - 15387 + 15374 @@ -21556,57 +21538,57 @@ 6 7 - 466 + 465 10 11 - 466 + 465 26 27 - 466 + 465 124 125 - 466 + 465 135 136 - 466 + 465 663 664 - 466 + 465 853 854 - 466 + 465 959 960 - 466 + 465 - 1751 - 1752 - 466 + 1752 + 1753 + 465 - 1836 - 1837 - 466 + 1842 + 1843 + 465 4844 4845 - 466 + 465 @@ -21622,57 +21604,57 @@ 5 6 - 466 + 465 6 7 - 466 + 465 14 15 - 466 + 465 30 31 - 466 + 465 43 44 - 466 + 465 125 126 - 466 + 465 267 268 - 466 + 465 371 372 - 466 + 465 438 439 - 466 + 465 739 740 - 466 + 465 - 1194 - 1195 - 466 + 1200 + 1201 + 465 @@ -21682,19 +21664,19 @@ usertypesize - 1703381 + 1704247 id - 1703381 + 1704247 size - 13522 + 13510 alignment - 2331 + 2329 @@ -21708,7 +21690,7 @@ 1 2 - 1703381 + 1704247 @@ -21724,7 +21706,7 @@ 1 2 - 1703381 + 1704247 @@ -21740,47 +21722,47 @@ 1 2 - 3264 + 3261 2 3 - 4196 + 4193 3 4 - 466 + 465 4 5 - 932 + 931 6 8 - 932 + 931 9 15 - 932 + 931 37 84 - 932 + 931 92 163 - 932 + 931 740 - 2468 - 932 + 2473 + 931 @@ -21796,17 +21778,17 @@ 1 2 - 10258 + 10249 2 3 - 2797 + 2795 3 4 - 466 + 465 @@ -21822,27 +21804,27 @@ 2 3 - 466 + 465 6 7 - 466 + 465 184 185 - 466 + 465 254 255 - 466 + 465 - 3207 - 3208 - 466 + 3212 + 3213 + 465 @@ -21858,27 +21840,27 @@ 1 2 - 466 + 465 2 3 - 466 + 465 3 4 - 466 + 465 9 10 - 466 + 465 22 23 - 466 + 465 @@ -21888,26 +21870,26 @@ usertype_final - 9518 + 9503 id - 9518 + 9503 usertype_uuid - 36325 + 36295 id - 36325 + 36295 uuid - 35954 + 35924 @@ -21921,7 +21903,7 @@ 1 2 - 36325 + 36295 @@ -21937,7 +21919,7 @@ 1 2 - 35583 + 35553 2 @@ -21952,15 +21934,15 @@ mangled_name - 9465823 + 9467471 id - 9465823 + 9467471 mangled_name - 3945802 + 6441011 @@ -21974,7 +21956,7 @@ 1 2 - 9465823 + 9467471 @@ -21990,22 +21972,12 @@ 1 2 - 2852803 + 6160542 2 - 3 - 523184 - - - 3 - 6 - 333868 - - - 6 874 - 235946 + 280469 @@ -22015,59 +21987,59 @@ is_pod_class - 534147 + 533326 id - 534147 + 533326 is_standard_layout_class - 1251540 + 1252794 id - 1251540 + 1252794 is_complete - 1642763 + 1643680 id - 1642763 + 1643680 is_class_template - 397751 + 397409 id - 397751 + 397409 class_instantiation - 1092146 + 1087867 to - 1090913 + 1087867 from - 70261 + 168188 @@ -22081,12 +22053,7 @@ 1 2 - 1089772 - - - 2 - 4 - 1141 + 1087867 @@ -22102,47 +22069,47 @@ 1 2 - 20819 + 59634 2 3 - 12772 + 29351 3 4 - 7089 + 15840 4 5 - 4887 + 13045 5 - 7 - 5717 + 6 + 9783 - 7 + 6 10 - 5175 + 12579 10 - 17 - 5475 + 16 + 13045 - 17 - 66 - 5279 + 16 + 70 + 13510 - 66 - 3994 - 3043 + 70 + 84 + 1397 @@ -22152,19 +22119,19 @@ class_template_argument - 2918643 + 2872960 type_id - 1329594 + 1311214 index - 1291 + 1259 arg_type - 856554 + 837284 @@ -22178,27 +22145,27 @@ 1 2 - 544154 + 539241 2 3 - 404541 + 398013 3 4 - 235649 + 230538 4 7 - 121144 + 119907 7 113 - 24104 + 23513 @@ -22214,22 +22181,22 @@ 1 2 - 569849 + 565791 2 3 - 416311 + 409213 3 4 - 248837 + 243931 4 113 - 94596 + 92278 @@ -22250,32 +22217,32 @@ 2 3 - 818 + 798 3 26 - 103 + 101 29 64 - 103 + 101 69 411 - 103 + 101 592 - 8747 - 103 + 8901 + 101 - 12910 - 113009 - 46 + 13095 + 114270 + 44 @@ -22296,32 +22263,32 @@ 2 3 - 818 + 798 3 14 - 115 + 112 14 26 - 103 + 101 28 145 - 103 + 101 195 - 3442 - 103 + 3469 + 101 - 10455 - 39607 - 34 + 10524 + 39739 + 33 @@ -22337,27 +22304,27 @@ 1 2 - 533444 + 521260 2 3 - 179094 + 173761 3 4 - 51759 + 51131 4 10 - 64336 + 63827 10 - 10167 - 27920 + 10265 + 27303 @@ -22373,17 +22340,17 @@ 1 2 - 755733 + 738000 2 3 - 82572 + 81021 3 22 - 18248 + 18262 @@ -22393,19 +22360,19 @@ class_template_argument_value - 494274 + 494315 type_id - 304025 + 304230 index - 1865 + 1863 arg_value - 494274 + 494315 @@ -22419,17 +22386,17 @@ 1 2 - 249002 + 249254 2 3 - 53157 + 53112 3 4 - 1865 + 1863 @@ -22445,22 +22412,22 @@ 1 2 - 188850 + 189153 2 3 - 81135 + 81065 3 4 - 12123 + 12113 4 9 - 21915 + 21897 @@ -22476,22 +22443,22 @@ 18 19 - 466 + 465 92 93 - 466 + 465 - 292 - 293 - 466 + 293 + 294 + 465 372 373 - 466 + 465 @@ -22507,22 +22474,22 @@ 19 20 - 466 + 465 124 125 - 466 + 465 - 408 - 409 - 466 + 409 + 410 + 465 509 510 - 466 + 465 @@ -22538,7 +22505,7 @@ 1 2 - 494274 + 494315 @@ -22554,7 +22521,7 @@ 1 2 - 494274 + 494315 @@ -22564,15 +22531,15 @@ is_proxy_class_for - 62950 + 62895 id - 62950 + 62895 templ_param_id - 62950 + 62895 @@ -22586,7 +22553,7 @@ 1 2 - 62950 + 62895 @@ -22602,7 +22569,7 @@ 1 2 - 62950 + 62895 @@ -22612,19 +22579,19 @@ type_mentions - 4022590 + 4023013 id - 4022590 + 4023013 type_id - 197880 + 197901 location - 3989125 + 3989544 kind @@ -22642,7 +22609,7 @@ 1 2 - 4022590 + 4023013 @@ -22658,7 +22625,7 @@ 1 2 - 4022590 + 4023013 @@ -22674,7 +22641,7 @@ 1 2 - 4022590 + 4023013 @@ -22690,42 +22657,42 @@ 1 2 - 97444 + 97454 2 3 - 21698 + 21700 3 4 - 8216 + 8217 4 5 - 10769 + 10770 5 7 - 14359 + 14360 7 12 - 15835 + 15836 12 27 - 15157 + 15158 27 8555 - 14399 + 14400 @@ -22741,42 +22708,42 @@ 1 2 - 97444 + 97454 2 3 - 21698 + 21700 3 4 - 8216 + 8217 4 5 - 10769 + 10770 5 7 - 14359 + 14360 7 12 - 15835 + 15836 12 27 - 15157 + 15158 27 8555 - 14399 + 14400 @@ -22792,7 +22759,7 @@ 1 2 - 197880 + 197901 @@ -22808,12 +22775,12 @@ 1 2 - 3955660 + 3956075 2 3 - 33465 + 33468 @@ -22829,12 +22796,12 @@ 1 2 - 3955660 + 3956075 2 3 - 33465 + 33468 @@ -22850,7 +22817,7 @@ 1 2 - 3989125 + 3989544 @@ -22908,26 +22875,26 @@ is_function_template - 1401221 + 1400017 id - 1401221 + 1400017 function_instantiation - 907042 + 905131 to - 907042 + 905131 from - 146181 + 145932 @@ -22941,7 +22908,7 @@ 1 2 - 907042 + 905131 @@ -22957,27 +22924,27 @@ 1 2 - 101335 + 101184 2 3 - 14431 + 14399 3 6 - 12031 + 12005 6 21 - 12067 + 12040 22 869 - 6315 + 6302 @@ -22987,19 +22954,19 @@ function_template_argument - 2342320 + 2337835 function_id - 1338140 + 1335498 index - 564 + 563 arg_type - 304993 + 304397 @@ -23013,22 +22980,22 @@ 1 2 - 682954 + 681532 2 3 - 395391 + 394597 3 4 - 189015 + 188743 4 15 - 70779 + 70624 @@ -23044,22 +23011,22 @@ 1 2 - 700596 + 699136 2 3 - 405305 + 404490 3 4 - 168833 + 168605 4 9 - 63405 + 63266 @@ -23113,18 +23080,18 @@ 35 - 8736 - 8737 + 8740 + 8741 35 - 17929 - 17930 + 17935 + 17936 35 - 34964 - 34965 + 34972 + 34973 35 @@ -23189,8 +23156,8 @@ 35 - 5835 - 5836 + 5837 + 5838 35 @@ -23207,32 +23174,32 @@ 1 2 - 187004 + 186455 2 3 - 44669 + 44571 3 5 - 23287 + 23447 5 16 - 23534 + 23482 16 107 - 23040 + 22990 108 - 955 - 3457 + 957 + 3450 @@ -23248,17 +23215,17 @@ 1 2 - 274826 + 274296 2 4 - 26039 + 25982 4 17 - 4128 + 4119 @@ -23268,19 +23235,19 @@ function_template_argument_value - 363529 + 362735 function_id - 195155 + 194728 index - 564 + 563 arg_value - 360883 + 360094 @@ -23294,12 +23261,12 @@ 1 2 - 185769 + 185363 2 8 - 9385 + 9365 @@ -23315,17 +23282,17 @@ 1 2 - 178324 + 177935 2 31 - 15313 + 15279 32 97 - 1517 + 1513 @@ -23463,12 +23430,12 @@ 1 2 - 358237 + 357454 2 3 - 2646 + 2640 @@ -23484,7 +23451,7 @@ 1 2 - 360883 + 360094 @@ -23494,26 +23461,26 @@ is_variable_template - 47278 + 47204 id - 47278 + 47204 variable_instantiation - 168091 + 172631 to - 168091 + 172631 from - 25731 + 25900 @@ -23527,7 +23494,7 @@ 1 2 - 168091 + 172631 @@ -23543,37 +23510,42 @@ 1 2 - 14016 + 13889 2 3 - 2719 + 2610 3 4 - 1359 + 1253 4 - 7 - 1987 + 6 + 1879 - 7 - 10 - 2196 + 6 + 8 + 1357 - 10 - 22 - 1987 + 8 + 12 + 2193 - 26 + 12 + 38 + 1984 + + + 46 277 - 1464 + 731 @@ -23583,19 +23555,19 @@ variable_template_argument - 295493 + 310904 variable_id - 159723 + 163441 index - 1778 + 1775 arg_type - 165476 + 171274 @@ -23609,22 +23581,22 @@ 1 2 - 81901 + 83652 2 3 - 49580 + 50860 3 4 - 18827 + 18798 4 17 - 9413 + 10130 @@ -23640,22 +23612,22 @@ 1 2 - 85562 + 88352 2 3 - 51881 + 52113 3 4 - 13702 + 13681 4 17 - 8577 + 9294 @@ -23669,48 +23641,48 @@ 12 - 6 - 7 + 9 + 10 104 - - 12 - 13 - 627 - 19 20 - 418 + 626 - 40 - 41 + 26 + 27 + 417 + + + 47 + 48 104 - 86 - 87 + 93 + 94 104 - 178 - 179 + 185 + 186 104 - 540 - 541 + 547 + 548 104 - 609 - 610 + 626 + 627 104 - 1218 - 1219 + 1252 + 1253 104 @@ -23730,43 +23702,48 @@ 104 - 7 - 8 - 627 + 10 + 11 + 417 - 9 - 10 - 418 + 11 + 12 + 208 - 26 - 27 + 12 + 13 + 417 + + + 29 + 30 104 - 45 - 46 + 48 + 49 104 - 127 - 128 + 130 + 131 104 - 372 - 373 + 375 + 376 104 - 388 - 389 + 402 + 403 104 - 729 - 730 + 742 + 743 104 @@ -23783,22 +23760,22 @@ 1 2 - 133364 + 137750 2 3 - 18095 + 19529 3 - 15 - 12447 + 23 + 12845 - 17 - 109 - 1568 + 23 + 110 + 1148 @@ -23814,17 +23791,17 @@ 1 2 - 149577 + 154251 2 3 - 13807 + 14934 3 6 - 2091 + 2088 @@ -23834,19 +23811,19 @@ variable_template_argument_value - 11819 + 11905 variable_id - 7740 + 7832 index - 418 + 417 arg_value - 11819 + 11905 @@ -23860,12 +23837,12 @@ 1 2 - 7321 + 7414 2 3 - 418 + 417 @@ -23881,12 +23858,12 @@ 1 2 - 4288 + 4386 2 3 - 3137 + 3133 4 @@ -23910,8 +23887,8 @@ 104 - 18 - 19 + 19 + 20 104 @@ -23941,8 +23918,8 @@ 104 - 27 - 28 + 28 + 29 104 @@ -23969,7 +23946,7 @@ 1 2 - 11819 + 11905 @@ -23985,7 +23962,7 @@ 1 2 - 11819 + 11905 @@ -23995,15 +23972,15 @@ routinetypes - 547147 + 545951 id - 547147 + 545951 return_type - 285764 + 285139 @@ -24017,7 +23994,7 @@ 1 2 - 547147 + 545951 @@ -24033,17 +24010,17 @@ 1 2 - 248998 + 248454 2 3 - 21346 + 21300 3 3594 - 15419 + 15385 @@ -24053,19 +24030,19 @@ routinetypeargs - 982953 + 982108 routine - 423397 + 423033 index - 7927 + 7920 type_id - 226620 + 226425 @@ -24079,27 +24056,27 @@ 1 2 - 152479 + 152347 2 3 - 134293 + 134178 3 4 - 63416 + 63361 4 5 - 45697 + 45657 5 18 - 27511 + 27487 @@ -24115,27 +24092,27 @@ 1 2 - 182322 + 182165 2 3 - 133827 + 133712 3 4 - 58753 + 58702 4 5 - 33573 + 33544 5 11 - 14921 + 14908 @@ -24151,67 +24128,67 @@ 2 3 - 932 + 931 4 5 - 466 + 465 6 7 - 466 + 465 8 9 - 932 + 931 9 10 - 466 + 465 10 11 - 1398 + 1397 13 14 - 466 + 465 28 29 - 466 + 465 59 60 - 466 + 465 157 158 - 466 + 465 293 294 - 466 + 465 581 582 - 466 + 465 908 909 - 466 + 465 @@ -24227,57 +24204,57 @@ 1 2 - 932 + 931 3 4 - 932 + 931 4 5 - 1398 + 1397 5 6 - 932 + 931 6 7 - 932 + 931 10 11 - 466 + 465 14 15 - 466 + 465 47 48 - 466 + 465 90 91 - 466 + 465 176 177 - 466 + 465 347 348 - 466 + 465 @@ -24293,27 +24270,27 @@ 1 2 - 146417 + 146291 2 3 - 30775 + 30749 3 5 - 16786 + 16772 5 12 - 18185 + 18169 12 111 - 14455 + 14442 @@ -24329,22 +24306,22 @@ 1 2 - 172529 + 172381 2 3 - 30775 + 30749 3 6 - 18651 + 18635 6 14 - 4662 + 4658 @@ -24354,19 +24331,19 @@ ptrtomembers - 37770 + 37737 id - 37770 + 37737 type_id - 37770 + 37737 class_id - 15387 + 15374 @@ -24380,7 +24357,7 @@ 1 2 - 37770 + 37737 @@ -24396,7 +24373,7 @@ 1 2 - 37770 + 37737 @@ -24412,7 +24389,7 @@ 1 2 - 37770 + 37737 @@ -24428,7 +24405,7 @@ 1 2 - 37770 + 37737 @@ -24444,17 +24421,17 @@ 1 2 - 13522 + 13510 8 9 - 1398 + 1397 28 29 - 466 + 465 @@ -24470,17 +24447,17 @@ 1 2 - 13522 + 13510 8 9 - 1398 + 1397 28 29 - 466 + 465 @@ -24490,15 +24467,15 @@ specifiers - 24713 + 24692 id - 24713 + 24692 str - 24713 + 24692 @@ -24512,7 +24489,7 @@ 1 2 - 24713 + 24692 @@ -24528,7 +24505,7 @@ 1 2 - 24713 + 24692 @@ -24538,15 +24515,15 @@ typespecifiers - 1289776 + 1290997 type_id - 1271591 + 1272827 spec_id - 3730 + 3727 @@ -24560,12 +24537,12 @@ 1 2 - 1253405 + 1254657 2 3 - 18185 + 18169 @@ -24581,42 +24558,42 @@ 8 9 - 466 + 465 36 37 - 466 + 465 51 52 - 466 + 465 86 87 - 466 + 465 105 106 - 466 + 465 219 220 - 466 + 465 221 222 - 466 + 465 - 2040 - 2041 - 466 + 2045 + 2046 + 465 @@ -24626,15 +24603,15 @@ funspecifiers - 12434284 + 12754043 func_id - 3820714 + 3899573 spec_id - 705 + 704 @@ -24648,27 +24625,27 @@ 1 2 - 315085 + 314396 2 3 - 545982 + 546479 3 4 - 1151030 + 1147036 4 5 - 1559335 + 1642924 5 8 - 249280 + 248735 @@ -24692,8 +24669,8 @@ 35 - 200 - 201 + 202 + 203 35 @@ -24732,8 +24709,8 @@ 35 - 3915 - 3916 + 3923 + 3924 35 @@ -24752,28 +24729,28 @@ 35 - 12218 - 12219 + 12226 + 12227 35 - 48228 - 48229 + 50649 + 50650 35 - 75287 - 75288 + 77764 + 77765 35 - 86790 - 86791 + 89259 + 89260 35 - 95133 - 95134 + 97602 + 97603 35 @@ -24784,15 +24761,15 @@ varspecifiers - 2243353 + 2241425 var_id - 1223562 + 1222510 spec_id - 3730 + 3727 @@ -24806,22 +24783,22 @@ 1 2 - 729288 + 728661 2 3 - 202372 + 202198 3 4 - 58287 + 58236 4 5 - 233614 + 233413 @@ -24837,42 +24814,42 @@ 112 113 - 466 + 465 315 316 - 466 + 465 416 417 - 466 + 465 514 515 - 466 + 465 646 647 - 466 + 465 686 687 - 466 + 465 700 701 - 466 + 465 1422 1423 - 466 + 465 @@ -24882,11 +24859,11 @@ attributes - 736276 + 735121 id - 736276 + 735121 kind @@ -24894,15 +24871,15 @@ name - 1673 + 1670 name_space - 209 + 208 location - 483459 + 482701 @@ -24916,7 +24893,7 @@ 1 2 - 736276 + 735121 @@ -24932,7 +24909,7 @@ 1 2 - 736276 + 735121 @@ -24948,7 +24925,7 @@ 1 2 - 736276 + 735121 @@ -24964,7 +24941,7 @@ 1 2 - 736276 + 735121 @@ -25032,7 +25009,7 @@ 1 2 - 209 + 208 2 @@ -25079,7 +25056,7 @@ 1 2 - 209 + 208 2 @@ -25094,7 +25071,7 @@ 5 6 - 209 + 208 11 @@ -25160,12 +25137,12 @@ 1 2 - 1464 + 1462 2 3 - 209 + 208 @@ -25181,7 +25158,7 @@ 1 2 - 1673 + 1670 @@ -25202,7 +25179,7 @@ 2 3 - 209 + 208 4 @@ -25357,17 +25334,17 @@ 1 2 - 425824 + 425157 2 3 - 36923 + 36865 3 201 - 20710 + 20678 @@ -25383,7 +25360,7 @@ 1 2 - 483459 + 482701 @@ -25399,12 +25376,12 @@ 1 2 - 479170 + 478419 2 3 - 4288 + 4281 @@ -25420,7 +25397,7 @@ 1 2 - 483459 + 482701 @@ -25430,27 +25407,27 @@ attribute_args - 409874 + 409522 id - 409874 + 409522 kind - 1398 + 1397 attribute - 297963 + 297707 index - 1398 + 1397 location - 327340 + 327058 @@ -25464,7 +25441,7 @@ 1 2 - 409874 + 409522 @@ -25480,7 +25457,7 @@ 1 2 - 409874 + 409522 @@ -25496,7 +25473,7 @@ 1 2 - 409874 + 409522 @@ -25512,7 +25489,7 @@ 1 2 - 409874 + 409522 @@ -25528,17 +25505,17 @@ 1 2 - 466 + 465 84 85 - 466 + 465 794 795 - 466 + 465 @@ -25554,17 +25531,17 @@ 1 2 - 466 + 465 84 85 - 466 + 465 606 607 - 466 + 465 @@ -25580,12 +25557,12 @@ 1 2 - 932 + 931 3 4 - 466 + 465 @@ -25601,17 +25578,17 @@ 1 2 - 466 + 465 54 55 - 466 + 465 674 675 - 466 + 465 @@ -25627,17 +25604,17 @@ 1 2 - 215895 + 215709 2 3 - 52225 + 52180 3 4 - 29842 + 29817 @@ -25653,12 +25630,12 @@ 1 2 - 273716 + 273480 2 3 - 24247 + 24226 @@ -25674,17 +25651,17 @@ 1 2 - 215895 + 215709 2 3 - 52225 + 52180 3 4 - 29842 + 29817 @@ -25700,17 +25677,17 @@ 1 2 - 215895 + 215709 2 3 - 52225 + 52180 3 4 - 29842 + 29817 @@ -25726,17 +25703,17 @@ 64 65 - 466 + 465 176 177 - 466 + 465 639 640 - 466 + 465 @@ -25752,12 +25729,12 @@ 1 2 - 932 + 931 3 4 - 466 + 465 @@ -25773,17 +25750,17 @@ 64 65 - 466 + 465 176 177 - 466 + 465 639 640 - 466 + 465 @@ -25799,17 +25776,17 @@ 34 35 - 466 + 465 140 141 - 466 + 465 528 529 - 466 + 465 @@ -25825,22 +25802,22 @@ 1 2 - 278845 + 278605 2 3 - 23314 + 23294 3 9 - 24713 + 24692 17 18 - 466 + 465 @@ -25856,12 +25833,12 @@ 1 2 - 314750 + 314479 2 3 - 12590 + 12579 @@ -25877,22 +25854,22 @@ 1 2 - 278845 + 278605 2 3 - 23314 + 23294 3 9 - 24713 + 24692 17 18 - 466 + 465 @@ -25908,7 +25885,7 @@ 1 2 - 327340 + 327058 @@ -25918,15 +25895,15 @@ attribute_arg_value - 39168 + 39135 arg - 39168 + 39135 value - 15854 + 15840 @@ -25940,7 +25917,7 @@ 1 2 - 39168 + 39135 @@ -25956,12 +25933,12 @@ 1 2 - 14455 + 14442 2 34 - 1398 + 1397 @@ -25971,15 +25948,15 @@ attribute_arg_type - 466 + 465 arg - 466 + 465 type_id - 466 + 465 @@ -25993,7 +25970,7 @@ 1 2 - 466 + 465 @@ -26009,7 +25986,7 @@ 1 2 - 466 + 465 @@ -26019,15 +25996,15 @@ attribute_arg_constant - 370239 + 369921 arg - 370239 + 369921 constant - 370239 + 369921 @@ -26041,7 +26018,7 @@ 1 2 - 370239 + 369921 @@ -26057,7 +26034,7 @@ 1 2 - 370239 + 369921 @@ -26120,15 +26097,15 @@ typeattributes - 84934 + 84801 type_id - 62027 + 61930 spec_id - 84934 + 84801 @@ -26142,17 +26119,17 @@ 1 2 - 56065 + 55977 2 4 - 4288 + 4281 12 13 - 1673 + 1670 @@ -26168,7 +26145,7 @@ 1 2 - 84934 + 84801 @@ -26178,15 +26155,15 @@ funcattributes - 651416 + 650856 func_id - 442981 + 442601 spec_id - 651416 + 650856 @@ -26200,22 +26177,22 @@ 1 2 - 334334 + 334047 2 3 - 65281 + 65225 3 6 - 34972 + 34942 6 9 - 8393 + 8386 @@ -26231,7 +26208,7 @@ 1 2 - 651416 + 650856 @@ -26299,15 +26276,15 @@ stmtattributes - 1002 + 978 stmt_id - 1002 + 978 spec_id - 1002 + 978 @@ -26321,7 +26298,7 @@ 1 2 - 1002 + 978 @@ -26337,7 +26314,7 @@ 1 2 - 1002 + 978 @@ -26347,15 +26324,15 @@ unspecifiedtype - 10137290 + 10144884 type_id - 10137290 + 10144884 unspecified_type_id - 6813061 + 6818387 @@ -26369,7 +26346,7 @@ 1 2 - 10137290 + 10144884 @@ -26385,17 +26362,17 @@ 1 2 - 4582764 + 4585348 2 3 - 1993418 + 1995898 3 145 - 236878 + 237141 @@ -26405,19 +26382,19 @@ member - 4925876 + 5003059 parent - 618808 + 646818 index - 8820 + 8801 child - 4880571 + 4957854 @@ -26431,42 +26408,42 @@ 1 3 - 18912 + 19293 3 4 - 320342 + 348441 4 5 - 38283 + 38269 5 7 - 53137 + 53091 7 10 - 52925 + 52810 10 15 - 50314 + 50204 15 24 - 49609 + 49500 24 251 - 35283 + 35206 @@ -26482,42 +26459,42 @@ 1 3 - 18912 + 19293 3 4 - 320271 + 348371 4 5 - 38318 + 38304 5 7 - 53243 + 53197 7 10 - 53278 + 53162 10 15 - 49926 + 49817 15 24 - 49679 + 49571 24 255 - 35178 + 35101 @@ -26533,62 +26510,62 @@ 1 2 - 1411 + 1408 2 3 - 811 + 809 3 4 - 952 + 950 5 22 - 670 + 668 22 42 - 670 + 668 42 56 - 670 + 668 56 100 - 670 + 668 104 164 - 670 + 668 181 299 - 670 + 668 300 727 - 670 + 668 845 4002 - 670 + 668 4606 - 17207 - 282 + 18041 + 281 @@ -26604,62 +26581,62 @@ 1 2 - 811 + 809 2 3 - 882 + 880 3 4 - 1164 + 1161 4 15 - 670 + 668 16 35 - 740 + 739 36 55 - 670 + 668 57 93 - 740 + 739 97 135 - 670 + 668 140 256 - 670 + 668 268 612 - 670 + 668 619 2611 - 670 + 668 2770 - 17219 - 458 + 18053 + 457 @@ -26675,7 +26652,7 @@ 1 2 - 4880571 + 4957854 @@ -26691,12 +26668,12 @@ 1 2 - 4836643 + 4914021 2 8 - 43928 + 43832 @@ -26706,15 +26683,15 @@ enclosingfunction - 121352 + 118457 child - 121352 + 118457 parent - 69281 + 67662 @@ -26728,7 +26705,7 @@ 1 2 - 121352 + 118457 @@ -26744,22 +26721,22 @@ 1 2 - 36577 + 35759 2 3 - 21522 + 20994 3 4 - 6086 + 5937 4 45 - 5095 + 4970 @@ -26769,15 +26746,15 @@ derivations - 368257 + 395653 derivation - 368257 + 395653 sub - 347722 + 375163 index @@ -26785,11 +26762,11 @@ super - 203870 + 204903 location - 38212 + 38128 @@ -26803,7 +26780,7 @@ 1 2 - 368257 + 395653 @@ -26819,7 +26796,7 @@ 1 2 - 368257 + 395653 @@ -26835,7 +26812,7 @@ 1 2 - 368257 + 395653 @@ -26851,7 +26828,7 @@ 1 2 - 368257 + 395653 @@ -26867,12 +26844,12 @@ 1 2 - 332550 + 360024 2 7 - 15172 + 15138 @@ -26888,12 +26865,12 @@ 1 2 - 332550 + 360024 2 7 - 15172 + 15138 @@ -26909,12 +26886,12 @@ 1 2 - 332550 + 360024 2 7 - 15172 + 15138 @@ -26930,12 +26907,12 @@ 1 2 - 332550 + 360024 2 7 - 15172 + 15138 @@ -26964,8 +26941,8 @@ 35 - 9855 - 9856 + 10656 + 10657 35 @@ -26995,8 +26972,8 @@ 35 - 9855 - 9856 + 10656 + 10657 35 @@ -27031,8 +27008,8 @@ 35 - 5423 - 5424 + 5465 + 5466 35 @@ -27080,12 +27057,12 @@ 1 2 - 196531 + 197439 2 - 1216 - 7339 + 1518 + 7463 @@ -27101,12 +27078,12 @@ 1 2 - 196531 + 197439 2 - 1216 - 7339 + 1518 + 7463 @@ -27122,12 +27099,12 @@ 1 2 - 203411 + 204445 2 4 - 458 + 457 @@ -27143,12 +27120,12 @@ 1 2 - 200271 + 201206 2 108 - 3598 + 3696 @@ -27164,27 +27141,27 @@ 1 2 - 28826 + 28341 2 5 - 3140 + 3239 5 - 16 - 2928 + 15 + 2922 - 17 - 178 - 2928 + 15 + 134 + 2886 - 192 - 474 - 388 + 136 + 476 + 739 @@ -27200,27 +27177,27 @@ 1 2 - 28826 + 28341 2 5 - 3140 + 3239 5 - 16 - 2928 + 15 + 2922 - 17 - 178 - 2928 + 15 + 134 + 2886 - 192 - 474 - 388 + 136 + 476 + 739 @@ -27236,7 +27213,7 @@ 1 2 - 38212 + 38128 @@ -27252,22 +27229,22 @@ 1 2 - 31120 + 30735 2 5 - 3210 + 3379 5 - 63 - 2893 + 45 + 2886 - 63 + 54 415 - 987 + 1126 @@ -27277,15 +27254,15 @@ derspecifiers - 370163 + 397554 der_id - 367869 + 395266 spec_id - 141 + 140 @@ -27299,12 +27276,12 @@ 1 2 - 365576 + 392978 2 3 - 2293 + 2288 @@ -27333,8 +27310,8 @@ 35 - 9206 - 9207 + 10007 + 10008 35 @@ -27345,11 +27322,11 @@ direct_base_offsets - 338936 + 366396 der_id - 338936 + 366396 offset @@ -27367,7 +27344,7 @@ 1 2 - 338936 + 366396 @@ -27406,8 +27383,8 @@ 35 - 9500 - 9501 + 10301 + 10302 35 @@ -27418,19 +27395,19 @@ virtual_base_offsets - 6639 + 6477 sub - 3665 + 3575 super - 507 + 494 offset - 253 + 247 @@ -27444,22 +27421,22 @@ 1 2 - 2881 + 2811 2 4 - 322 + 314 4 7 - 265 + 258 7 11 - 195 + 191 @@ -27475,17 +27452,17 @@ 1 2 - 3089 + 3013 2 4 - 311 + 303 4 8 - 265 + 258 @@ -27501,47 +27478,47 @@ 1 2 - 80 + 78 2 3 - 46 + 44 3 4 - 57 + 56 4 5 - 92 + 89 5 7 - 34 + 33 8 13 - 46 + 44 13 15 - 46 + 44 15 23 - 46 + 44 24 60 - 46 + 44 194 @@ -27562,27 +27539,27 @@ 1 2 - 288 + 281 2 3 - 80 + 78 4 6 - 34 + 33 6 8 - 46 + 44 8 10 - 46 + 44 14 @@ -27603,7 +27580,7 @@ 2 3 - 34 + 33 4 @@ -27613,22 +27590,22 @@ 5 6 - 23 + 22 6 8 - 23 + 22 8 9 - 34 + 33 10 12 - 23 + 22 14 @@ -27638,22 +27615,22 @@ 18 19 - 23 + 22 26 29 - 23 + 22 30 37 - 23 + 22 96 98 - 23 + 22 @@ -27669,37 +27646,37 @@ 1 2 - 80 + 78 2 3 - 34 + 33 3 4 - 46 + 44 5 7 - 23 + 22 7 10 - 23 + 22 12 14 - 23 + 22 21 29 - 23 + 22 @@ -27709,23 +27686,23 @@ frienddecls - 716121 + 714556 id - 716121 + 714556 type_id - 42446 + 42353 decl_id - 70285 + 70131 location - 6351 + 6337 @@ -27739,7 +27716,7 @@ 1 2 - 716121 + 714556 @@ -27755,7 +27732,7 @@ 1 2 - 716121 + 714556 @@ -27771,7 +27748,7 @@ 1 2 - 716121 + 714556 @@ -27787,47 +27764,47 @@ 1 2 - 6209 + 6196 2 3 - 13231 + 13202 3 6 - 2963 + 2957 6 10 - 3210 + 3203 10 17 - 3281 + 3274 17 24 - 3351 + 3344 25 36 - 3316 + 3309 37 55 - 3246 + 3239 55 103 - 3634 + 3626 @@ -27843,47 +27820,47 @@ 1 2 - 6209 + 6196 2 3 - 13231 + 13202 3 6 - 2963 + 2957 6 10 - 3210 + 3203 10 17 - 3281 + 3274 17 24 - 3351 + 3344 25 36 - 3316 + 3309 37 55 - 3246 + 3239 55 103 - 3634 + 3626 @@ -27899,12 +27876,12 @@ 1 2 - 40999 + 40910 2 13 - 1446 + 1443 @@ -27920,37 +27897,37 @@ 1 2 - 40541 + 40452 2 3 - 5892 + 5879 3 8 - 6033 + 6020 8 15 - 5433 + 5421 15 32 - 5292 + 5281 32 71 - 5292 + 5281 72 160 - 1799 + 1795 @@ -27966,37 +27943,37 @@ 1 2 - 40541 + 40452 2 3 - 5892 + 5879 3 8 - 6033 + 6020 8 15 - 5433 + 5421 15 32 - 5292 + 5281 32 71 - 5292 + 5281 72 160 - 1799 + 1795 @@ -28012,12 +27989,12 @@ 1 2 - 69615 + 69462 2 5 - 670 + 668 @@ -28033,12 +28010,12 @@ 1 2 - 5962 + 5949 2 20106 - 388 + 387 @@ -28054,12 +28031,12 @@ 1 2 - 6209 + 6196 2 1105 - 141 + 140 @@ -28075,7 +28052,7 @@ 1 2 - 5998 + 5985 2 @@ -28090,19 +28067,19 @@ comments - 8774227 + 8760472 id - 8774227 + 8760472 contents - 3340281 + 3335045 location - 8774227 + 8760472 @@ -28116,7 +28093,7 @@ 1 2 - 8774227 + 8760472 @@ -28132,7 +28109,7 @@ 1 2 - 8774227 + 8760472 @@ -28148,17 +28125,17 @@ 1 2 - 3055770 + 3050980 2 7 - 250934 + 250540 7 32784 - 33576 + 33523 @@ -28174,17 +28151,17 @@ 1 2 - 3055770 + 3050980 2 7 - 250934 + 250540 7 32784 - 33576 + 33523 @@ -28200,7 +28177,7 @@ 1 2 - 8774227 + 8760472 @@ -28216,7 +28193,7 @@ 1 2 - 8774227 + 8760472 @@ -28226,15 +28203,15 @@ commentbinding - 3089682 + 3084697 id - 2444793 + 2440363 element - 3013209 + 3008290 @@ -28248,12 +28225,12 @@ 1 2 - 2367854 + 2363490 2 97 - 76938 + 76872 @@ -28269,12 +28246,12 @@ 1 2 - 2936736 + 2931883 2 3 - 76472 + 76406 @@ -28284,15 +28261,15 @@ exprconv - 7022151 + 7022888 converted - 7022151 + 7022888 conversion - 7022151 + 7022888 @@ -28306,7 +28283,7 @@ 1 2 - 7022151 + 7022888 @@ -28322,7 +28299,7 @@ 1 2 - 7022151 + 7022888 @@ -28332,22 +28309,22 @@ compgenerated - 8328406 + 8403048 id - 8328406 + 8403048 synthetic_destructor_call - 144289 + 144109 element - 111741 + 111601 i @@ -28355,7 +28332,7 @@ destructor_call - 129064 + 128903 @@ -28369,17 +28346,17 @@ 1 2 - 92041 + 91926 2 3 - 12987 + 12971 3 18 - 6711 + 6703 @@ -28395,17 +28372,17 @@ 1 2 - 92041 + 91926 2 3 - 12987 + 12971 3 18 - 6711 + 6703 @@ -28573,12 +28550,12 @@ 1 2 - 127025 + 126866 2 26 - 2039 + 2036 @@ -28594,7 +28571,7 @@ 1 2 - 129064 + 128903 @@ -28604,15 +28581,15 @@ namespaces - 12123 + 12113 id - 12123 + 12113 name - 9792 + 9783 @@ -28626,7 +28603,7 @@ 1 2 - 12123 + 12113 @@ -28642,17 +28619,17 @@ 1 2 - 8393 + 8386 2 3 - 466 + 465 3 4 - 932 + 931 @@ -28662,26 +28639,26 @@ namespace_inline - 1398 + 1397 id - 1398 + 1397 namespacembrs - 2382776 + 2383523 parentid - 10258 + 10249 memberid - 2382776 + 2383523 @@ -28695,52 +28672,52 @@ 1 2 - 1865 + 1863 2 4 - 932 + 931 4 5 - 932 + 931 5 7 - 932 + 931 7 8 - 932 + 931 8 12 - 932 + 931 17 30 - 932 + 931 43 47 - 932 + 931 52 143 - 932 + 931 - 255 - 4466 - 932 + 258 + 4469 + 931 @@ -28756,7 +28733,7 @@ 1 2 - 2382776 + 2383523 @@ -28766,19 +28743,19 @@ exprparents - 14183439 + 14184927 expr_id - 14183439 + 14184927 child_index - 14634 + 14636 parent_id - 9438333 + 9439323 @@ -28792,7 +28769,7 @@ 1 2 - 14183439 + 14184927 @@ -28808,7 +28785,7 @@ 1 2 - 14183439 + 14184927 @@ -28824,12 +28801,12 @@ 1 2 - 2815 + 2816 2 3 - 1109 + 1110 3 @@ -28839,7 +28816,7 @@ 4 5 - 6556 + 6557 5 @@ -28854,12 +28831,12 @@ 11 53 - 1109 + 1110 56 354077 - 369 + 370 @@ -28875,12 +28852,12 @@ 1 2 - 2815 + 2816 2 3 - 1109 + 1110 3 @@ -28890,7 +28867,7 @@ 4 5 - 6556 + 6557 5 @@ -28905,12 +28882,12 @@ 11 53 - 1109 + 1110 56 354077 - 369 + 370 @@ -28926,17 +28903,17 @@ 1 2 - 5400574 + 5401140 2 3 - 3700570 + 3700958 3 712 - 337189 + 337224 @@ -28952,17 +28929,17 @@ 1 2 - 5400574 + 5401140 2 3 - 3700570 + 3700958 3 712 - 337189 + 337224 @@ -28972,22 +28949,22 @@ expr_isload - 4981370 + 5206008 expr_id - 4981370 + 5206008 conversionkinds - 4220723 + 4221347 expr_id - 4220723 + 4221347 kind @@ -29005,7 +28982,7 @@ 1 2 - 4220723 + 4221347 @@ -29024,13 +29001,13 @@ 1 - 3252 - 3253 + 3253 + 3254 1 - 13442 - 13443 + 13929 + 13930 1 @@ -29044,8 +29021,8 @@ 1 - 4131133 - 4131134 + 4131269 + 4131270 1 @@ -29056,11 +29033,11 @@ iscall - 2950725 + 2948401 caller - 2950725 + 2948401 kind @@ -29078,7 +29055,7 @@ 1 2 - 2950725 + 2948401 @@ -29102,8 +29079,8 @@ 19 - 145251 - 145252 + 145320 + 145321 19 @@ -29114,15 +29091,15 @@ numtemplatearguments - 396237 + 397942 expr_id - 396237 + 397942 num - 317 + 316 @@ -29136,7 +29113,7 @@ 1 2 - 396237 + 397942 @@ -29170,18 +29147,18 @@ 35 - 179 - 180 + 229 + 230 35 - 227 - 228 + 248 + 249 35 - 10696 - 10697 + 10698 + 10699 35 @@ -29192,15 +29169,15 @@ specialnamequalifyingelements - 466 + 465 id - 466 + 465 name - 466 + 465 @@ -29214,7 +29191,7 @@ 1 2 - 466 + 465 @@ -29230,7 +29207,7 @@ 1 2 - 466 + 465 @@ -29240,23 +29217,23 @@ namequalifiers - 1533233 + 1573473 id - 1533233 + 1573473 qualifiableelement - 1533233 + 1573473 qualifyingelement - 83409 + 101477 location - 305921 + 316751 @@ -29270,7 +29247,7 @@ 1 2 - 1533233 + 1573473 @@ -29286,7 +29263,7 @@ 1 2 - 1533233 + 1573473 @@ -29302,7 +29279,7 @@ 1 2 - 1533233 + 1573473 @@ -29318,7 +29295,7 @@ 1 2 - 1533233 + 1573473 @@ -29334,7 +29311,7 @@ 1 2 - 1533233 + 1573473 @@ -29350,7 +29327,7 @@ 1 2 - 1533233 + 1573473 @@ -29366,27 +29343,27 @@ 1 2 - 46624 + 60842 2 3 - 20590 + 23293 3 - 4 - 5048 + 5 + 9253 - 4 - 7 - 6394 + 5 + 92 + 7652 - 7 - 21095 - 4751 + 96 + 21576 + 435 @@ -29402,27 +29379,27 @@ 1 2 - 46624 + 60842 2 3 - 20590 + 23293 3 - 4 - 5048 + 5 + 9253 - 4 - 7 - 6394 + 5 + 92 + 7652 - 7 - 21095 - 4751 + 96 + 21576 + 435 @@ -29438,27 +29415,22 @@ 1 2 - 50960 + 66478 2 3 - 19501 + 21473 3 - 4 - 4850 + 5 + 8700 - 4 - 8 - 6276 - - - 8 + 5 7095 - 1821 + 4824 @@ -29474,32 +29446,32 @@ 1 2 - 98218 + 104799 2 3 - 27460 + 29462 3 4 - 45872 + 46447 4 6 - 14076 + 14849 6 7 - 98852 + 98946 7 790 - 21441 + 22245 @@ -29515,32 +29487,32 @@ 1 2 - 98218 + 104799 2 3 - 27460 + 29462 3 4 - 45872 + 46447 4 6 - 14076 + 14849 6 7 - 98852 + 98946 7 790 - 21441 + 22245 @@ -29556,22 +29528,22 @@ 1 2 - 134350 + 142803 2 3 - 56820 + 57896 3 4 - 105940 + 106480 4 143 - 8810 + 9570 @@ -29581,15 +29553,15 @@ varbind - 6019333 + 6019964 expr - 6019333 + 6019964 var - 767282 + 767362 @@ -29603,7 +29575,7 @@ 1 2 - 6019333 + 6019964 @@ -29619,52 +29591,52 @@ 1 2 - 126016 + 126030 2 3 - 137650 + 137664 3 4 - 106120 + 106131 4 5 - 85073 + 85082 5 6 - 61189 + 61195 6 7 - 48034 + 48039 7 9 - 59524 + 59530 9 13 - 59175 + 59181 13 28 - 58784 + 58790 28 5137 - 25713 + 25715 @@ -29674,15 +29646,15 @@ funbind - 2953853 + 2951525 expr - 2951042 + 2948717 fun - 533740 + 533151 @@ -29696,12 +29668,12 @@ 1 2 - 2948231 + 2945909 2 3 - 2811 + 2807 @@ -29717,32 +29689,32 @@ 1 2 - 329699 + 329366 2 3 - 82182 + 82059 3 4 - 31855 + 31815 4 7 - 48070 + 48009 7 158 - 40031 + 40001 159 4943 - 1900 + 1898 @@ -29752,11 +29724,11 @@ expr_allocator - 46609 + 46508 expr - 46609 + 46508 func @@ -29778,7 +29750,7 @@ 1 2 - 46609 + 46508 @@ -29794,7 +29766,7 @@ 1 2 - 46609 + 46508 @@ -29878,11 +29850,11 @@ expr_deallocator - 55395 + 55274 expr - 55395 + 55274 func @@ -29904,7 +29876,7 @@ 1 2 - 55395 + 55274 @@ -29920,7 +29892,7 @@ 1 2 - 55395 + 55274 @@ -30025,15 +29997,15 @@ expr_cond_guard - 656221 + 656290 cond - 656221 + 656290 guard - 656221 + 656290 @@ -30047,7 +30019,7 @@ 1 2 - 656221 + 656290 @@ -30063,7 +30035,7 @@ 1 2 - 656221 + 656290 @@ -30073,15 +30045,15 @@ expr_cond_true - 656219 + 656288 cond - 656219 + 656288 true - 656219 + 656288 @@ -30095,7 +30067,7 @@ 1 2 - 656219 + 656288 @@ -30111,7 +30083,7 @@ 1 2 - 656219 + 656288 @@ -30121,15 +30093,15 @@ expr_cond_false - 656221 + 656290 cond - 656221 + 656290 false - 656221 + 656290 @@ -30143,7 +30115,7 @@ 1 2 - 656221 + 656290 @@ -30159,7 +30131,7 @@ 1 2 - 656221 + 656290 @@ -30169,15 +30141,15 @@ values - 10759232 + 10760361 id - 10759232 + 10760361 str - 87862 + 87930 @@ -30191,7 +30163,7 @@ 1 2 - 10759232 + 10760361 @@ -30207,22 +30179,22 @@ 1 2 - 59406 + 59454 2 3 - 12368 + 12390 3 6 - 6921 + 6906 6 56 - 6609 + 6620 57 @@ -30237,15 +30209,15 @@ valuetext - 4757293 + 4757336 id - 4757293 + 4757336 text - 703959 + 703968 @@ -30259,7 +30231,7 @@ 1 2 - 4757293 + 4757336 @@ -30275,22 +30247,22 @@ 1 2 - 527546 + 527549 2 3 - 102496 + 102500 3 7 - 56768 + 56769 7 425884 - 17149 + 17150 @@ -30300,15 +30272,15 @@ valuebind - 11192739 + 11193913 val - 10759232 + 10760361 expr - 11192739 + 11193913 @@ -30322,12 +30294,12 @@ 1 2 - 10348232 + 10349318 2 7 - 410999 + 411043 @@ -30343,7 +30315,7 @@ 1 2 - 11192739 + 11193913 @@ -30353,15 +30325,15 @@ fieldoffsets - 1052983 + 1053094 id - 1052983 + 1053094 byteoffset - 22655 + 22658 bitoffset @@ -30379,7 +30351,7 @@ 1 2 - 1052983 + 1053094 @@ -30395,7 +30367,7 @@ 1 2 - 1052983 + 1053094 @@ -30411,7 +30383,7 @@ 1 2 - 13003 + 13004 2 @@ -30421,7 +30393,7 @@ 3 5 - 1794 + 1795 5 @@ -30457,7 +30429,7 @@ 1 2 - 21977 + 21980 2 @@ -30554,19 +30526,19 @@ bitfield - 20919 + 20887 id - 20919 + 20887 bits - 2614 + 2610 declared_bits - 2614 + 2610 @@ -30580,7 +30552,7 @@ 1 2 - 20919 + 20887 @@ -30596,7 +30568,7 @@ 1 2 - 20919 + 20887 @@ -30612,42 +30584,42 @@ 1 2 - 732 + 731 2 3 - 627 + 626 3 4 - 209 + 208 4 5 - 209 + 208 5 6 - 209 + 208 6 8 - 209 + 208 8 11 - 209 + 208 12 115 - 209 + 208 @@ -30663,7 +30635,7 @@ 1 2 - 2614 + 2610 @@ -30679,42 +30651,42 @@ 1 2 - 732 + 731 2 3 - 627 + 626 3 4 - 209 + 208 4 5 - 209 + 208 5 6 - 209 + 208 6 8 - 209 + 208 8 11 - 209 + 208 12 115 - 209 + 208 @@ -30730,7 +30702,7 @@ 1 2 - 2614 + 2610 @@ -30740,23 +30712,23 @@ initialisers - 1699706 + 1698635 init - 1699706 + 1698635 var - 722379 + 722109 expr - 1699706 + 1698635 location - 391099 + 390823 @@ -30770,7 +30742,7 @@ 1 2 - 1699706 + 1698635 @@ -30786,7 +30758,7 @@ 1 2 - 1699706 + 1698635 @@ -30802,7 +30774,7 @@ 1 2 - 1699706 + 1698635 @@ -30818,17 +30790,17 @@ 1 2 - 634183 + 633984 2 16 - 31492 + 31466 16 25 - 56703 + 56657 @@ -30844,17 +30816,17 @@ 1 2 - 634183 + 633984 2 16 - 31492 + 31466 16 25 - 56703 + 56657 @@ -30870,7 +30842,7 @@ 1 2 - 722373 + 722102 2 @@ -30891,7 +30863,7 @@ 1 2 - 1699706 + 1698635 @@ -30907,7 +30879,7 @@ 1 2 - 1699706 + 1698635 @@ -30923,7 +30895,7 @@ 1 2 - 1699706 + 1698635 @@ -30939,22 +30911,22 @@ 1 2 - 318718 + 318451 2 3 - 23864 + 23851 3 15 - 30667 + 30680 15 111551 - 17848 + 17839 @@ -30970,17 +30942,17 @@ 1 2 - 341406 + 341120 2 4 - 35639 + 35642 4 12811 - 14053 + 14060 @@ -30996,22 +30968,22 @@ 1 2 - 318718 + 318451 2 3 - 23864 + 23851 3 15 - 30667 + 30680 15 111551 - 17848 + 17839 @@ -31021,26 +30993,26 @@ braced_initialisers - 41634 + 41638 init - 41634 + 41638 expr_ancestor - 133360 + 133194 exp - 133360 + 133194 ancestor - 92932 + 92816 @@ -31054,7 +31026,7 @@ 1 2 - 133360 + 133194 @@ -31070,17 +31042,17 @@ 1 2 - 67115 + 67032 2 3 - 18432 + 18409 3 8 - 7127 + 7118 8 @@ -31095,11 +31067,11 @@ exprs - 18357636 + 18359562 id - 18357636 + 18359562 kind @@ -31107,7 +31079,7 @@ location - 8474327 + 8475216 @@ -31121,7 +31093,7 @@ 1 2 - 18357636 + 18359562 @@ -31137,7 +31109,7 @@ 1 2 - 18357636 + 18359562 @@ -31315,22 +31287,22 @@ 1 2 - 7133647 + 7134396 2 3 - 661870 + 661940 3 18 - 637071 + 637137 18 71656 - 41738 + 41742 @@ -31346,17 +31318,17 @@ 1 2 - 7239544 + 7240303 2 3 - 617153 + 617218 3 32 - 617629 + 617694 @@ -31366,19 +31338,19 @@ expr_types - 18412556 + 18486992 id - 18357636 + 18355648 typeid - 881000 + 1244631 value_category - 59 + 33 @@ -31392,12 +31364,12 @@ 1 2 - 18302715 + 18224304 2 3 - 54920 + 131344 @@ -31413,7 +31385,7 @@ 1 2 - 18357636 + 18355648 @@ -31429,42 +31401,42 @@ 1 2 - 316771 + 450516 2 3 - 172204 + 258426 3 4 - 69372 + 103287 4 5 - 68284 + 84777 5 - 7 - 69729 + 8 + 111125 - 7 - 12 - 69828 + 8 + 14 + 99171 - 12 - 35 - 66898 + 14 + 42 + 94099 - 35 - 73134 - 47911 + 42 + 125383 + 43226 @@ -31480,17 +31452,17 @@ 1 2 - 757935 + 1075930 2 3 - 111840 + 158231 3 4 - 11225 + 10469 @@ -31504,19 +31476,19 @@ 12 - 7160 - 7161 - 19 + 14895 + 14896 + 11 - 235356 - 235357 - 19 + 372156 + 372157 + 11 - 684721 - 684722 - 19 + 1245257 + 1245258 + 11 @@ -31530,19 +31502,19 @@ 12 - 1406 - 1407 - 19 + 2722 + 2723 + 11 - 11861 - 11862 - 19 + 30879 + 30880 + 11 - 38015 - 38016 - 19 + 93013 + 93014 + 11 @@ -31552,15 +31524,15 @@ new_allocated_type - 47668 + 47564 expr - 47668 + 47564 type_id - 28191 + 28130 @@ -31574,7 +31546,7 @@ 1 2 - 47668 + 47564 @@ -31590,17 +31562,17 @@ 1 2 - 11784 + 11759 2 3 - 14925 + 14892 3 19 - 1481 + 1478 @@ -31610,15 +31582,15 @@ new_array_allocated_type - 5103 + 5099 expr - 5103 + 5099 type_id - 2196 + 2194 @@ -31632,7 +31604,7 @@ 1 2 - 5103 + 5099 @@ -31653,7 +31625,7 @@ 2 3 - 1944 + 1943 3 @@ -32695,15 +32667,15 @@ condition_decl_bind - 42427 + 42374 expr - 42427 + 42374 decl - 42427 + 42374 @@ -32717,7 +32689,7 @@ 1 2 - 42427 + 42374 @@ -32733,7 +32705,7 @@ 1 2 - 42427 + 42374 @@ -32743,15 +32715,15 @@ typeid_bind - 36483 + 36403 expr - 36483 + 36403 type_id - 16407 + 16371 @@ -32765,7 +32737,7 @@ 1 2 - 36483 + 36403 @@ -32781,12 +32753,12 @@ 1 2 - 15983 + 15948 3 328 - 423 + 422 @@ -32796,15 +32768,15 @@ uuidof_bind - 20120 + 20103 expr - 20120 + 20103 type_id - 19925 + 19908 @@ -32818,7 +32790,7 @@ 1 2 - 20120 + 20103 @@ -32834,7 +32806,7 @@ 1 2 - 19761 + 19745 2 @@ -32849,11 +32821,11 @@ sizeof_bind - 198861 + 198882 expr - 198861 + 198882 type_id @@ -32871,7 +32843,7 @@ 1 2 - 198861 + 198882 @@ -32892,7 +32864,7 @@ 2 3 - 2329 + 2330 3 @@ -32980,19 +32952,19 @@ lambdas - 21449 + 21431 expr - 21449 + 21431 default_capture - 466 + 465 has_explicit_return_type - 466 + 465 @@ -33006,7 +32978,7 @@ 1 2 - 21449 + 21431 @@ -33022,7 +32994,7 @@ 1 2 - 21449 + 21431 @@ -33038,7 +33010,7 @@ 46 47 - 466 + 465 @@ -33054,7 +33026,7 @@ 1 2 - 466 + 465 @@ -33070,7 +33042,7 @@ 46 47 - 466 + 465 @@ -33086,7 +33058,7 @@ 1 2 - 466 + 465 @@ -33096,35 +33068,35 @@ lambda_capture - 27977 + 27953 id - 27977 + 27953 lambda - 20517 + 20499 index - 932 + 931 field - 27977 + 27953 captured_by_reference - 466 + 465 is_implicit - 466 + 465 location - 2797 + 2795 @@ -33138,7 +33110,7 @@ 1 2 - 27977 + 27953 @@ -33154,7 +33126,7 @@ 1 2 - 27977 + 27953 @@ -33170,7 +33142,7 @@ 1 2 - 27977 + 27953 @@ -33186,7 +33158,7 @@ 1 2 - 27977 + 27953 @@ -33202,7 +33174,7 @@ 1 2 - 27977 + 27953 @@ -33218,7 +33190,7 @@ 1 2 - 27977 + 27953 @@ -33234,12 +33206,12 @@ 1 2 - 13056 + 13045 2 3 - 7460 + 7454 @@ -33255,12 +33227,12 @@ 1 2 - 13056 + 13045 2 3 - 7460 + 7454 @@ -33276,12 +33248,12 @@ 1 2 - 13056 + 13045 2 3 - 7460 + 7454 @@ -33297,7 +33269,7 @@ 1 2 - 20517 + 20499 @@ -33313,7 +33285,7 @@ 1 2 - 20517 + 20499 @@ -33329,12 +33301,12 @@ 1 2 - 13056 + 13045 2 3 - 7460 + 7454 @@ -33350,12 +33322,12 @@ 16 17 - 466 + 465 44 45 - 466 + 465 @@ -33371,12 +33343,12 @@ 16 17 - 466 + 465 44 45 - 466 + 465 @@ -33392,12 +33364,12 @@ 16 17 - 466 + 465 44 45 - 466 + 465 @@ -33413,7 +33385,7 @@ 1 2 - 932 + 931 @@ -33429,7 +33401,7 @@ 1 2 - 932 + 931 @@ -33445,12 +33417,12 @@ 2 3 - 466 + 465 4 5 - 466 + 465 @@ -33466,7 +33438,7 @@ 1 2 - 27977 + 27953 @@ -33482,7 +33454,7 @@ 1 2 - 27977 + 27953 @@ -33498,7 +33470,7 @@ 1 2 - 27977 + 27953 @@ -33514,7 +33486,7 @@ 1 2 - 27977 + 27953 @@ -33530,7 +33502,7 @@ 1 2 - 27977 + 27953 @@ -33546,7 +33518,7 @@ 1 2 - 27977 + 27953 @@ -33562,7 +33534,7 @@ 60 61 - 466 + 465 @@ -33578,7 +33550,7 @@ 44 45 - 466 + 465 @@ -33594,7 +33566,7 @@ 2 3 - 466 + 465 @@ -33610,7 +33582,7 @@ 60 61 - 466 + 465 @@ -33626,7 +33598,7 @@ 1 2 - 466 + 465 @@ -33642,7 +33614,7 @@ 6 7 - 466 + 465 @@ -33658,7 +33630,7 @@ 60 61 - 466 + 465 @@ -33674,7 +33646,7 @@ 44 45 - 466 + 465 @@ -33690,7 +33662,7 @@ 2 3 - 466 + 465 @@ -33706,7 +33678,7 @@ 60 61 - 466 + 465 @@ -33722,7 +33694,7 @@ 1 2 - 466 + 465 @@ -33738,7 +33710,7 @@ 6 7 - 466 + 465 @@ -33754,12 +33726,12 @@ 8 9 - 1865 + 1863 14 15 - 932 + 931 @@ -33775,12 +33747,12 @@ 8 9 - 1865 + 1863 14 15 - 932 + 931 @@ -33796,7 +33768,7 @@ 1 2 - 2797 + 2795 @@ -33812,12 +33784,12 @@ 8 9 - 1865 + 1863 14 15 - 932 + 931 @@ -33833,7 +33805,7 @@ 1 2 - 2797 + 2795 @@ -33849,7 +33821,7 @@ 1 2 - 2797 + 2795 @@ -33975,19 +33947,19 @@ stmts - 4653633 + 4646337 id - 4653633 + 4646337 kind - 1987 + 1984 location - 2285081 + 2281499 @@ -34001,7 +33973,7 @@ 1 2 - 4653633 + 4646337 @@ -34017,7 +33989,7 @@ 1 2 - 4653633 + 4646337 @@ -34245,22 +34217,22 @@ 1 2 - 1890636 + 1887672 2 4 - 175831 + 175556 4 12 - 176041 + 175765 12 687 - 42572 + 42505 @@ -34276,12 +34248,12 @@ 1 2 - 2227865 + 2224372 2 8 - 57215 + 57126 @@ -34435,15 +34407,15 @@ if_then - 724735 + 724811 if_stmt - 724735 + 724811 then_id - 724735 + 724811 @@ -34457,7 +34429,7 @@ 1 2 - 724735 + 724811 @@ -34473,7 +34445,7 @@ 1 2 - 724735 + 724811 @@ -34483,15 +34455,15 @@ if_else - 184369 + 184389 if_stmt - 184369 + 184389 else_id - 184369 + 184389 @@ -34505,7 +34477,7 @@ 1 2 - 184369 + 184389 @@ -34521,7 +34493,7 @@ 1 2 - 184369 + 184389 @@ -34579,15 +34551,15 @@ constexpr_if_then - 52508 + 52426 constexpr_if_stmt - 52508 + 52426 then_id - 52508 + 52426 @@ -34601,7 +34573,7 @@ 1 2 - 52508 + 52426 @@ -34617,7 +34589,7 @@ 1 2 - 52508 + 52426 @@ -34627,15 +34599,15 @@ constexpr_if_else - 30856 + 30808 constexpr_if_stmt - 30856 + 30808 else_id - 30856 + 30808 @@ -34649,7 +34621,7 @@ 1 2 - 30856 + 30808 @@ -34665,7 +34637,7 @@ 1 2 - 30856 + 30808 @@ -34675,15 +34647,15 @@ while_body - 30110 + 29372 while_stmt - 30110 + 29372 body_id - 30110 + 29372 @@ -34697,7 +34669,7 @@ 1 2 - 30110 + 29372 @@ -34713,7 +34685,7 @@ 1 2 - 30110 + 29372 @@ -34723,15 +34695,15 @@ do_body - 148632 + 148648 do_stmt - 148632 + 148648 body_id - 148632 + 148648 @@ -34745,7 +34717,7 @@ 1 2 - 148632 + 148648 @@ -34761,7 +34733,7 @@ 1 2 - 148632 + 148648 @@ -34819,19 +34791,19 @@ switch_case - 209643 + 209381 switch_stmt - 11225 + 11211 index - 4870 + 4864 case_id - 209643 + 209381 @@ -34850,52 +34822,52 @@ 3 4 - 2494 + 2491 4 5 - 1821 + 1819 5 6 - 1088 + 1087 6 8 - 1029 + 1028 8 9 - 554 + 553 9 10 - 1069 + 1067 10 12 - 1029 + 1028 12 25 - 871 + 870 30 152 - 851 + 850 181 247 - 356 + 355 @@ -34916,52 +34888,52 @@ 3 4 - 2494 + 2491 4 5 - 1821 + 1819 5 6 - 1088 + 1087 6 8 - 1029 + 1028 8 9 - 554 + 553 9 10 - 1069 + 1067 10 12 - 1029 + 1028 12 25 - 871 + 870 30 152 - 851 + 850 181 247 - 356 + 355 @@ -34977,7 +34949,7 @@ 14 15 - 1286 + 1285 18 @@ -34987,7 +34959,7 @@ 32 33 - 2098 + 2095 33 @@ -34997,7 +34969,7 @@ 66 292 - 376 + 375 346 @@ -35018,7 +34990,7 @@ 14 15 - 1286 + 1285 18 @@ -35028,7 +35000,7 @@ 32 33 - 2098 + 2095 33 @@ -35038,7 +35010,7 @@ 66 292 - 376 + 375 346 @@ -35059,7 +35031,7 @@ 1 2 - 209643 + 209381 @@ -35075,7 +35047,7 @@ 1 2 - 209643 + 209381 @@ -35085,15 +35057,15 @@ switch_body - 20753 + 20755 switch_stmt - 20753 + 20755 body_id - 20753 + 20755 @@ -35107,7 +35079,7 @@ 1 2 - 20753 + 20755 @@ -35123,7 +35095,7 @@ 1 2 - 20753 + 20755 @@ -35133,15 +35105,15 @@ for_initialization - 53317 + 53322 for_stmt - 53317 + 53322 init_id - 53317 + 53322 @@ -35155,7 +35127,7 @@ 1 2 - 53317 + 53322 @@ -35171,7 +35143,7 @@ 1 2 - 53317 + 53322 @@ -35181,15 +35153,15 @@ for_condition - 55578 + 55583 for_stmt - 55578 + 55583 condition_id - 55578 + 55583 @@ -35203,7 +35175,7 @@ 1 2 - 55578 + 55583 @@ -35219,7 +35191,7 @@ 1 2 - 55578 + 55583 @@ -35229,15 +35201,15 @@ for_update - 53419 + 53425 for_stmt - 53419 + 53425 update_id - 53419 + 53425 @@ -35251,7 +35223,7 @@ 1 2 - 53419 + 53425 @@ -35267,7 +35239,7 @@ 1 2 - 53419 + 53425 @@ -35277,15 +35249,15 @@ for_body - 61456 + 61463 for_stmt - 61456 + 61463 body_id - 61456 + 61463 @@ -35299,7 +35271,7 @@ 1 2 - 61456 + 61463 @@ -35315,7 +35287,7 @@ 1 2 - 61456 + 61463 @@ -35325,19 +35297,19 @@ stmtparents - 4056493 + 4053171 id - 4056493 + 4053171 index - 12221 + 12211 parent - 1721306 + 1719896 @@ -35351,7 +35323,7 @@ 1 2 - 4056493 + 4053171 @@ -35367,7 +35339,7 @@ 1 2 - 4056493 + 4053171 @@ -35383,12 +35355,12 @@ 1 2 - 4015 + 4011 2 3 - 1000 + 999 3 @@ -35398,12 +35370,12 @@ 4 5 - 1554 + 1553 7 8 - 1019 + 1018 8 @@ -35413,7 +35385,7 @@ 12 29 - 1076 + 1075 29 @@ -35423,12 +35395,12 @@ 41 77 - 925 + 924 77 196965 - 698 + 697 @@ -35444,12 +35416,12 @@ 1 2 - 4015 + 4011 2 3 - 1000 + 999 3 @@ -35459,12 +35431,12 @@ 4 5 - 1554 + 1553 7 8 - 1019 + 1018 8 @@ -35474,7 +35446,7 @@ 12 29 - 1076 + 1075 29 @@ -35484,12 +35456,12 @@ 41 77 - 925 + 924 77 196965 - 698 + 697 @@ -35505,32 +35477,32 @@ 1 2 - 988422 + 987613 2 3 - 373339 + 373033 3 4 - 105849 + 105762 4 6 - 111349 + 111258 6 17 - 129972 + 129865 17 1943 - 12372 + 12362 @@ -35546,32 +35518,32 @@ 1 2 - 988422 + 987613 2 3 - 373339 + 373033 3 4 - 105849 + 105762 4 6 - 111349 + 111258 6 17 - 129972 + 129865 17 1943 - 12372 + 12362 @@ -35581,22 +35553,22 @@ ishandler - 65314 + 65232 block - 65314 + 65232 stmt_decl_bind - 585129 + 585093 stmt - 545014 + 544980 num @@ -35604,7 +35576,7 @@ decl - 585024 + 584988 @@ -35618,12 +35590,12 @@ 1 2 - 524152 + 524119 2 19 - 20861 + 20860 @@ -35639,12 +35611,12 @@ 1 2 - 524152 + 524119 2 19 - 20861 + 20860 @@ -35842,7 +35814,7 @@ 1 2 - 584986 + 584950 2 @@ -35863,7 +35835,7 @@ 1 2 - 585024 + 584988 @@ -35873,11 +35845,11 @@ stmt_decl_entry_bind - 527587 + 527554 stmt - 487773 + 487743 num @@ -35885,7 +35857,7 @@ decl_entry - 527528 + 527495 @@ -35899,12 +35871,12 @@ 1 2 - 467176 + 467147 2 19 - 20597 + 20596 @@ -35920,12 +35892,12 @@ 1 2 - 467176 + 467147 2 19 - 20597 + 20596 @@ -36123,7 +36095,7 @@ 1 2 - 527507 + 527474 3 @@ -36144,7 +36116,7 @@ 1 2 - 527528 + 527495 @@ -36154,15 +36126,15 @@ blockscope - 1415210 + 1413994 block - 1415210 + 1413994 enclosing - 1300035 + 1298917 @@ -36176,7 +36148,7 @@ 1 2 - 1415210 + 1413994 @@ -36192,12 +36164,12 @@ 1 2 - 1234753 + 1233692 2 13 - 65281 + 65225 @@ -36207,19 +36179,19 @@ jumpinfo - 254043 + 254070 id - 254043 + 254070 str - 21156 + 21158 target - 53056 + 53061 @@ -36233,7 +36205,7 @@ 1 2 - 254043 + 254070 @@ -36249,7 +36221,7 @@ 1 2 - 254043 + 254070 @@ -36265,7 +36237,7 @@ 2 3 - 9877 + 9878 3 @@ -36290,7 +36262,7 @@ 10 22 - 1620 + 1621 22 @@ -36311,7 +36283,7 @@ 1 2 - 16720 + 16722 2 @@ -36321,7 +36293,7 @@ 3 10 - 1687 + 1688 10 @@ -36347,22 +36319,22 @@ 2 3 - 26433 + 26436 3 4 - 12899 + 12901 4 5 - 5343 + 5344 5 8 - 4691 + 4692 8 @@ -36383,7 +36355,7 @@ 1 2 - 53056 + 53061 @@ -36393,19 +36365,19 @@ preprocdirects - 4427698 + 4420757 id - 4427698 + 4420757 kind - 1045 + 1044 location - 4425187 + 4418250 @@ -36419,7 +36391,7 @@ 1 2 - 4427698 + 4420757 @@ -36435,7 +36407,7 @@ 1 2 - 4427698 + 4420757 @@ -36573,7 +36545,7 @@ 1 2 - 4425083 + 4418146 25 @@ -36594,7 +36566,7 @@ 1 2 - 4425187 + 4418250 @@ -36604,15 +36576,15 @@ preprocpair - 1429665 + 1428437 begin - 1195584 + 1194557 elseelifend - 1429665 + 1428437 @@ -36626,17 +36598,17 @@ 1 2 - 977357 + 976517 2 3 - 207968 + 207789 3 11 - 10258 + 10249 @@ -36652,7 +36624,7 @@ 1 2 - 1429665 + 1428437 @@ -36662,41 +36634,41 @@ preproctrue - 766125 + 765467 branch - 766125 + 765467 preprocfalse - 331070 + 330786 branch - 331070 + 330786 preproctext - 3569772 + 3564176 id - 3569772 + 3564176 head - 2589465 + 2585406 body - 1514601 + 1512226 @@ -36710,7 +36682,7 @@ 1 2 - 3569772 + 3564176 @@ -36726,7 +36698,7 @@ 1 2 - 3569772 + 3564176 @@ -36742,12 +36714,12 @@ 1 2 - 2442503 + 2438674 2 740 - 146962 + 146731 @@ -36763,12 +36735,12 @@ 1 2 - 2527333 + 2523371 2 5 - 62132 + 62034 @@ -36784,17 +36756,17 @@ 1 2 - 1371090 + 1368941 2 6 - 113595 + 113417 6 11572 - 29915 + 29868 @@ -36810,17 +36782,17 @@ 1 2 - 1374124 + 1371969 2 7 - 113908 + 113730 7 2959 - 26568 + 26526 @@ -36830,15 +36802,15 @@ includes - 312885 + 312616 id - 312885 + 312616 included - 117040 + 116939 @@ -36852,7 +36824,7 @@ 1 2 - 312885 + 312616 @@ -36868,32 +36840,32 @@ 1 2 - 61084 + 61032 2 3 - 21915 + 21897 3 4 - 12590 + 12579 4 6 - 10258 + 10249 6 14 - 8859 + 8852 14 47 - 2331 + 2329 @@ -36951,11 +36923,11 @@ link_parent - 38563300 + 39330305 element - 4879124 + 4985174 link_target @@ -36973,17 +36945,17 @@ 1 2 - 648905 + 672132 2 9 - 25933 + 26158 9 10 - 4204285 + 4286883 @@ -37002,48 +36974,48 @@ 35 - 119334 - 119335 + 121945 + 121946 35 - 119438 - 119439 + 122057 + 122058 35 - 119533 - 119534 + 122156 + 122157 35 - 119568 - 119569 + 122187 + 122188 35 - 119576 - 119577 + 122199 + 122200 35 - 119601 - 119602 + 122216 + 122217 35 - 121457 - 121458 + 124216 + 124217 35 - 126036 - 126037 + 128870 + 128871 35 - 128398 - 128399 + 131274 + 131275 35 diff --git a/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/old.dbscheme b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/old.dbscheme new file mode 100644 index 00000000000..dbe9c8eb5fc --- /dev/null +++ b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/old.dbscheme @@ -0,0 +1,2213 @@ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/** + * Information about packages that provide code used during compilation. + * The `id` is just a unique identifier. + * The `namespace` is typically the name of the package manager that + * provided the package (e.g. "dpkg" or "yum"). + * The `package_name` is the name of the package, and `version` is its + * version (as a string). + */ +external_packages( + unique int id: @external_package, + string namespace : string ref, + string package_name : string ref, + string version : string ref +); + +/** + * Holds if File `fileid` was provided by package `package`. + */ +header_to_external_package( + int fileid : @file ref, + int package : @external_package ref +); + +/* + * Version history + */ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/* + * C++ dbscheme + */ + +@location = @location_stmt | @location_expr | @location_default ; + +/** + * The location of an element that is not an expression or a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + /** The location of an element that is not an expression or a statement. */ + unique int id: @location_default, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_stmt( + /** The location of a statement. */ + unique int id: @location_stmt, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of an expression. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_expr( + /** The location of an expression. */ + unique int id: @location_expr, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +/* +case @function.kind of + 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk +; +*/ + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref, + int handle: @variable ref, + int promise: @variable ref +); + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @functionorblock ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +| 40 = @decimal32 // _Decimal32 +| 41 = @decimal64 // _Decimal64 +| 42 = @decimal128 // _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator. For example: + * ``` + * int a; + * decltype(1+a) b; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * would change the semantics of this decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +/* +case @usertype.kind of + 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +| 5 = @typedef // classic C: typedef typedef type name +| 6 = @template +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +| 14 = @using_alias // a using name = type style typedef +; +*/ + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +is_proxy_class_for( + unique int id: @usertype ref, + unique int templ_param_id: @usertype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +/* + Fixed point types + precision(1) = short, precision(2) = default, precision(3) = long + is_unsigned(1) = unsigned is_unsigned(2) = signed + is_fract_type(1) = declared with _Fract + saturating(1) = declared with _Sat +*/ +/* TODO +fixedpointtypes( + unique int id: @fixedpointtype, + int precision: int ref, + int is_unsigned: int ref, + int is_fract_type: int ref, + int saturating: int ref); +*/ + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + /* TODO | @fixedpointtype */ + | @routinetype + | @ptrtomember + | @decltype; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 3 = size_and_alignment + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_expr ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_expr ref +); + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + ; + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@runtime_sizeof_or_alignof = @runtime_sizeof | @runtime_alignof; + +sizeof_bind( + unique int expr: @runtime_sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_stmt ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +for_initialization( + unique int for_stmt: @stmt_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@functionorblock = @function | @stmt_block; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @functionorblock ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +link_targets( + unique int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/* XML Files */ + +xmlEncoding(unique int id: @file ref, string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters + | @xmlelement + | @xmlcomment + | @xmlattribute + | @xmldtd + | @file + | @xmlnamespace; diff --git a/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/semmlecode.cpp.dbscheme b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/semmlecode.cpp.dbscheme new file mode 100644 index 00000000000..5b388693c66 --- /dev/null +++ b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/semmlecode.cpp.dbscheme @@ -0,0 +1,2221 @@ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/** + * Information about packages that provide code used during compilation. + * The `id` is just a unique identifier. + * The `namespace` is typically the name of the package manager that + * provided the package (e.g. "dpkg" or "yum"). + * The `package_name` is the name of the package, and `version` is its + * version (as a string). + */ +external_packages( + unique int id: @external_package, + string namespace : string ref, + string package_name : string ref, + string version : string ref +); + +/** + * Holds if File `fileid` was provided by package `package`. + */ +header_to_external_package( + int fileid : @file ref, + int package : @external_package ref +); + +/* + * Version history + */ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/* + * C++ dbscheme + */ + +@location = @location_stmt | @location_expr | @location_default ; + +/** + * The location of an element that is not an expression or a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + /** The location of an element that is not an expression or a statement. */ + unique int id: @location_default, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of a statement. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_stmt( + /** The location of a statement. */ + unique int id: @location_stmt, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** + * The location of an expression. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_expr( + /** The location of an expression. */ + unique int id: @location_expr, + int container: @container ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @folder | @file + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +/* +case @function.kind of + 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk +; +*/ + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref, + int handle: @variable ref, + int promise: @variable ref +); + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @functionorblock ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +| 40 = @decimal32 // _Decimal32 +| 41 = @decimal64 // _Decimal64 +| 42 = @decimal128 // _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator. For example: + * ``` + * int a; + * decltype(1+a) b; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * would change the semantics of this decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +/* +case @usertype.kind of + 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +| 5 = @typedef // classic C: typedef typedef type name +| 6 = @template +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +| 14 = @using_alias // a using name = type style typedef +; +*/ + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +is_proxy_class_for( + unique int id: @usertype ref, + unique int templ_param_id: @usertype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +/* + Fixed point types + precision(1) = short, precision(2) = default, precision(3) = long + is_unsigned(1) = unsigned is_unsigned(2) = signed + is_fract_type(1) = declared with _Fract + saturating(1) = declared with _Sat +*/ +/* TODO +fixedpointtypes( + unique int id: @fixedpointtype, + int precision: int ref, + int is_unsigned: int ref, + int is_fract_type: int ref, + int saturating: int ref); +*/ + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + /* TODO | @fixedpointtype */ + | @routinetype + | @ptrtomember + | @decltype; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + | @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 3 = size_and_alignment + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_expr ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_expr ref +); + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + ; + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@runtime_sizeof_or_alignof = @runtime_sizeof | @runtime_alignof; + +sizeof_bind( + unique int expr: @runtime_sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_stmt ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +for_initialization( + unique int for_stmt: @stmt_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@functionorblock = @function | @stmt_block; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @functionorblock ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +link_targets( + unique int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/* XML Files */ + +xmlEncoding(unique int id: @file ref, string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters + | @xmlelement + | @xmlcomment + | @xmlattribute + | @xmldtd + | @file + | @xmlnamespace; diff --git a/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/upgrade.properties b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/upgrade.properties new file mode 100644 index 00000000000..6100434c49e --- /dev/null +++ b/cpp/ql/lib/upgrades/dbe9c8eb5fc6f54b7ae08c7317d0795b24961564/upgrade.properties @@ -0,0 +1,2 @@ +description: Introduce new floating-point types from C23 and C++23 +compatibility: full diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index f3d5cd46f66..b5fba0867ac 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,40 @@ +## 0.8.1 + +### New Queries + +* The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null. + + Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6. + +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. + +## 0.7.5 + +No user-facing changes. + +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. + ## 0.7.3 No user-facing changes. diff --git a/cpp/ql/src/Critical/DoubleFree.ql b/cpp/ql/src/Critical/DoubleFree.ql index 734e32ea75f..cce1cc62849 100644 --- a/cpp/ql/src/Critical/DoubleFree.ql +++ b/cpp/ql/src/Critical/DoubleFree.ql @@ -2,7 +2,7 @@ * @name Potential double free * @description Freeing a resource more than once can lead to undefined behavior and cause memory corruption. * @kind path-problem - * @precision medium + * @precision high * @id cpp/double-free * @problem.severity warning * @security-severity 9.3 diff --git a/cpp/ql/src/Critical/UseAfterFree.ql b/cpp/ql/src/Critical/UseAfterFree.ql index a4d1ee7be2f..51818ca5334 100644 --- a/cpp/ql/src/Critical/UseAfterFree.ql +++ b/cpp/ql/src/Critical/UseAfterFree.ql @@ -2,7 +2,7 @@ * @name Potential use after free * @description An allocated memory block is used after it has been freed. Behavior in such cases is undefined and can cause memory corruption. * @kind path-problem - * @precision medium + * @precision high * @id cpp/use-after-free * @problem.severity warning * @security-severity 9.3 @@ -29,8 +29,7 @@ private predicate externalCallNeverDereferences(FormattingFunctionCall call, int ) } -predicate isUse0(DataFlow::Node n, Expr e) { - e = n.asExpr() and +predicate isUse0(Expr e) { not isFree(_, e, _) and ( e = any(PointerDereferenceExpr pde).getOperand() @@ -43,7 +42,7 @@ predicate isUse0(DataFlow::Node n, Expr e) { or // Assume any function without a body will dereference the pointer exists(int i, Call call, Function f | - n.asExpr() = call.getArgument(i) and + e = call.getArgument(i) and f = call.getTarget() and not f.hasEntryPoint() and // Exclude known functions we know won't dereference the pointer. @@ -57,7 +56,7 @@ module ParameterSinks { import semmle.code.cpp.ir.ValueNumbering predicate flowsToUse(DataFlow::Node n) { - isUse0(n, _) + isUse0(n.asExpr()) or exists(DataFlow::Node succ | flowsToUse(succ) and @@ -90,7 +89,7 @@ module ParameterSinks { ) { pragma[only_bind_out](source.asParameter()) = pragma[only_bind_out](init.getParameter()) and paramToUse(source, sink) and - isUse0(sink, _) + isUse0(sink.asExpr()) } private InitializeParameterInstruction getAnAlwaysDereferencedParameter0() { @@ -139,7 +138,7 @@ module IsUse { private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplCommon predicate isUse(DataFlow::Node n, Expr e) { - isUse0(n, e) + isUse0(e) and n.asExpr() = e or exists(CallInstruction call, InitializeParameterInstruction init | n.asOperand().getDef().getUnconvertedResultExpression() = e and diff --git a/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql b/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql index 1d7a56b2068..87daa668261 100644 --- a/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql +++ b/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql @@ -5,10 +5,12 @@ * it should be moved before the dereference. * @kind path-problem * @problem.severity error + * @security-severity 7.5 * @precision high * @id cpp/redundant-null-check-simple * @tags reliability * correctness + * security * external/cwe/cwe-476 */ diff --git a/cpp/ql/src/Microsoft/SAL.qll b/cpp/ql/src/Microsoft/SAL.qll index 99102755b2d..1e5bb9ac0f1 100644 --- a/cpp/ql/src/Microsoft/SAL.qll +++ b/cpp/ql/src/Microsoft/SAL.qll @@ -161,7 +161,7 @@ private predicate annotatesAtPosition(SalPosition pos, DeclarationEntry d, File * A SAL element, that is, a SAL annotation or a declaration entry * that may have SAL annotations. */ -library class SalElement extends Element { +class SalElement extends Element { SalElement() { containsSalAnnotation(this.(DeclarationEntry).getFile()) or this instanceof SalAnnotation diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql index e16f0568056..812fe236f76 100644 --- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql +++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql @@ -13,15 +13,13 @@ import cpp import semmle.code.cpp.commons.Environment -import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl -import TaintedWithPath +import semmle.code.cpp.ir.dataflow.TaintTracking +import semmle.code.cpp.ir.IR +import Flow::PathGraph /** A call that prints its arguments to `stdout`. */ class PrintStdoutCall extends FunctionCall { - PrintStdoutCall() { - this.getTarget().hasGlobalOrStdName("puts") or - this.getTarget().hasGlobalOrStdName("printf") - } + PrintStdoutCall() { this.getTarget().hasGlobalOrStdName(["puts", "printf"]) } } /** A read of the QUERY_STRING environment variable */ @@ -29,19 +27,25 @@ class QueryString extends EnvironmentRead { QueryString() { this.getEnvironmentVariable() = "QUERY_STRING" } } -class Configuration extends TaintTrackingConfiguration { - override predicate isSource(Expr source) { source instanceof QueryString } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asIndirectExpr() instanceof QueryString } - override predicate isSink(Element tainted) { - exists(PrintStdoutCall call | call.getAnArgument() = tainted) + predicate isSink(DataFlow::Node node) { + exists(PrintStdoutCall call | call.getAnArgument() = [node.asIndirectExpr(), node.asExpr()]) } - override predicate isBarrier(Expr e) { - super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType + predicate isBarrier(DataFlow::Node node) { + isSink(node) and node.asExpr().getUnspecifiedType() instanceof ArithmeticType + or + node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType } } -from QueryString query, Element printedArg, PathNode sourceNode, PathNode sinkNode -where taintedWithPath(query, printedArg, sourceNode, sinkNode) -select printedArg, sourceNode, sinkNode, "Cross-site scripting vulnerability due to $@.", query, - "this query data" +module Flow = TaintTracking::Global; + +from QueryString query, Flow::PathNode sourceNode, Flow::PathNode sinkNode +where + Flow::flowPath(sourceNode, sinkNode) and + query = sourceNode.getNode().asIndirectExpr() +select sinkNode.getNode(), sourceNode, sinkNode, "Cross-site scripting vulnerability due to $@.", + query, "this query data" diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql index 471aa8b42b8..1872234ead2 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql @@ -82,36 +82,20 @@ module ValidState { * library will perform, and visit all the places where the size argument is modified. * 2. Once that dataflow traversal is done, we accumulate the offsets added at each places * where the offset is modified (see `validStateImpl`). - * - * Because we want to guarantee that each place where we modify the offset has a `PathNode` - * we "flip" a boolean flow state in each `isAdditionalFlowStep`. This ensures that the node - * has a corresponding `PathNode`. */ - private module ValidStateConfig implements DataFlow::StateConfigSig { - class FlowState = boolean; + private module ValidStateConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { hasSize(_, source, _) } - predicate isSource(DataFlow::Node source, FlowState state) { - hasSize(_, source, _) and - state = false - } + predicate isSink(DataFlow::Node sink) { isSinkPairImpl(_, _, sink, _, _) } - predicate isSink(DataFlow::Node sink, FlowState state) { - isSinkPairImpl(_, _, sink, _, _) and - state = [false, true] - } - - predicate isAdditionalFlowStep( - DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 - ) { - isAdditionalFlowStep2(node1, node2, _) and - state1 = [false, true] and - state2 = state1.booleanNot() + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isAdditionalFlowStep2(node1, node2, _) } predicate includeHiddenNodes() { any() } } - private import DataFlow::GlobalWithState + private import DataFlow::Global private predicate inLoop(PathNode n) { n.getASuccessor+() = n } diff --git a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md b/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md deleted file mode 100644 index d8207a75604..00000000000 --- a/cpp/ql/src/change-notes/2023-08-21-invalid-pointer-deref.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. diff --git a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md b/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md deleted file mode 100644 index 74b8e6910da..00000000000 --- a/cpp/ql/src/change-notes/2023-08-24-no-taint-argv-indirections.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. diff --git a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md b/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md deleted file mode 100644 index f4dcc011a29..00000000000 --- a/cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md b/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md deleted file mode 100644 index 8872ba413fb..00000000000 --- a/cpp/ql/src/change-notes/2023-08-25-compare-where-assign-meant.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. diff --git a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md b/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md deleted file mode 100644 index e8a2160f4c2..00000000000 --- a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The number of duplicated dataflow paths reported by queries has been significantly reduced. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md b/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md deleted file mode 100644 index 1839120619b..00000000000 --- a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives - in cases where a non-returning function is called. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/released/0.7.4.md b/cpp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..bdec41d4f69 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,11 @@ +## 0.7.4 + +### New Queries + +* Added a new query, `cpp/invalid-pointer-deref`, to detect out-of-bounds pointer reads and writes. + +### Minor Analysis Improvements + +* The "Comparison where assignment was intended" query (`cpp/compare-where-assign-meant`) no longer reports comparisons that appear in macro expansions. +* Some queries that had repeated results corresponding to different levels of indirection for `argv` now only have a single result. +* The `cpp/non-constant-format` query no longer considers an assignment on the right-hand side of another assignment to be a source of non-constant format strings. As a result, the query may now produce fewer results. diff --git a/cpp/ql/src/change-notes/released/0.7.5.md b/cpp/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 00000000000..b2759d5bd80 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/cpp/ql/src/change-notes/released/0.8.0.md b/cpp/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..664e8760f48 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,12 @@ +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. diff --git a/cpp/ql/src/change-notes/released/0.8.1.md b/cpp/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..b8456ca8f7c --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,7 @@ +## 0.8.1 + +### New Queries + +* The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null. + + Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index a4ea9c8de17..2f693f95ba6 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.8.1 diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql b/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql new file mode 100644 index 00000000000..722449d2fe4 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql @@ -0,0 +1,19 @@ +/** + * @name Unknown key generation key size + * @description + * @id cpp/unknown-asymmetric-key-gen-size + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-326 + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg +where + alg = op.getAlgorithm() and + not alg instanceof EllipticCurveAlgorithm and + not exists(op.getKeySizeInBits(alg)) +select op, "Use of unknown asymmetric key size for algorithm $@", alg, alg.getName().toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql new file mode 100644 index 00000000000..c11e01acf0c --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql @@ -0,0 +1,23 @@ +/** + * @name Weak asymmetric key generation key size (< 2048 bits) + * @description + * @id cpp/weak-asymmetric-key-gen-size + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-326 + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg, Expr configSrc, int size +where + alg = op.getAlgorithm() and + not alg instanceof EllipticCurveAlgorithm and + configSrc = op.getKeyConfigurationSource(alg) and + size = configSrc.getValue().toInt() and + size < 2048 +select op, + "Use of weak asymmetric key size (in bits) " + size + " configured at $@ for algorithm $@", + configSrc, configSrc.toString(), alg, alg.getName().toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql new file mode 100644 index 00000000000..8242bc14438 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql @@ -0,0 +1,34 @@ +/** + * @name Weak block mode + * @description Finds uses of symmetric encryption block modes that are weak, obsolete, or otherwise unaccepted. + * @id cpp/weak-block-mode + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + */ + +import cpp +import experimental.cryptography.Concepts + +from BlockModeAlgorithm alg, string name, string msg, Expr confSink +where + exists(string tmpMsg | + ( + name = alg.getBlockModeName() and + name = unknownAlgorithm() and + tmpMsg = "Use of unrecognized block mode algorithm." + or + name != unknownAlgorithm() and + name = alg.getBlockModeName() and + not name = ["CBC", "CTS", "XTS"] and + tmpMsg = "Use of weak block mode algorithm " + name + "." + ) and + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = tmpMsg + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql new file mode 100644 index 00000000000..f51795bad95 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql @@ -0,0 +1,40 @@ +/** + * @name Weak elliptic curve + * @description Finds uses of weak, unknown, or otherwise unaccepted elliptic curve algorithms. + * @id cpp/weak-elliptic-curve + * @kind problem + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + */ + +import cpp +import experimental.cryptography.Concepts + +from EllipticCurveAlgorithm alg, string name, string msg, Expr confSink +where + exists(string tmpMsg | + ( + name = alg.getCurveName() and + name = unknownAlgorithm() and + tmpMsg = "Use of unrecognized curve algorithm." + or + name != unknownAlgorithm() and + name = alg.getCurveName() and + not name = + [ + "SECP256R1", "PRIME256V1", //P-256 + "SECP384R1", //P-384 + "SECP521R1", //P-521 + "ED25519", "X25519" + ] and + tmpMsg = "Use of weak curve algorithm " + name + "." + ) and + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = tmpMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = tmpMsg + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql new file mode 100644 index 00000000000..d8d5c4e4a56 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql @@ -0,0 +1,41 @@ +/** + * @name Weak cryptography + * @description Finds explicit uses of symmetric encryption algorithms that are weak, unknown, or otherwise unaccepted. + * @kind problem + * @id cpp/weak-crypto/banned-encryption-algorithms + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + */ + +import cpp +import experimental.cryptography.Concepts + +from SymmetricEncryptionAlgorithm alg, Expr confSink, string msg +where + exists(string resMsg | + ( + if alg.getEncryptionName() = unknownAlgorithm() + then ( + alg instanceof Literal and + resMsg = + "Use of unrecognized symmetric encryption algorithm: " + + alg.(Literal).getValueText().toString() + "." + or + not alg instanceof Literal and + resMsg = "Use of unrecognized symmetric encryption algorithm." + ) else ( + not alg.getEncryptionName().matches("AES%") and + resMsg = "Use of banned symmetric encryption algorithm: " + alg.getEncryptionName() + "." + ) + ) and + ( + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = resMsg + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = resMsg + ) + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql b/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql new file mode 100644 index 00000000000..8b6835d9b26 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql @@ -0,0 +1,36 @@ +/** + * @name Weak cryptography + * @description Finds explicit uses of cryptographic hash algorithms that are weak and obsolete. + * @kind problem + * @id cpp/weak-crypto/banned-hash-algorithms + * @problem.severity error + * @precision high + * @tags external/cwe/cwe-327 + */ + +import cpp +import semmle.code.cpp.dataflow.DataFlow as ASTDataFlow +import experimental.cryptography.Concepts + +from HashAlgorithm alg, Expr confSink, string msg +where + exists(string name, string msgTmp | name = alg.getHashName() | + not name = ["SHA256", "SHA384", "SHA512"] and + ( + if name = unknownAlgorithm() + then + not alg instanceof Literal and msgTmp = "Use of unrecognized hash algorithm." + or + alg instanceof Literal and + msgTmp = + "Use of unrecognized hash algorithm: " + alg.(Literal).getValueText().toString() + "." + else msgTmp = "Use of banned hash algorithm " + name + "." + ) and + if alg.hasConfigurationSink() and alg.configurationSink() != alg + then ( + confSink = alg.configurationSink() and msg = msgTmp + " Algorithm used at sink: $@." + ) else ( + confSink = alg and msg = msgTmp + ) + ) +select alg, msg, confSink, confSink.toString() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql new file mode 100644 index 00000000000..138664b7665 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name All Asymmetric Algorithms + * @description Finds all potential usage of asymmeric keys (RSA & ECC) using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/all-asymmetric-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricAlgorithm alg +select alg, "Use of algorithm " + alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql new file mode 100644 index 00000000000..1fe71b00a58 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name All Cryptographic Algorithms + * @description Finds all potential usage of cryptographic algorithms usage using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/all-cryptographic-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from CryptographicAlgorithm alg +select alg, "Use of algorithm " + alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql new file mode 100644 index 00000000000..29e429af95f --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Asymmetric Encryption Algorithms + * @description Finds all potential usage of asymmeric keys for encryption or key exchange using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/all-asymmetric-encryption-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricEncryptionAlgorithm alg +select alg, "Use of algorithm " + alg.getEncryptionName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql new file mode 100644 index 00000000000..e12ac07604f --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Asymmetric Padding Schemes + * @description Finds all potential usage of padding schemes used with asymmeric algorithms. + * @kind problem + * @id cpp/quantum-readiness/cbom/asymmetric-padding-schemes + * @problem.severity error + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +// TODO: currently not modeled for any API +from AsymmetricPadding alg +select alg, "Use of algorithm " + alg.getPaddingName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql new file mode 100644 index 00000000000..d855e50ea88 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Authenticated Encryption Algorithms + * @description Finds all potential usage of authenticated encryption schemes using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/authenticated-encryption-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from AuthenticatedEncryptionAlgorithm alg +select alg, "Use of algorithm " + alg.getAuthticatedEncryptionName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql new file mode 100644 index 00000000000..36b5d52a7c1 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Block cipher mode of operation + * @description Finds all potential block cipher modes of operations using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/block-cipher-mode + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from BlockModeAlgorithm alg +select alg, "Use of algorithm " + alg.getBlockModeName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql new file mode 100644 index 00000000000..6b91e84edba --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql @@ -0,0 +1,17 @@ +/** + * @name Initialization Vector (IV) or nonces + * @description Finds all potential sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/iv-sources + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +// TODO: currently not modeled for any API +from BlockModeAlgorithm alg +select alg.getIVorNonce(), "Block mode IV/Nonce source" diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql new file mode 100644 index 00000000000..6acf3bb598f --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql @@ -0,0 +1,18 @@ +/** + * @name Unknown Initialization Vector (IV) or nonces + * @description Finds all potentially unknown sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/unkown-iv-sources + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +// TODO: currently not modeled for any API +from BlockModeAlgorithm alg +where not alg.hasIVorNonce() +select alg, "Block mode with unknown IV or Nonce configuration" diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql new file mode 100644 index 00000000000..ad9206b5ba4 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql @@ -0,0 +1,20 @@ +/** + * @name Elliptic Curve Key length + * @description Finds all potential key lengths for elliptic curve algorithms usage. + * @kind problem + * @id cpp/quantum-readiness/cbom/elliptic-curve-key-length + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from EllipticCurveAlgorithm alg, string size +where + if not exists(alg.getCurveBitSize()) + then size = "UNKNOWN SIZE" + else size = alg.getCurveBitSize().toString() +select alg, "Use of algorithm " + alg.getCurveName() + " with key size (in bits) " + size diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql new file mode 100644 index 00000000000..06aa44cd1bb --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Elliptic Curve Algorithms + * @description Finds all potential usage of elliptic curve algorithms using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/elliptic-curve-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from EllipticCurveAlgorithm alg +select alg, "Use of algorithm " + alg.getCurveName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql new file mode 100644 index 00000000000..175ba39e138 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Hash Algorithms + * @description Finds all potential usage of cryptographic hash algorithms using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/hash-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from HashAlgorithm alg +select alg, "Use of algorithm " + alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql new file mode 100644 index 00000000000..7f7ceb17c39 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Key Exchange Algorithms + * @description Finds all potential usage of key exchange using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/key-exchange + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from KeyExchangeAlgorithm alg +select alg, "Use of algorithm " + alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql new file mode 100644 index 00000000000..34fca159fdb --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql @@ -0,0 +1,20 @@ +/** + * @name Known asymmetric key source generation + * @description Finds all known potential sources for asymmetric key generation while using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/asymmetric-key-generation + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricKeyGeneration op, CryptographicAlgorithm alg, Expr configSrc +where + alg = op.getAlgorithm() and + configSrc = op.getKeyConfigurationSource(alg) +select op, "Key generator for algorithm $@ with key configuration $@", alg, alg.getName(), + configSrc, configSrc.toString() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql new file mode 100644 index 00000000000..b052e48a664 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql @@ -0,0 +1,17 @@ +/** + * @name Signing Algorithms + * @description Finds all potential usage of signing algorithms using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/signing-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +// TODO: currently not modeled for any API +from SigningAlgorithm alg +select alg, "Use of algorithm " + alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql new file mode 100644 index 00000000000..2a4c3f1056a --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Symmetric Encryption Algorithms + * @description Finds all potential usage of symmetric encryption algorithms using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/symmetric-encryption-algorithms + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from SymmetricEncryptionAlgorithm alg +select alg, "Use of algorithm " + alg.getEncryptionName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql new file mode 100644 index 00000000000..9b6c34a8698 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql @@ -0,0 +1,16 @@ +/** + * @name Symmetric Padding Schemes + * @description Finds all potential usage of padding schemes used with symmeric algorithms. + * @kind problem + * @id cpp/quantum-readiness/cbom/symmetric-padding-schemes + * @problem.severity error + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +// TODO: currently not modeled for any API +from SymmetricPadding alg +select alg, "Use of algorithm " + alg.getPaddingName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql b/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql new file mode 100644 index 00000000000..63ab3fdcffb --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql @@ -0,0 +1,19 @@ +/** + * @name Unknown asymmetric key source generation + * @description Finds all unknown potential sources for asymmetric key generation while using the supported libraries. + * @kind problem + * @id cpp/quantum-readiness/cbom/unkwon-asymmetric-key-generation + * @problem.severity error + * @precision high + * @tags cbom + * cryptography + */ + +import cpp +import experimental.cryptography.Concepts + +from AsymmetricKeyGeneration op, CryptographicAlgorithm alg +where + alg = op.getAlgorithm() and + not op.hasKeyConfigurationSource(alg) +select op, "Key generator for algorithm $@ with unknown configuration source", alg, alg.getName() diff --git a/cpp/ql/src/experimental/cryptography/inventory/old_models/readme.md b/cpp/ql/src/experimental/cryptography/inventory/old_models/readme.md new file mode 100644 index 00000000000..c338bbc52e7 --- /dev/null +++ b/cpp/ql/src/experimental/cryptography/inventory/old_models/readme.md @@ -0,0 +1 @@ +No existing 'old models' for inventories \ No newline at end of file diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index fd076044593..ae91e0bd858 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,12 +1,12 @@ name: codeql/cpp-queries -version: 0.7.4-dev -groups: +version: 0.8.2-dev +groups: - cpp - queries dependencies: - codeql/cpp-all: ${workspace} - codeql/suite-helpers: ${workspace} - codeql/util: ${workspace} + codeql/cpp-all: ${workspace} + codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} suites: codeql-suites extractor: cpp defaultSuiteFile: codeql-suites/cpp-code-scanning.qls diff --git a/cpp/ql/test/examples/expressions/PrintAST.expected b/cpp/ql/test/examples/expressions/PrintAST.expected index 8de5ea5b9b0..511a4d55c15 100644 --- a/cpp/ql/test/examples/expressions/PrintAST.expected +++ b/cpp/ql/test/examples/expressions/PrintAST.expected @@ -763,7 +763,7 @@ StaticMemberAccess.cpp: # 7| ValueCategory = lvalue # 7| getRValue(): [VariableAccess] i # 7| Type = [IntType] int -# 7| ValueCategory = prvalue +# 7| ValueCategory = prvalue(load) # 7| getQualifier(): [VariableAccess] xref # 7| Type = [LValueReferenceType] X & # 7| ValueCategory = prvalue(load) @@ -1394,7 +1394,7 @@ union_etc.cpp: # 26| ValueCategory = lvalue # 26| getRValue(): [AssignExpr] ... = ... # 26| Type = [IntType] int -# 26| ValueCategory = prvalue +# 26| ValueCategory = prvalue(load) # 26| getLValue(): [ValueFieldAccess] e # 26| Type = [IntType] int # 26| ValueCategory = lvalue @@ -1406,7 +1406,7 @@ union_etc.cpp: # 26| ValueCategory = lvalue # 26| getRValue(): [AssignExpr] ... = ... # 26| Type = [IntType] int -# 26| ValueCategory = prvalue +# 26| ValueCategory = prvalue(load) # 26| getLValue(): [ValueFieldAccess] i # 26| Type = [IntType] int # 26| ValueCategory = lvalue diff --git a/cpp/ql/test/experimental/library-tests/rangeanalysis/signanalysis/SignAnalysis.expected b/cpp/ql/test/experimental/library-tests/rangeanalysis/signanalysis/SignAnalysis.expected index 438bc9173f2..7a73b0dabeb 100644 --- a/cpp/ql/test/experimental/library-tests/rangeanalysis/signanalysis/SignAnalysis.expected +++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/signanalysis/SignAnalysis.expected @@ -675,6 +675,7 @@ | test.c:398:9:398:22 | CopyValue: ... , ... | positive strictlyPositive | | test.c:398:14:398:14 | Load: y | positive strictlyPositive | | test.c:398:14:398:19 | Add: ... += ... | positive strictlyPositive | +| test.c:398:14:398:19 | Load: ... += ... | positive strictlyPositive | | test.c:398:14:398:19 | Store: ... += ... | positive strictlyPositive | | test.c:398:19:398:19 | Constant: (unsigned int)... | positive strictlyPositive | | test.c:398:22:398:22 | Load: y | positive strictlyPositive | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index b5bbc68dbd4..47c32f67e4b 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -35,7 +35,7 @@ edges | test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | | test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | | test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | -| test.cpp:146:26:146:26 | p indirection | test.cpp:148:6:148:9 | * ... | +| test.cpp:146:26:146:26 | p indirection | test.cpp:147:4:147:9 | -- ... | | test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | | test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | & ... indirection | | test.cpp:158:17:158:18 | & ... indirection | test.cpp:146:26:146:26 | p indirection | @@ -122,7 +122,7 @@ nodes | test.cpp:143:18:143:21 | asdf | semmle.label | asdf | | test.cpp:143:18:143:21 | asdf | semmle.label | asdf | | test.cpp:146:26:146:26 | p indirection | semmle.label | p indirection | -| test.cpp:148:6:148:9 | * ... | semmle.label | * ... | +| test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... | | test.cpp:156:12:156:14 | buf | semmle.label | buf | | test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... | | test.cpp:158:17:158:18 | & ... indirection | semmle.label | & ... indirection | @@ -175,7 +175,7 @@ subpaths | test.cpp:88:5:88:27 | PointerAdd: access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write | | test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write | | test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:143:18:143:21 | asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read | -| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:148:6:148:9 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | +| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write | | test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write | | test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write | | test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:286:19:286:25 | buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read | diff --git a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang421.c b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang421.c index 43e489fdffb..3c772b3be22 100644 --- a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang421.c +++ b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang421.c @@ -1,2 +1,2 @@ static int clang421 = __has_feature(attribute_deprecated_with_message); -// semmle-extractor-options: --gnu_version 40201 --edg --clang +// semmle-extractor-options: --gnu_version 40201 --clang_version 30400 diff --git a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang450.c b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang450.c index 80b0a5a8711..8c43f17d718 100644 --- a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang450.c +++ b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/clang450.c @@ -1,2 +1,2 @@ static int clang450 = __has_feature(attribute_deprecated_with_message); -// semmle-extractor-options: --gnu_version 40500 --edg --clang +// semmle-extractor-options: --gnu_version 40500 --clang_version 30500 diff --git a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc421.c b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc421.c index 25ca6a4f694..7f4e4f4d380 100644 --- a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc421.c +++ b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc421.c @@ -1,2 +1,2 @@ static int gcc421 = __has_feature(attribute_deprecated_with_message); -// semmle-extractor-options: --gnu_version 40201 --edg --clang +// semmle-extractor-options: --gnu_version 40201 diff --git a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc450.c b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc450.c index e10dd05dfc8..a49c8865163 100644 --- a/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc450.c +++ b/cpp/ql/test/library-tests/attributes/deprecated_with_msg/gcc450.c @@ -1,2 +1,2 @@ static int gcc450 = __has_feature(attribute_deprecated_with_message); -// semmle-extractor-options: --gnu_version 40500 --edg --clang +// semmle-extractor-options: --gnu_version 40500 diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected index 4cac8898022..fe5eed1b916 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected @@ -1,4 +1,4 @@ WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:10,8-47) WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:21,3-28) -failures testFailures +failures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index 0f39caf8a71..b7b2a8eab90 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -14,6 +14,7 @@ localCallNodes postIsNotPre postHasUniquePre uniquePostUpdate +| example.c:24:13:24:18 | coords indirection | Node has multiple PostUpdateNodes. | postIsInSameCallable reverseRead argHasPostUpdate diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index c49d9092cd7..c5f7ffcf160 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -788,4 +788,12 @@ void test_sometimes_calls_sink_switch() { sometimes_calls_sink_switch(source(), 1); sometimes_calls_sink_switch(0, 0); sometimes_calls_sink_switch(source(), 0); +} + +void intPointerSource(int *ref_source, const int* another_arg); + +void test() { + MyStruct a; + intPointerSource(a.content, a.content); + indirect_sink(a.content); // $ ast ir } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected index a77f3044647..c63c723118b 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected @@ -1,3 +1,3 @@ -failures astTypeBugs irTypeBugs +failures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected index dc5ea865b94..72290967857 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected @@ -46,3 +46,6 @@ | test.cpp:595:8:595:9 | xs | test.cpp:597:9:597:10 | xs | | test.cpp:733:7:733:7 | x | test.cpp:734:41:734:41 | x | | test.cpp:733:7:733:7 | x | test.cpp:735:8:735:8 | x | +| test.cpp:796:12:796:12 | a | test.cpp:797:20:797:20 | a | +| test.cpp:796:12:796:12 | a | test.cpp:797:31:797:31 | a | +| test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a | diff --git a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll index 494d15efb9c..9a30be4f9d9 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll @@ -1,6 +1,19 @@ private import semmle.code.cpp.ir.dataflow.DataFlow private import DataFlow +private class TestAdditionalCallTarget extends AdditionalCallTarget { + override Function viableTarget(Call call) { + // To test that call targets specified by `AdditionalCallTarget` are + // resolved correctly this subclass resolves all calls to + // `call_template_argument(x)` as if the user had written `f(x)`. + exists(FunctionTemplateInstantiation inst | + inst.getTemplate().hasName("call_template_argument") and + call.getTarget() = inst and + result = inst.getTemplateArgument(0).(FunctionAccess).getTarget() + ) + } +} + module IRConfig implements ConfigSig { predicate isSource(Node src) { src.asExpr() instanceof NewExpr diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected index 9c30be7684a..f6284e9713a 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected @@ -770,6 +770,9 @@ edges | simple.cpp:92:7:92:7 | a indirection [post update] [i] | simple.cpp:94:10:94:11 | a2 indirection [i] | | simple.cpp:92:11:92:20 | call to user_input | simple.cpp:92:5:92:22 | ... = ... | | simple.cpp:94:10:94:11 | a2 indirection [i] | simple.cpp:94:13:94:13 | i | +| simple.cpp:103:24:103:24 | x | simple.cpp:104:14:104:14 | x | +| simple.cpp:108:17:108:26 | call to user_input | simple.cpp:109:43:109:43 | x | +| simple.cpp:109:43:109:43 | x | simple.cpp:103:24:103:24 | x | | struct_init.c:14:24:14:25 | ab indirection [a] | struct_init.c:15:8:15:9 | ab indirection [a] | | struct_init.c:15:8:15:9 | ab indirection [a] | struct_init.c:15:12:15:12 | a | | struct_init.c:20:13:20:14 | definition of ab indirection [a] | struct_init.c:22:8:22:9 | ab indirection [a] | @@ -1576,6 +1579,10 @@ nodes | simple.cpp:92:11:92:20 | call to user_input | semmle.label | call to user_input | | simple.cpp:94:10:94:11 | a2 indirection [i] | semmle.label | a2 indirection [i] | | simple.cpp:94:13:94:13 | i | semmle.label | i | +| simple.cpp:103:24:103:24 | x | semmle.label | x | +| simple.cpp:104:14:104:14 | x | semmle.label | x | +| simple.cpp:108:17:108:26 | call to user_input | semmle.label | call to user_input | +| simple.cpp:109:43:109:43 | x | semmle.label | x | | struct_init.c:14:24:14:25 | ab indirection [a] | semmle.label | ab indirection [a] | | struct_init.c:15:8:15:9 | ab indirection [a] | semmle.label | ab indirection [a] | | struct_init.c:15:12:15:12 | a | semmle.label | a | @@ -1782,6 +1789,7 @@ subpaths | simple.cpp:67:13:67:13 | i | simple.cpp:65:11:65:20 | call to user_input | simple.cpp:67:13:67:13 | i | i flows from $@ | simple.cpp:65:11:65:20 | call to user_input | call to user_input | | simple.cpp:84:14:84:20 | call to getf2f1 | simple.cpp:83:17:83:26 | call to user_input | simple.cpp:84:14:84:20 | call to getf2f1 | call to getf2f1 flows from $@ | simple.cpp:83:17:83:26 | call to user_input | call to user_input | | simple.cpp:94:13:94:13 | i | simple.cpp:92:11:92:20 | call to user_input | simple.cpp:94:13:94:13 | i | i flows from $@ | simple.cpp:92:11:92:20 | call to user_input | call to user_input | +| simple.cpp:104:14:104:14 | x | simple.cpp:108:17:108:26 | call to user_input | simple.cpp:104:14:104:14 | x | x flows from $@ | simple.cpp:108:17:108:26 | call to user_input | call to user_input | | struct_init.c:15:12:15:12 | a | struct_init.c:20:20:20:29 | call to user_input | struct_init.c:15:12:15:12 | a | a flows from $@ | struct_init.c:20:20:20:29 | call to user_input | call to user_input | | struct_init.c:15:12:15:12 | a | struct_init.c:27:7:27:16 | call to user_input | struct_init.c:15:12:15:12 | a | a flows from $@ | struct_init.c:27:7:27:16 | call to user_input | call to user_input | | struct_init.c:15:12:15:12 | a | struct_init.c:40:20:40:29 | call to user_input | struct_init.c:15:12:15:12 | a | a flows from $@ | struct_init.c:40:20:40:29 | call to user_input | call to user_input | diff --git a/cpp/ql/test/library-tests/dataflow/fields/simple.cpp b/cpp/ql/test/library-tests/dataflow/fields/simple.cpp index e4d4f70edb0..36756689855 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/simple.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/simple.cpp @@ -94,4 +94,21 @@ void single_field_test_typedef(A_typedef a) sink(a2.i); //$ ast,ir } +namespace TestAdditionalCallTargets { + + using TakesIntReturnsVoid = void(*)(int); + template + void call_template_argument(int); + + void call_sink(int x) { + sink(x); // $ ir + } + + void test_additional_call_targets() { + int x = user_input(); + call_template_argument(x); + } + +} + } // namespace Simple diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp index 0390927d790..404d6627b27 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp @@ -165,9 +165,9 @@ void test_map() // array-like access std::map m10, m11, m12, m13; sink(m10["abc"] = "def"); - sink(m11["abc"] = source()); // $ ast ir=168:7 ir=168:20 + sink(m11["abc"] = source()); // $ ast,ir sink(m12.at("abc") = "def"); - sink(m13.at("abc") = source()); // $ ast ir=170:7 ir=170:23 + sink(m13.at("abc") = source()); // $ ast,ir sink(m10["abc"]); sink(m11["abc"]); // $ ast,ir sink(m12["abc"]); @@ -317,9 +317,9 @@ void test_unordered_map() // array-like access std::unordered_map m10, m11, m12, m13; sink(m10["abc"] = "def"); - sink(m11["abc"] = source()); // $ ast ir=320:7 ir=320:20 + sink(m11["abc"] = source()); // $ ast,ir sink(m12.at("abc") = "def"); - sink(m13.at("abc") = source()); // $ ast ir=322:7 ir=322:23 + sink(m13.at("abc") = source()); // $ ast,ir sink(m10["abc"]); sink(m11["abc"]); // $ ast,ir sink(m12["abc"]); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp index fd34adbec46..2df0fc85bb6 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp @@ -13,8 +13,8 @@ void arithAssignments(int source1, int clean1) { source1++; ++source1; source1 += 1; - sink(source1); // $ ast ir=12:13 ir=12:22 - sink(++source1); // $ ast ir=12:13 ir=12:22 + sink(source1); // $ ast,ir + sink(++source1); // $ ast,ir } // --- globals --- diff --git a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected index 65caa9704c5..f98a26d215e 100644 --- a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected +++ b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected @@ -1761,7 +1761,7 @@ ir.c: # 9| ValueCategory = lvalue # 9| getRValue(): [AssignExpr] ... = ... # 9| Type = [IntType] int -# 9| ValueCategory = prvalue +# 9| ValueCategory = prvalue(load) # 9| getLValue(): [ValueFieldAccess] y # 9| Type = [IntType] int # 9| ValueCategory = lvalue @@ -2675,7 +2675,7 @@ ir.cpp: # 101| ValueCategory = lvalue # 101| getRValue(): [PrefixIncrExpr] ++ ... # 101| Type = [IntType] int -# 101| ValueCategory = prvalue +# 101| ValueCategory = prvalue(load) # 101| getOperand(): [VariableAccess] x # 101| Type = [IntType] int # 101| ValueCategory = lvalue @@ -2688,7 +2688,7 @@ ir.cpp: # 102| ValueCategory = lvalue # 102| getRValue(): [PrefixDecrExpr] -- ... # 102| Type = [IntType] int -# 102| ValueCategory = prvalue +# 102| ValueCategory = prvalue(load) # 102| getOperand(): [VariableAccess] x # 102| Type = [IntType] int # 102| ValueCategory = lvalue @@ -3041,7 +3041,7 @@ ir.cpp: # 147| ValueCategory = lvalue # 147| getRValue(): [PrefixIncrExpr] ++ ... # 147| Type = [FloatType] float -# 147| ValueCategory = prvalue +# 147| ValueCategory = prvalue(load) # 147| getOperand(): [VariableAccess] x # 147| Type = [FloatType] float # 147| ValueCategory = lvalue @@ -3054,7 +3054,7 @@ ir.cpp: # 148| ValueCategory = lvalue # 148| getRValue(): [PrefixDecrExpr] -- ... # 148| Type = [FloatType] float -# 148| ValueCategory = prvalue +# 148| ValueCategory = prvalue(load) # 148| getOperand(): [VariableAccess] x # 148| Type = [FloatType] float # 148| ValueCategory = lvalue @@ -3557,7 +3557,7 @@ ir.cpp: # 207| ValueCategory = lvalue # 207| getRValue(): [PrefixIncrExpr] ++ ... # 207| Type = [IntPointerType] int * -# 207| ValueCategory = prvalue +# 207| ValueCategory = prvalue(load) # 207| getOperand(): [VariableAccess] p # 207| Type = [IntPointerType] int * # 207| ValueCategory = lvalue @@ -3570,7 +3570,7 @@ ir.cpp: # 208| ValueCategory = lvalue # 208| getRValue(): [PrefixDecrExpr] -- ... # 208| Type = [IntPointerType] int * -# 208| ValueCategory = prvalue +# 208| ValueCategory = prvalue(load) # 208| getOperand(): [VariableAccess] p # 208| Type = [IntPointerType] int * # 208| ValueCategory = lvalue @@ -4825,7 +4825,7 @@ ir.cpp: # 483| getVariable().getInitializer(): [Initializer] initializer for z # 483| getExpr(): [ConditionalExpr] ... ? ... : ... # 483| Type = [IntType] int -# 483| ValueCategory = prvalue +# 483| ValueCategory = prvalue(load) # 483| getCondition(): [VariableAccess] a # 483| Type = [BoolType] bool # 483| ValueCategory = prvalue(load) @@ -6025,7 +6025,7 @@ ir.cpp: # 705| getStmt(0): [ReturnStmt] return ... # 705| getExpr(): [ConditionalExpr] ... ? ... : ... # 705| Type = [UnknownType] unknown -# 705| ValueCategory = prvalue(load) +# 705| ValueCategory = prvalue # 705| getCondition(): [LTExpr] ... < ... # 705| Type = [UnknownType] unknown # 705| ValueCategory = prvalue @@ -6058,7 +6058,7 @@ ir.cpp: # 705| getStmt(0): [ReturnStmt] return ... # 705| getExpr(): [ConditionalExpr] ... ? ... : ... # 705| Type = [IntType] int -# 705| ValueCategory = prvalue +# 705| ValueCategory = prvalue(load) # 705| getCondition(): [LTExpr] ... < ... # 705| Type = [BoolType] bool # 705| ValueCategory = prvalue @@ -7864,7 +7864,7 @@ ir.cpp: # 915| getVariable().getInitializer(): [Initializer] initializer for b # 915| getExpr(): [ConditionalExpr] ... ? ... : ... # 915| Type = [IntType] int -# 915| ValueCategory = prvalue +# 915| ValueCategory = prvalue(load) # 915| getCondition(): [Literal] 1 # 915| Type = [BoolType] bool # 915| Value = [Literal] 1 @@ -8633,6 +8633,9 @@ ir.cpp: # 1038| : #-----| getParameter(0): [Parameter] (unnamed parameter 0) #-----| Type = [RValueReferenceType] lambda [] type at line 1038, col. 12 && +# 1038| : +# 1038| getEntryPoint(): [BlockStmt] { ... } +# 1038| getStmt(0): [ReturnStmt] return ... # 1038| [Constructor] void (lambda [] type at line 1038, col. 12)::(unnamed constructor)() # 1038| : # 1038| [MemberFunction] void (lambda [] type at line 1038, col. 12)::_FUN() @@ -8963,6 +8966,9 @@ ir.cpp: # 1041| : #-----| getParameter(0): [Parameter] (unnamed parameter 0) #-----| Type = [RValueReferenceType] lambda [] type at line 1041, col. 23 && +# 1041| : +# 1041| getEntryPoint(): [BlockStmt] { ... } +# 1041| getStmt(0): [ReturnStmt] return ... # 1041| [Constructor] void (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::(unnamed constructor)() # 1041| : # 1041| [MemberFunction] char (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::_FUN(float) @@ -10456,7 +10462,7 @@ ir.cpp: # 1301| ValueCategory = lvalue # 1301| getRValue(): [ConditionalExpr] ... ? ... : ... # 1301| Type = [IntType] int -# 1301| ValueCategory = prvalue +# 1301| ValueCategory = prvalue(load) # 1301| getCondition(): [VariableAccess] b # 1301| Type = [BoolType] bool # 1301| ValueCategory = prvalue(load) @@ -10472,7 +10478,7 @@ ir.cpp: # 1302| ValueCategory = lvalue # 1302| getRValue(): [ConditionalExpr] ... ? ... : ... # 1302| Type = [LongType] long -# 1302| ValueCategory = prvalue +# 1302| ValueCategory = prvalue(load) # 1302| getCondition(): [VariableAccess] b # 1302| Type = [BoolType] bool # 1302| ValueCategory = prvalue(load) @@ -10492,7 +10498,7 @@ ir.cpp: # 1303| ValueCategory = lvalue # 1303| getRValue(): [ConditionalExpr] ... ? ... : ... # 1303| Type = [IntType] int -# 1303| ValueCategory = prvalue +# 1303| ValueCategory = prvalue(load) # 1303| getCondition(): [VariableAccess] x # 1303| Type = [IntType] int # 1303| ValueCategory = prvalue(load) @@ -10512,7 +10518,7 @@ ir.cpp: # 1304| ValueCategory = lvalue # 1304| getRValue(): [ConditionalExpr] ... ? ... : ... # 1304| Type = [LongType] long -# 1304| ValueCategory = prvalue +# 1304| ValueCategory = prvalue(load) # 1304| getCondition(): [VariableAccess] x # 1304| Type = [IntType] int # 1304| ValueCategory = prvalue(load) @@ -10536,7 +10542,7 @@ ir.cpp: # 1305| ValueCategory = lvalue # 1305| getRValue(): [ConditionalExpr] ... ? ... : ... # 1305| Type = [LongType] long -# 1305| ValueCategory = prvalue +# 1305| ValueCategory = prvalue(load) # 1305| getCondition(): [VariableAccess] y # 1305| Type = [LongType] long # 1305| ValueCategory = prvalue(load) @@ -10564,7 +10570,7 @@ ir.cpp: # 1306| ValueCategory = lvalue # 1306| getRValue(): [ConditionalExpr] ... ? ... : ... # 1306| Type = [LongType] long -# 1306| ValueCategory = prvalue +# 1306| ValueCategory = prvalue(load) # 1306| getCondition(): [VariableAccess] y # 1306| Type = [LongType] long # 1306| ValueCategory = prvalue(load) @@ -10588,7 +10594,7 @@ ir.cpp: # 1308| ValueCategory = lvalue # 1308| getRValue(): [ConditionalExpr] ... ? ... : ... # 1308| Type = [IntType] int -# 1308| ValueCategory = prvalue +# 1308| ValueCategory = prvalue(load) # 1308| getCondition(): [LogicalOrExpr] ... || ... # 1308| Type = [BoolType] bool # 1308| ValueCategory = prvalue @@ -10633,7 +10639,7 @@ ir.cpp: # 1315| getStmt(0): [ReturnStmt] return ... # 1315| getExpr(): [ConditionalExpr] ... ? ... : ... # 1315| Type = [IntType] int -# 1315| ValueCategory = prvalue +# 1315| ValueCategory = prvalue(load) # 1315| getCondition(): [LogicalAndExpr] ... && ... # 1315| Type = [BoolType] bool # 1315| ValueCategory = prvalue @@ -10949,7 +10955,7 @@ ir.cpp: # 1376| ValueCategory = prvalue # 1376| getExpr().getFullyConverted(): [TemporaryObjectExpr] temporary object # 1376| Type = [Struct] String -# 1376| ValueCategory = prvalue(load) +# 1376| ValueCategory = prvalue # 1377| getStmt(9): [ReturnStmt] return ... # 1379| [TopLevelFunction] void temporary_destructor_only() # 1379| : @@ -11032,7 +11038,7 @@ ir.cpp: # 1388| ValueCategory = prvalue # 1388| getExpr().getFullyConverted(): [TemporaryObjectExpr] temporary object # 1388| Type = [Class] destructor_only -# 1388| ValueCategory = prvalue(load) +# 1388| ValueCategory = prvalue # 1389| getStmt(8): [ReturnStmt] return ... # 1391| [TopLevelFunction] void temporary_copy_constructor() # 1391| : @@ -11128,7 +11134,7 @@ ir.cpp: # 1399| ValueCategory = prvalue # 1399| getExpr().getFullyConverted(): [TemporaryObjectExpr] temporary object # 1399| Type = [Class] copy_constructor -# 1399| ValueCategory = prvalue(load) +# 1399| ValueCategory = prvalue # 1401| getStmt(8): [DeclStmt] declaration # 1401| getDeclarationEntry(0): [VariableDeclarationEntry] definition of y # 1401| Type = [IntType] int @@ -13368,9 +13374,6 @@ ir.cpp: # 1714| getExpr(): [TemporaryObjectExpr] temporary object # 1714| Type = [Class] TrivialLambdaClass # 1714| ValueCategory = lvalue -# 1714| getExpr(): [TemporaryObjectExpr] temporary object -# 1714| Type = [Class] TrivialLambdaClass -# 1714| ValueCategory = prvalue(load) # 1716| getStmt(2): [DeclStmt] declaration # 1716| getDeclarationEntry(0): [VariableDeclarationEntry] definition of l_outer1 # 1716| Type = [Closure,LocalClass] decltype([...](...){...}) @@ -14710,7 +14713,7 @@ ir.cpp: # 1930| ValueCategory = lvalue # 1930| getRValue(): [AssignExpr] ... = ... # 1930| Type = [IntType] int -# 1930| ValueCategory = prvalue +# 1930| ValueCategory = prvalue(load) # 1930| getLValue(): [VariableAccess] j # 1930| Type = [IntType] int # 1930| ValueCategory = lvalue @@ -14741,7 +14744,7 @@ ir.cpp: # 1935| ValueCategory = lvalue # 1935| getRValue(): [AssignAddExpr] ... += ... # 1935| Type = [IntType] int -# 1935| ValueCategory = prvalue +# 1935| ValueCategory = prvalue(load) # 1935| getLValue(): [VariableAccess] j # 1935| Type = [IntType] int # 1935| ValueCategory = lvalue @@ -14751,7 +14754,7 @@ ir.cpp: # 1935| ValueCategory = prvalue # 1935| getRValue().getFullyConverted(): [ParenthesisExpr] (...) # 1935| Type = [IntType] int -# 1935| ValueCategory = prvalue +# 1935| ValueCategory = prvalue(load) # 1936| getStmt(2): [ReturnStmt] return ... # 1938| [CopyAssignmentOperator] D& D::operator=(D const&) # 1938| : @@ -15040,7 +15043,7 @@ ir.cpp: # 1993| ValueCategory = lvalue # 1993| getRValue(): [FunctionAccess] StaticMemberFunction # 1993| Type = [FunctionPointerType] ..(*)(..) -# 1993| ValueCategory = prvalue +# 1993| ValueCategory = prvalue(load) # 1993| getQualifier(): [VariableAccess] c # 1993| Type = [Class] C # 1993| ValueCategory = lvalue @@ -15065,7 +15068,7 @@ ir.cpp: # 1997| ValueCategory = lvalue # 1997| getRValue(): [ConditionalExpr] ... ? ... : ... # 1997| Type = [IntType] int -# 1997| ValueCategory = prvalue +# 1997| ValueCategory = prvalue(load) # 1997| getCondition(): [VariableAccess] a # 1997| Type = [BoolType] bool # 1997| ValueCategory = prvalue(load) @@ -15084,7 +15087,7 @@ ir.cpp: # 1998| ValueCategory = lvalue # 1998| getRValue(): [ConditionalExpr] ... ? ... : ... # 1998| Type = [IntType] int -# 1998| ValueCategory = prvalue +# 1998| ValueCategory = prvalue(load) # 1998| getCondition(): [VariableAccess] a # 1998| Type = [BoolType] bool # 1998| ValueCategory = prvalue(load) @@ -15168,7 +15171,7 @@ ir.cpp: # 2007| ValueCategory = lvalue # 2007| getRValue(): [ConditionalExpr] ... ? ... : ... # 2007| Type = [Struct] TernaryPodObj -# 2007| ValueCategory = prvalue +# 2007| ValueCategory = prvalue(load) # 2007| getCondition(): [VariableAccess] a # 2007| Type = [BoolType] bool # 2007| ValueCategory = prvalue(load) @@ -15249,7 +15252,7 @@ ir.cpp: # 2010| ValueCategory = lvalue # 2010| getRValue(): [ConditionalExpr] ... ? ... : ... # 2010| Type = [Struct] TernaryPodObj -# 2010| ValueCategory = prvalue +# 2010| ValueCategory = prvalue(load) # 2010| getCondition(): [VariableAccess] a # 2010| Type = [BoolType] bool # 2010| ValueCategory = prvalue(load) @@ -15501,7 +15504,7 @@ ir.cpp: # 2028| ValueCategory = lvalue # 2028| getRValue(): [ConditionalExpr] ... ? ... : ... # 2028| Type = [IntType] unsigned int -# 2028| ValueCategory = prvalue +# 2028| ValueCategory = prvalue(load) # 2028| getCondition(): [LTExpr] ... < ... # 2028| Type = [BoolType] bool # 2028| ValueCategory = prvalue @@ -15519,7 +15522,7 @@ ir.cpp: # 2028| ValueCategory = prvalue # 2029| getThen(): [CommaExpr] ... , ... # 2029| Type = [IntType] unsigned int -# 2029| ValueCategory = prvalue +# 2029| ValueCategory = prvalue(load) # 2029| getLeftOperand(): [FunctionCall] call to CommaTestHelper # 2029| Type = [VoidType] void # 2029| ValueCategory = prvalue @@ -15544,7 +15547,7 @@ ir.cpp: # 2030| ValueCategory = prvalue # 2029| getThen().getFullyConverted(): [ParenthesisExpr] (...) # 2029| Type = [IntType] unsigned int -# 2029| ValueCategory = prvalue +# 2029| ValueCategory = prvalue(load) # 2030| getElse().getFullyConverted(): [CStyleCast] (unsigned int)... # 2030| Conversion = [IntegralConversion] integral conversion # 2030| Type = [IntType] unsigned int diff --git a/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected b/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected index 6ca990145d5..150bed79ef4 100644 --- a/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected +++ b/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected @@ -765,7 +765,7 @@ ir.c: # 9| r9_6(glval) = FieldAddress[y] : r9_5 # 9| m9_7(int) = Store[?] : &:r9_6, r9_4 # 9| m9_8((unnamed class/struct/union)) = Chi : total:m8_10, partial:m9_7 -# 9| r9_9(int) = CopyValue : r9_4 +# 9| r9_9(int) = Load[?] : &:r9_6, m9_7 # 9| r9_10(glval<(unnamed class/struct/union)>) = VariableAddress[coords] : # 9| r9_11(glval) = FieldAddress[x] : r9_10 # 9| m9_12(int) = Store[?] : &:r9_11, r9_9 @@ -1187,15 +1187,17 @@ ir.cpp: # 101| r101_3(int) = Constant[1] : # 101| r101_4(int) = Add : r101_2, r101_3 # 101| m101_5(int) = Store[x] : &:r101_1, r101_4 -# 101| r101_6(glval) = VariableAddress[y] : -# 101| m101_7(int) = Store[y] : &:r101_6, r101_4 +# 101| r101_6(int) = Load[x] : &:r101_1, m101_5 +# 101| r101_7(glval) = VariableAddress[y] : +# 101| m101_8(int) = Store[y] : &:r101_7, r101_6 # 102| r102_1(glval) = VariableAddress[x] : # 102| r102_2(int) = Load[x] : &:r102_1, m101_5 # 102| r102_3(int) = Constant[1] : # 102| r102_4(int) = Sub : r102_2, r102_3 # 102| m102_5(int) = Store[x] : &:r102_1, r102_4 -# 102| r102_6(glval) = VariableAddress[y] : -# 102| m102_7(int) = Store[y] : &:r102_6, r102_4 +# 102| r102_6(int) = Load[x] : &:r102_1, m102_5 +# 102| r102_7(glval) = VariableAddress[y] : +# 102| m102_8(int) = Store[y] : &:r102_7, r102_6 # 103| r103_1(glval) = VariableAddress[x] : # 103| r103_2(int) = Load[x] : &:r103_1, m102_5 # 103| r103_3(int) = Constant[1] : @@ -1407,15 +1409,17 @@ ir.cpp: # 147| r147_3(float) = Constant[1.0] : # 147| r147_4(float) = Add : r147_2, r147_3 # 147| m147_5(float) = Store[x] : &:r147_1, r147_4 -# 147| r147_6(glval) = VariableAddress[y] : -# 147| m147_7(float) = Store[y] : &:r147_6, r147_4 +# 147| r147_6(float) = Load[x] : &:r147_1, m147_5 +# 147| r147_7(glval) = VariableAddress[y] : +# 147| m147_8(float) = Store[y] : &:r147_7, r147_6 # 148| r148_1(glval) = VariableAddress[x] : # 148| r148_2(float) = Load[x] : &:r148_1, m147_5 # 148| r148_3(float) = Constant[1.0] : # 148| r148_4(float) = Sub : r148_2, r148_3 # 148| m148_5(float) = Store[x] : &:r148_1, r148_4 -# 148| r148_6(glval) = VariableAddress[y] : -# 148| m148_7(float) = Store[y] : &:r148_6, r148_4 +# 148| r148_6(float) = Load[x] : &:r148_1, m148_5 +# 148| r148_7(glval) = VariableAddress[y] : +# 148| m148_8(float) = Store[y] : &:r148_7, r148_6 # 149| r149_1(glval) = VariableAddress[x] : # 149| r149_2(float) = Load[x] : &:r149_1, m148_5 # 149| r149_3(float) = Constant[1.0] : @@ -1723,15 +1727,17 @@ ir.cpp: # 207| r207_3(int) = Constant[1] : # 207| r207_4(int *) = PointerAdd[4] : r207_2, r207_3 # 207| m207_5(int *) = Store[p] : &:r207_1, r207_4 -# 207| r207_6(glval) = VariableAddress[q] : -# 207| m207_7(int *) = Store[q] : &:r207_6, r207_4 +# 207| r207_6(int *) = Load[p] : &:r207_1, m207_5 +# 207| r207_7(glval) = VariableAddress[q] : +# 207| m207_8(int *) = Store[q] : &:r207_7, r207_6 # 208| r208_1(glval) = VariableAddress[p] : # 208| r208_2(int *) = Load[p] : &:r208_1, m207_5 # 208| r208_3(int) = Constant[1] : # 208| r208_4(int *) = PointerSub[4] : r208_2, r208_3 # 208| m208_5(int *) = Store[p] : &:r208_1, r208_4 -# 208| r208_6(glval) = VariableAddress[q] : -# 208| m208_7(int *) = Store[q] : &:r208_6, r208_4 +# 208| r208_6(int *) = Load[p] : &:r208_1, m208_5 +# 208| r208_7(glval) = VariableAddress[q] : +# 208| m208_8(int *) = Store[q] : &:r208_7, r208_6 # 209| r209_1(glval) = VariableAddress[p] : # 209| r209_2(int *) = Load[p] : &:r209_1, m208_5 # 209| r209_3(int) = Constant[1] : @@ -6049,6 +6055,27 @@ ir.cpp: # 1038| v1038_10(void) = AliasedUse : ~m1038_8 # 1038| v1038_11(void) = ExitFunction : +# 1038| void (lambda [] type at line 1038, col. 12)::(unnamed constructor)((lambda [] type at line 1038, col. 12)&&) +# 1038| Block 0 +# 1038| v1038_1(void) = EnterFunction : +# 1038| m1038_2(unknown) = AliasedDefinition : +# 1038| m1038_3(unknown) = InitializeNonLocal : +# 1038| m1038_4(unknown) = Chi : total:m1038_2, partial:m1038_3 +# 1038| r1038_5(glval) = VariableAddress[#this] : +# 1038| m1038_6(glval) = InitializeParameter[#this] : &:r1038_5 +# 1038| r1038_7(glval) = Load[#this] : &:r1038_5, m1038_6 +# 1038| m1038_8(decltype([...](...){...})) = InitializeIndirection[#this] : &:r1038_7 +#-----| r0_1(glval) = VariableAddress[(unnamed parameter 0)] : +#-----| m0_2(lambda [] type at line 1038, col. 12 &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1 +#-----| r0_3(lambda [] type at line 1038, col. 12 &&) = Load[(unnamed parameter 0)] : &:r0_1, m0_2 +#-----| m0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3 +# 1038| v1038_9(void) = NoOp : +# 1038| v1038_10(void) = ReturnIndirection[#this] : &:r1038_7, m1038_8 +#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, m0_4 +# 1038| v1038_11(void) = ReturnVoid : +# 1038| v1038_12(void) = AliasedUse : m1038_3 +# 1038| v1038_13(void) = ExitFunction : + # 1038| void (lambda [] type at line 1038, col. 12)::operator()() const # 1038| Block 0 # 1038| v1038_1(void) = EnterFunction : @@ -6265,6 +6292,27 @@ ir.cpp: # 1040| v1040_13(void) = AliasedUse : ~m1055_7 # 1040| v1040_14(void) = ExitFunction : +# 1041| void (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::(unnamed constructor)((void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)&&) +# 1041| Block 0 +# 1041| v1041_1(void) = EnterFunction : +# 1041| m1041_2(unknown) = AliasedDefinition : +# 1041| m1041_3(unknown) = InitializeNonLocal : +# 1041| m1041_4(unknown) = Chi : total:m1041_2, partial:m1041_3 +# 1041| r1041_5(glval) = VariableAddress[#this] : +# 1041| m1041_6(glval) = InitializeParameter[#this] : &:r1041_5 +# 1041| r1041_7(glval) = Load[#this] : &:r1041_5, m1041_6 +# 1041| m1041_8(decltype([...](...){...})) = InitializeIndirection[#this] : &:r1041_7 +#-----| r0_1(glval) = VariableAddress[(unnamed parameter 0)] : +#-----| m0_2(lambda [] type at line 1041, col. 23 &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1 +#-----| r0_3(lambda [] type at line 1041, col. 23 &&) = Load[(unnamed parameter 0)] : &:r0_1, m0_2 +#-----| m0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3 +# 1041| v1041_9(void) = NoOp : +# 1041| v1041_10(void) = ReturnIndirection[#this] : &:r1041_7, m1041_8 +#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, m0_4 +# 1041| v1041_11(void) = ReturnVoid : +# 1041| v1041_12(void) = AliasedUse : m1041_3 +# 1041| v1041_13(void) = ExitFunction : + # 1041| char (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::operator()(float) const # 1041| Block 0 # 1041| v1041_1(void) = EnterFunction : @@ -8156,7 +8204,6 @@ ir.cpp: # 1376| m1376_4(unknown) = ^CallSideEffect : ~m1374_11 # 1376| m1376_5(unknown) = Chi : total:m1374_11, partial:m1376_4 # 1376| m1376_6(String) = Store[#temp1376:5] : &:r1376_1, r1376_3 -# 1376| r1376_7(String) = Load[#temp1376:5] : &:r1376_1, m1376_6 # 1377| v1377_1(void) = NoOp : # 1365| v1365_5(void) = ReturnVoid : # 1365| v1365_6(void) = AliasedUse : ~m1376_5 @@ -8232,7 +8279,6 @@ ir.cpp: # 1388| m1388_4(unknown) = ^CallSideEffect : ~m1386_10 # 1388| m1388_5(unknown) = Chi : total:m1386_10, partial:m1388_4 # 1388| m1388_6(destructor_only) = Store[#temp1388:5] : &:r1388_1, r1388_3 -# 1388| r1388_7(destructor_only) = Load[#temp1388:5] : &:r1388_1, m1388_6 # 1389| v1389_1(void) = NoOp : # 1379| v1379_5(void) = ReturnVoid : # 1379| v1379_6(void) = AliasedUse : ~m1388_5 @@ -8327,7 +8373,6 @@ ir.cpp: # 1399| m1399_4(unknown) = ^CallSideEffect : ~m1398_10 # 1399| m1399_5(unknown) = Chi : total:m1398_10, partial:m1399_4 # 1399| m1399_6(copy_constructor) = Store[#temp1399:5] : &:r1399_1, r1399_3 -# 1399| r1399_7(copy_constructor) = Load[#temp1399:5] : &:r1399_1, m1399_6 # 1401| r1401_1(glval) = VariableAddress[y] : # 1401| r1401_2(glval) = VariableAddress[#temp1401:13] : # 1401| r1401_3(glval) = FunctionAddress[returnValue] : @@ -9841,14 +9886,11 @@ ir.cpp: # 1713| m1713_2(TrivialLambdaClass) = Uninitialized[l1] : &:r1713_1 # 1714| r1714_1(glval) = VariableAddress[l2] : # 1714| r1714_2(glval) = VariableAddress[#temp1714:36] : -# 1714| r1714_3(glval) = VariableAddress[#temp1714:36] : -# 1714| r1714_4(TrivialLambdaClass) = Constant[0] : -# 1714| m1714_5(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_3, r1714_4 -# 1714| r1714_6(TrivialLambdaClass) = Load[#temp1714:36] : &:r1714_3, m1714_5 -# 1714| m1714_7(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_2, r1714_6 -# 1714| r1714_8(glval) = Convert : r1714_2 -# 1714| r1714_9(TrivialLambdaClass &) = CopyValue : r1714_8 -# 1714| m1714_10(TrivialLambdaClass &) = Store[l2] : &:r1714_1, r1714_9 +# 1714| r1714_3(TrivialLambdaClass) = Constant[0] : +# 1714| m1714_4(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_2, r1714_3 +# 1714| r1714_5(glval) = Convert : r1714_2 +# 1714| r1714_6(TrivialLambdaClass &) = CopyValue : r1714_5 +# 1714| m1714_7(TrivialLambdaClass &) = Store[l2] : &:r1714_1, r1714_6 # 1716| r1716_1(glval) = VariableAddress[l_outer1] : # 1716| r1716_2(glval) = VariableAddress[#temp1716:20] : # 1716| m1716_3(decltype([...](...){...})) = Uninitialized[#temp1716:20] : &:r1716_2 @@ -9876,8 +9918,8 @@ ir.cpp: # 1716| m1716_19(decltype([...](...){...})) = Chi : total:m0_6, partial:m1716_18 # 1716| r1716_20(glval) = FieldAddress[l2] : r1716_2 # 1716| r1716_21(glval) = VariableAddress[l2] : -# 1716| r1716_22(TrivialLambdaClass &) = Load[l2] : &:r1716_21, m1714_10 -#-----| r0_7(TrivialLambdaClass) = Load[?] : &:r1716_22, m1714_7 +# 1716| r1716_22(TrivialLambdaClass &) = Load[l2] : &:r1716_21, m1714_7 +#-----| r0_7(TrivialLambdaClass) = Load[?] : &:r1716_22, m1714_4 #-----| m0_8(TrivialLambdaClass) = Store[?] : &:r1716_20, r0_7 #-----| m0_9(decltype([...](...){...})) = Chi : total:m1716_19, partial:m0_8 # 1716| r1716_23(decltype([...](...){...})) = Load[#temp1716:20] : &:r1716_2, m0_9 @@ -11011,7 +11053,7 @@ ir.cpp: # 1930| r1930_1(int) = Constant[40] : # 1930| r1930_2(glval) = VariableAddress[j] : # 1930| m1930_3(int) = Store[j] : &:r1930_2, r1930_1 -# 1930| r1930_4(int) = CopyValue : r1930_1 +# 1930| r1930_4(int) = Load[j] : &:r1930_2, m1930_3 # 1930| r1930_5(glval) = VariableAddress[i] : # 1930| m1930_6(int) = Store[i] : &:r1930_5, r1930_4 # 1931| v1931_1(void) = NoOp : @@ -11035,8 +11077,9 @@ ir.cpp: # 1935| r1935_3(int) = Load[j] : &:r1935_2, m1934_5 # 1935| r1935_4(int) = Add : r1935_3, r1935_1 # 1935| m1935_5(int) = Store[j] : &:r1935_2, r1935_4 -# 1935| r1935_6(glval) = VariableAddress[i] : -# 1935| m1935_7(int) = Store[i] : &:r1935_6, r1935_4 +# 1935| r1935_6(int) = Load[j] : &:r1935_2, m1935_5 +# 1935| r1935_7(glval) = VariableAddress[i] : +# 1935| m1935_8(int) = Store[i] : &:r1935_7, r1935_6 # 1936| v1936_1(void) = NoOp : # 1933| v1933_5(void) = ReturnVoid : # 1933| v1933_6(void) = AliasedUse : m1933_3 diff --git a/cpp/ql/test/library-tests/ir/ir/operand_locations.expected b/cpp/ql/test/library-tests/ir/ir/operand_locations.expected index 4c2a4d4a5a5..af1939abd03 100644 --- a/cpp/ql/test/library-tests/ir/ir/operand_locations.expected +++ b/cpp/ql/test/library-tests/ir/ir/operand_locations.expected @@ -684,6 +684,10 @@ | file://:0:0:0:0 | Address | &:r0_1 | | file://:0:0:0:0 | Address | &:r0_1 | | file://:0:0:0:0 | Address | &:r0_1 | +| file://:0:0:0:0 | Address | &:r0_1 | +| file://:0:0:0:0 | Address | &:r0_1 | +| file://:0:0:0:0 | Address | &:r0_1 | +| file://:0:0:0:0 | Address | &:r0_1 | | file://:0:0:0:0 | Address | &:r0_2 | | file://:0:0:0:0 | Address | &:r0_3 | | file://:0:0:0:0 | Address | &:r0_3 | @@ -712,6 +716,10 @@ | file://:0:0:0:0 | Address | &:r0_3 | | file://:0:0:0:0 | Address | &:r0_3 | | file://:0:0:0:0 | Address | &:r0_3 | +| file://:0:0:0:0 | Address | &:r0_3 | +| file://:0:0:0:0 | Address | &:r0_3 | +| file://:0:0:0:0 | Address | &:r0_3 | +| file://:0:0:0:0 | Address | &:r0_3 | | file://:0:0:0:0 | Address | &:r0_4 | | file://:0:0:0:0 | Address | &:r0_4 | | file://:0:0:0:0 | Address | &:r0_5 | @@ -811,6 +819,8 @@ | file://:0:0:0:0 | Load | m0_2 | | file://:0:0:0:0 | Load | m0_2 | | file://:0:0:0:0 | Load | m0_2 | +| file://:0:0:0:0 | Load | m0_2 | +| file://:0:0:0:0 | Load | m0_2 | | file://:0:0:0:0 | Load | m0_5 | | file://:0:0:0:0 | Load | m0_8 | | file://:0:0:0:0 | Load | m0_11 | @@ -822,7 +832,7 @@ | file://:0:0:0:0 | Load | m1466_4 | | file://:0:0:0:0 | Load | m1466_4 | | file://:0:0:0:0 | Load | m1685_9 | -| file://:0:0:0:0 | Load | m1714_7 | +| file://:0:0:0:0 | Load | m1714_4 | | file://:0:0:0:0 | Load | m1834_6 | | file://:0:0:0:0 | Load | m1834_6 | | file://:0:0:0:0 | Load | m1839_6 | @@ -847,6 +857,8 @@ | file://:0:0:0:0 | SideEffect | m0_4 | | file://:0:0:0:0 | SideEffect | m0_4 | | file://:0:0:0:0 | SideEffect | m0_4 | +| file://:0:0:0:0 | SideEffect | m0_4 | +| file://:0:0:0:0 | SideEffect | m0_4 | | file://:0:0:0:0 | SideEffect | m0_14 | | file://:0:0:0:0 | SideEffect | m1078_23 | | file://:0:0:0:0 | SideEffect | m1078_23 | @@ -954,13 +966,14 @@ | ir.c:9:14:9:19 | Unary | r9_5 | | ir.c:9:14:9:31 | ChiPartial | partial:m9_7 | | ir.c:9:14:9:31 | ChiTotal | total:m8_10 | +| ir.c:9:14:9:31 | Load | m9_7 | | ir.c:9:14:9:31 | StoreValue | r9_9 | | ir.c:9:21:9:21 | Address | &:r9_6 | +| ir.c:9:21:9:21 | Address | &:r9_6 | | ir.c:9:25:9:27 | Address | &:r9_1 | | ir.c:9:25:9:27 | Left | r9_2 | | ir.c:9:25:9:27 | Load | m7_6 | | ir.c:9:25:9:31 | StoreValue | r9_4 | -| ir.c:9:25:9:31 | Unary | r9_4 | | ir.c:9:31:9:31 | Right | r9_3 | | ir.c:10:3:10:8 | Unary | r10_10 | | ir.c:10:3:10:26 | ChiPartial | partial:m10_12 | @@ -1329,18 +1342,22 @@ | ir.cpp:98:6:98:19 | SideEffect | m98_3 | | ir.cpp:98:25:98:25 | Address | &:r98_5 | | ir.cpp:99:9:99:9 | Address | &:r99_1 | -| ir.cpp:101:5:101:5 | Address | &:r101_6 | +| ir.cpp:101:5:101:5 | Address | &:r101_7 | +| ir.cpp:101:9:101:11 | Load | m101_5 | | ir.cpp:101:9:101:11 | Right | r101_3 | | ir.cpp:101:9:101:11 | StoreValue | r101_4 | -| ir.cpp:101:9:101:11 | StoreValue | r101_4 | +| ir.cpp:101:9:101:11 | StoreValue | r101_6 | +| ir.cpp:101:11:101:11 | Address | &:r101_1 | | ir.cpp:101:11:101:11 | Address | &:r101_1 | | ir.cpp:101:11:101:11 | Address | &:r101_1 | | ir.cpp:101:11:101:11 | Left | r101_2 | | ir.cpp:101:11:101:11 | Load | m98_6 | -| ir.cpp:102:5:102:5 | Address | &:r102_6 | +| ir.cpp:102:5:102:5 | Address | &:r102_7 | +| ir.cpp:102:9:102:11 | Load | m102_5 | | ir.cpp:102:9:102:11 | Right | r102_3 | | ir.cpp:102:9:102:11 | StoreValue | r102_4 | -| ir.cpp:102:9:102:11 | StoreValue | r102_4 | +| ir.cpp:102:9:102:11 | StoreValue | r102_6 | +| ir.cpp:102:11:102:11 | Address | &:r102_1 | | ir.cpp:102:11:102:11 | Address | &:r102_1 | | ir.cpp:102:11:102:11 | Address | &:r102_1 | | ir.cpp:102:11:102:11 | Left | r102_2 | @@ -1531,18 +1548,22 @@ | ir.cpp:144:6:144:17 | SideEffect | m144_3 | | ir.cpp:144:25:144:25 | Address | &:r144_5 | | ir.cpp:145:11:145:11 | Address | &:r145_1 | -| ir.cpp:147:5:147:5 | Address | &:r147_6 | +| ir.cpp:147:5:147:5 | Address | &:r147_7 | +| ir.cpp:147:9:147:11 | Load | m147_5 | | ir.cpp:147:9:147:11 | Right | r147_3 | | ir.cpp:147:9:147:11 | StoreValue | r147_4 | -| ir.cpp:147:9:147:11 | StoreValue | r147_4 | +| ir.cpp:147:9:147:11 | StoreValue | r147_6 | +| ir.cpp:147:11:147:11 | Address | &:r147_1 | | ir.cpp:147:11:147:11 | Address | &:r147_1 | | ir.cpp:147:11:147:11 | Address | &:r147_1 | | ir.cpp:147:11:147:11 | Left | r147_2 | | ir.cpp:147:11:147:11 | Load | m144_6 | -| ir.cpp:148:5:148:5 | Address | &:r148_6 | +| ir.cpp:148:5:148:5 | Address | &:r148_7 | +| ir.cpp:148:9:148:11 | Load | m148_5 | | ir.cpp:148:9:148:11 | Right | r148_3 | | ir.cpp:148:9:148:11 | StoreValue | r148_4 | -| ir.cpp:148:9:148:11 | StoreValue | r148_4 | +| ir.cpp:148:9:148:11 | StoreValue | r148_6 | +| ir.cpp:148:11:148:11 | Address | &:r148_1 | | ir.cpp:148:11:148:11 | Address | &:r148_1 | | ir.cpp:148:11:148:11 | Address | &:r148_1 | | ir.cpp:148:11:148:11 | Left | r148_2 | @@ -1840,18 +1861,22 @@ | ir.cpp:204:26:204:26 | Load | m204_6 | | ir.cpp:204:26:204:26 | SideEffect | m204_8 | | ir.cpp:205:10:205:10 | Address | &:r205_1 | -| ir.cpp:207:5:207:5 | Address | &:r207_6 | +| ir.cpp:207:5:207:5 | Address | &:r207_7 | +| ir.cpp:207:9:207:11 | Load | m207_5 | | ir.cpp:207:9:207:11 | Right | r207_3 | | ir.cpp:207:9:207:11 | StoreValue | r207_4 | -| ir.cpp:207:9:207:11 | StoreValue | r207_4 | +| ir.cpp:207:9:207:11 | StoreValue | r207_6 | +| ir.cpp:207:11:207:11 | Address | &:r207_1 | | ir.cpp:207:11:207:11 | Address | &:r207_1 | | ir.cpp:207:11:207:11 | Address | &:r207_1 | | ir.cpp:207:11:207:11 | Left | r207_2 | | ir.cpp:207:11:207:11 | Load | m204_6 | -| ir.cpp:208:5:208:5 | Address | &:r208_6 | +| ir.cpp:208:5:208:5 | Address | &:r208_7 | +| ir.cpp:208:9:208:11 | Load | m208_5 | | ir.cpp:208:9:208:11 | Right | r208_3 | | ir.cpp:208:9:208:11 | StoreValue | r208_4 | -| ir.cpp:208:9:208:11 | StoreValue | r208_4 | +| ir.cpp:208:9:208:11 | StoreValue | r208_6 | +| ir.cpp:208:11:208:11 | Address | &:r208_1 | | ir.cpp:208:11:208:11 | Address | &:r208_1 | | ir.cpp:208:11:208:11 | Address | &:r208_1 | | ir.cpp:208:11:208:11 | Left | r208_2 | @@ -4947,6 +4972,15 @@ | ir.cpp:1035:15:1035:15 | Address | &:r1035_1 | | ir.cpp:1038:6:1038:8 | Address | &:r1038_3 | | ir.cpp:1038:6:1038:8 | SideEffect | ~m1038_8 | +| ir.cpp:1038:12:1038:12 | Address | &:r1038_5 | +| ir.cpp:1038:12:1038:12 | Address | &:r1038_5 | +| ir.cpp:1038:12:1038:12 | Address | &:r1038_7 | +| ir.cpp:1038:12:1038:12 | Address | &:r1038_7 | +| ir.cpp:1038:12:1038:12 | ChiPartial | partial:m1038_3 | +| ir.cpp:1038:12:1038:12 | ChiTotal | total:m1038_2 | +| ir.cpp:1038:12:1038:12 | Load | m1038_6 | +| ir.cpp:1038:12:1038:12 | SideEffect | m1038_3 | +| ir.cpp:1038:12:1038:12 | SideEffect | m1038_8 | | ir.cpp:1038:12:1038:18 | Address | &:r1038_4 | | ir.cpp:1038:12:1038:18 | Address | &:r1038_4 | | ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_7 | @@ -4986,6 +5020,15 @@ | ir.cpp:1040:34:1040:34 | Load | m1040_8 | | ir.cpp:1040:34:1040:34 | SideEffect | m1040_10 | | ir.cpp:1041:8:1041:19 | Address | &:r1041_1 | +| ir.cpp:1041:23:1041:23 | Address | &:r1041_5 | +| ir.cpp:1041:23:1041:23 | Address | &:r1041_5 | +| ir.cpp:1041:23:1041:23 | Address | &:r1041_7 | +| ir.cpp:1041:23:1041:23 | Address | &:r1041_7 | +| ir.cpp:1041:23:1041:23 | ChiPartial | partial:m1041_3 | +| ir.cpp:1041:23:1041:23 | ChiTotal | total:m1041_2 | +| ir.cpp:1041:23:1041:23 | Load | m1041_6 | +| ir.cpp:1041:23:1041:23 | SideEffect | m1041_3 | +| ir.cpp:1041:23:1041:23 | SideEffect | m1041_8 | | ir.cpp:1041:23:1041:49 | Address | &:r1041_2 | | ir.cpp:1041:23:1041:49 | Address | &:r1041_2 | | ir.cpp:1041:23:1041:49 | Load | m1041_3 | @@ -6610,8 +6653,6 @@ | ir.cpp:1376:5:1376:28 | SideEffect | ~m1374_11 | | ir.cpp:1376:5:1376:28 | StoreValue | r1376_3 | | ir.cpp:1376:5:1376:30 | Address | &:r1376_1 | -| ir.cpp:1376:5:1376:30 | Address | &:r1376_1 | -| ir.cpp:1376:5:1376:30 | Load | m1376_6 | | ir.cpp:1379:6:1379:30 | ChiPartial | partial:m1379_3 | | ir.cpp:1379:6:1379:30 | ChiTotal | total:m1379_2 | | ir.cpp:1379:6:1379:30 | SideEffect | ~m1388_5 | @@ -6686,8 +6727,6 @@ | ir.cpp:1388:5:1388:37 | SideEffect | ~m1386_10 | | ir.cpp:1388:5:1388:37 | StoreValue | r1388_3 | | ir.cpp:1388:5:1388:39 | Address | &:r1388_1 | -| ir.cpp:1388:5:1388:39 | Address | &:r1388_1 | -| ir.cpp:1388:5:1388:39 | Load | m1388_6 | | ir.cpp:1391:6:1391:31 | ChiPartial | partial:m1391_3 | | ir.cpp:1391:6:1391:31 | ChiTotal | total:m1391_2 | | ir.cpp:1391:6:1391:31 | SideEffect | ~m1401_6 | @@ -6787,8 +6826,6 @@ | ir.cpp:1399:5:1399:38 | SideEffect | ~m1398_10 | | ir.cpp:1399:5:1399:38 | StoreValue | r1399_3 | | ir.cpp:1399:5:1399:40 | Address | &:r1399_1 | -| ir.cpp:1399:5:1399:40 | Address | &:r1399_1 | -| ir.cpp:1399:5:1399:40 | Load | m1399_6 | | ir.cpp:1401:9:1401:9 | Address | &:r1401_1 | | ir.cpp:1401:13:1401:41 | CallTarget | func:r1401_3 | | ir.cpp:1401:13:1401:41 | ChiPartial | partial:m1401_5 | @@ -8171,14 +8208,10 @@ | ir.cpp:1713:30:1713:31 | Address | &:r1713_1 | | ir.cpp:1714:31:1714:32 | Address | &:r1714_1 | | ir.cpp:1714:36:1714:55 | Address | &:r1714_2 | -| ir.cpp:1714:36:1714:55 | Address | &:r1714_3 | -| ir.cpp:1714:36:1714:55 | Address | &:r1714_3 | -| ir.cpp:1714:36:1714:55 | Load | m1714_5 | -| ir.cpp:1714:36:1714:55 | StoreValue | r1714_4 | +| ir.cpp:1714:36:1714:55 | StoreValue | r1714_3 | | ir.cpp:1714:36:1714:55 | StoreValue | r1714_6 | -| ir.cpp:1714:36:1714:55 | StoreValue | r1714_9 | | ir.cpp:1714:36:1714:55 | Unary | r1714_2 | -| ir.cpp:1714:36:1714:55 | Unary | r1714_8 | +| ir.cpp:1714:36:1714:55 | Unary | r1714_5 | | ir.cpp:1716:10:1716:17 | Address | &:r1716_1 | | ir.cpp:1716:20:1718:5 | Address | &:r1716_2 | | ir.cpp:1716:20:1718:5 | Address | &:r1716_2 | @@ -8204,7 +8237,7 @@ | ir.cpp:1716:20:1718:5 | Load | m1712_8 | | ir.cpp:1716:20:1718:5 | Load | m1712_12 | | ir.cpp:1716:20:1718:5 | Load | m1713_2 | -| ir.cpp:1716:20:1718:5 | Load | m1714_10 | +| ir.cpp:1716:20:1718:5 | Load | m1714_7 | | ir.cpp:1716:20:1718:5 | StoreValue | r1716_6 | | ir.cpp:1716:20:1718:5 | StoreValue | r1716_17 | | ir.cpp:1716:20:1718:5 | StoreValue | r1716_23 | @@ -9037,22 +9070,25 @@ | ir.cpp:1929:10:1929:10 | Address | &:r1929_3 | | ir.cpp:1930:3:1930:3 | Address | &:r1930_5 | | ir.cpp:1930:7:1930:7 | Address | &:r1930_2 | +| ir.cpp:1930:7:1930:7 | Address | &:r1930_2 | +| ir.cpp:1930:7:1930:12 | Load | m1930_3 | | ir.cpp:1930:7:1930:12 | StoreValue | r1930_4 | | ir.cpp:1930:11:1930:12 | StoreValue | r1930_1 | -| ir.cpp:1930:11:1930:12 | Unary | r1930_1 | | ir.cpp:1933:6:1933:38 | ChiPartial | partial:m1933_3 | | ir.cpp:1933:6:1933:38 | ChiTotal | total:m1933_2 | | ir.cpp:1933:6:1933:38 | SideEffect | m1933_3 | | ir.cpp:1934:7:1934:7 | Address | &:r1934_1 | | ir.cpp:1934:10:1934:10 | Address | &:r1934_3 | | ir.cpp:1934:13:1934:14 | StoreValue | r1934_4 | -| ir.cpp:1935:3:1935:3 | Address | &:r1935_6 | +| ir.cpp:1935:3:1935:3 | Address | &:r1935_7 | +| ir.cpp:1935:8:1935:8 | Address | &:r1935_2 | | ir.cpp:1935:8:1935:8 | Address | &:r1935_2 | | ir.cpp:1935:8:1935:8 | Address | &:r1935_2 | | ir.cpp:1935:8:1935:8 | Left | r1935_3 | | ir.cpp:1935:8:1935:8 | Load | m1934_5 | +| ir.cpp:1935:8:1935:14 | Load | m1935_5 | | ir.cpp:1935:8:1935:14 | StoreValue | r1935_4 | -| ir.cpp:1935:8:1935:14 | StoreValue | r1935_4 | +| ir.cpp:1935:8:1935:14 | StoreValue | r1935_6 | | ir.cpp:1935:13:1935:14 | Right | r1935_1 | | ir.cpp:1942:15:1942:43 | Address | &:r1942_5 | | ir.cpp:1942:15:1942:43 | ChiPartial | partial:m1942_3 | diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected index cbf7c564214..c4774b10f89 100644 --- a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected +++ b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected @@ -747,7 +747,7 @@ ir.c: # 9| r9_5(glval<(unnamed class/struct/union)>) = VariableAddress[coords] : # 9| r9_6(glval) = FieldAddress[y] : r9_5 # 9| mu9_7(int) = Store[?] : &:r9_6, r9_4 -# 9| r9_8(int) = CopyValue : r9_4 +# 9| r9_8(int) = Load[?] : &:r9_6, ~m? # 9| r9_9(glval<(unnamed class/struct/union)>) = VariableAddress[coords] : # 9| r9_10(glval) = FieldAddress[x] : r9_9 # 9| mu9_11(int) = Store[?] : &:r9_10, r9_8 @@ -1159,15 +1159,17 @@ ir.cpp: # 101| r101_3(int) = Constant[1] : # 101| r101_4(int) = Add : r101_2, r101_3 # 101| mu101_5(int) = Store[x] : &:r101_1, r101_4 -# 101| r101_6(glval) = VariableAddress[y] : -# 101| mu101_7(int) = Store[y] : &:r101_6, r101_4 +# 101| r101_6(int) = Load[x] : &:r101_1, ~m? +# 101| r101_7(glval) = VariableAddress[y] : +# 101| mu101_8(int) = Store[y] : &:r101_7, r101_6 # 102| r102_1(glval) = VariableAddress[x] : # 102| r102_2(int) = Load[x] : &:r102_1, ~m? # 102| r102_3(int) = Constant[1] : # 102| r102_4(int) = Sub : r102_2, r102_3 # 102| mu102_5(int) = Store[x] : &:r102_1, r102_4 -# 102| r102_6(glval) = VariableAddress[y] : -# 102| mu102_7(int) = Store[y] : &:r102_6, r102_4 +# 102| r102_6(int) = Load[x] : &:r102_1, ~m? +# 102| r102_7(glval) = VariableAddress[y] : +# 102| mu102_8(int) = Store[y] : &:r102_7, r102_6 # 103| r103_1(glval) = VariableAddress[x] : # 103| r103_2(int) = Load[x] : &:r103_1, ~m? # 103| r103_3(int) = Constant[1] : @@ -1375,15 +1377,17 @@ ir.cpp: # 147| r147_3(float) = Constant[1.0] : # 147| r147_4(float) = Add : r147_2, r147_3 # 147| mu147_5(float) = Store[x] : &:r147_1, r147_4 -# 147| r147_6(glval) = VariableAddress[y] : -# 147| mu147_7(float) = Store[y] : &:r147_6, r147_4 +# 147| r147_6(float) = Load[x] : &:r147_1, ~m? +# 147| r147_7(glval) = VariableAddress[y] : +# 147| mu147_8(float) = Store[y] : &:r147_7, r147_6 # 148| r148_1(glval) = VariableAddress[x] : # 148| r148_2(float) = Load[x] : &:r148_1, ~m? # 148| r148_3(float) = Constant[1.0] : # 148| r148_4(float) = Sub : r148_2, r148_3 # 148| mu148_5(float) = Store[x] : &:r148_1, r148_4 -# 148| r148_6(glval) = VariableAddress[y] : -# 148| mu148_7(float) = Store[y] : &:r148_6, r148_4 +# 148| r148_6(float) = Load[x] : &:r148_1, ~m? +# 148| r148_7(glval) = VariableAddress[y] : +# 148| mu148_8(float) = Store[y] : &:r148_7, r148_6 # 149| r149_1(glval) = VariableAddress[x] : # 149| r149_2(float) = Load[x] : &:r149_1, ~m? # 149| r149_3(float) = Constant[1.0] : @@ -1682,15 +1686,17 @@ ir.cpp: # 207| r207_3(int) = Constant[1] : # 207| r207_4(int *) = PointerAdd[4] : r207_2, r207_3 # 207| mu207_5(int *) = Store[p] : &:r207_1, r207_4 -# 207| r207_6(glval) = VariableAddress[q] : -# 207| mu207_7(int *) = Store[q] : &:r207_6, r207_4 +# 207| r207_6(int *) = Load[p] : &:r207_1, ~m? +# 207| r207_7(glval) = VariableAddress[q] : +# 207| mu207_8(int *) = Store[q] : &:r207_7, r207_6 # 208| r208_1(glval) = VariableAddress[p] : # 208| r208_2(int *) = Load[p] : &:r208_1, ~m? # 208| r208_3(int) = Constant[1] : # 208| r208_4(int *) = PointerSub[4] : r208_2, r208_3 # 208| mu208_5(int *) = Store[p] : &:r208_1, r208_4 -# 208| r208_6(glval) = VariableAddress[q] : -# 208| mu208_7(int *) = Store[q] : &:r208_6, r208_4 +# 208| r208_6(int *) = Load[p] : &:r208_1, ~m? +# 208| r208_7(glval) = VariableAddress[q] : +# 208| mu208_8(int *) = Store[q] : &:r208_7, r208_6 # 209| r209_1(glval) = VariableAddress[p] : # 209| r209_2(int *) = Load[p] : &:r209_1, ~m? # 209| r209_3(int) = Constant[1] : @@ -5746,6 +5752,26 @@ ir.cpp: # 1038| v1038_9(void) = AliasedUse : ~m? # 1038| v1038_10(void) = ExitFunction : +# 1038| void (lambda [] type at line 1038, col. 12)::(unnamed constructor)((lambda [] type at line 1038, col. 12)&&) +# 1038| Block 0 +# 1038| v1038_1(void) = EnterFunction : +# 1038| mu1038_2(unknown) = AliasedDefinition : +# 1038| mu1038_3(unknown) = InitializeNonLocal : +# 1038| r1038_4(glval) = VariableAddress[#this] : +# 1038| mu1038_5(glval) = InitializeParameter[#this] : &:r1038_4 +# 1038| r1038_6(glval) = Load[#this] : &:r1038_4, ~m? +# 1038| mu1038_7(decltype([...](...){...})) = InitializeIndirection[#this] : &:r1038_6 +#-----| r0_1(glval) = VariableAddress[(unnamed parameter 0)] : +#-----| mu0_2(lambda [] type at line 1038, col. 12 &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1 +#-----| r0_3(lambda [] type at line 1038, col. 12 &&) = Load[(unnamed parameter 0)] : &:r0_1, ~m? +#-----| mu0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3 +# 1038| v1038_8(void) = NoOp : +# 1038| v1038_9(void) = ReturnIndirection[#this] : &:r1038_6, ~m? +#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, ~m? +# 1038| v1038_10(void) = ReturnVoid : +# 1038| v1038_11(void) = AliasedUse : ~m? +# 1038| v1038_12(void) = ExitFunction : + # 1038| void (lambda [] type at line 1038, col. 12)::operator()() const # 1038| Block 0 # 1038| v1038_1(void) = EnterFunction : @@ -5940,6 +5966,26 @@ ir.cpp: # 1040| v1040_12(void) = AliasedUse : ~m? # 1040| v1040_13(void) = ExitFunction : +# 1041| void (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::(unnamed constructor)((void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)&&) +# 1041| Block 0 +# 1041| v1041_1(void) = EnterFunction : +# 1041| mu1041_2(unknown) = AliasedDefinition : +# 1041| mu1041_3(unknown) = InitializeNonLocal : +# 1041| r1041_4(glval) = VariableAddress[#this] : +# 1041| mu1041_5(glval) = InitializeParameter[#this] : &:r1041_4 +# 1041| r1041_6(glval) = Load[#this] : &:r1041_4, ~m? +# 1041| mu1041_7(decltype([...](...){...})) = InitializeIndirection[#this] : &:r1041_6 +#-----| r0_1(glval) = VariableAddress[(unnamed parameter 0)] : +#-----| mu0_2(lambda [] type at line 1041, col. 23 &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1 +#-----| r0_3(lambda [] type at line 1041, col. 23 &&) = Load[(unnamed parameter 0)] : &:r0_1, ~m? +#-----| mu0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3 +# 1041| v1041_8(void) = NoOp : +# 1041| v1041_9(void) = ReturnIndirection[#this] : &:r1041_6, ~m? +#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, ~m? +# 1041| v1041_10(void) = ReturnVoid : +# 1041| v1041_11(void) = AliasedUse : ~m? +# 1041| v1041_12(void) = ExitFunction : + # 1041| char (void Lambda(int, String const&))::(lambda [] type at line 1041, col. 23)::operator()(float) const # 1041| Block 0 # 1041| v1041_1(void) = EnterFunction : @@ -7697,7 +7743,6 @@ ir.cpp: # 1376| r1376_3(String) = Call[defaultConstruct] : func:r1376_2 # 1376| mu1376_4(unknown) = ^CallSideEffect : ~m? # 1376| mu1376_5(String) = Store[#temp1376:5] : &:r1376_1, r1376_3 -# 1376| r1376_6(String) = Load[#temp1376:5] : &:r1376_1, ~m? # 1377| v1377_1(void) = NoOp : # 1365| v1365_4(void) = ReturnVoid : # 1365| v1365_5(void) = AliasedUse : ~m? @@ -7762,7 +7807,6 @@ ir.cpp: # 1388| r1388_3(destructor_only) = Call[defaultConstruct] : func:r1388_2 # 1388| mu1388_4(unknown) = ^CallSideEffect : ~m? # 1388| mu1388_5(destructor_only) = Store[#temp1388:5] : &:r1388_1, r1388_3 -# 1388| r1388_6(destructor_only) = Load[#temp1388:5] : &:r1388_1, ~m? # 1389| v1389_1(void) = NoOp : # 1379| v1379_4(void) = ReturnVoid : # 1379| v1379_5(void) = AliasedUse : ~m? @@ -7840,7 +7884,6 @@ ir.cpp: # 1399| r1399_3(copy_constructor) = Call[defaultConstruct] : func:r1399_2 # 1399| mu1399_4(unknown) = ^CallSideEffect : ~m? # 1399| mu1399_5(copy_constructor) = Store[#temp1399:5] : &:r1399_1, r1399_3 -# 1399| r1399_6(copy_constructor) = Load[#temp1399:5] : &:r1399_1, ~m? # 1401| r1401_1(glval) = VariableAddress[y] : # 1401| r1401_2(glval) = VariableAddress[#temp1401:13] : # 1401| r1401_3(glval) = FunctionAddress[returnValue] : @@ -9241,14 +9284,11 @@ ir.cpp: # 1713| mu1713_2(TrivialLambdaClass) = Uninitialized[l1] : &:r1713_1 # 1714| r1714_1(glval) = VariableAddress[l2] : # 1714| r1714_2(glval) = VariableAddress[#temp1714:36] : -# 1714| r1714_3(glval) = VariableAddress[#temp1714:36] : -# 1714| r1714_4(TrivialLambdaClass) = Constant[0] : -# 1714| mu1714_5(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_3, r1714_4 -# 1714| r1714_6(TrivialLambdaClass) = Load[#temp1714:36] : &:r1714_3, ~m? -# 1714| mu1714_7(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_2, r1714_6 -# 1714| r1714_8(glval) = Convert : r1714_2 -# 1714| r1714_9(TrivialLambdaClass &) = CopyValue : r1714_8 -# 1714| mu1714_10(TrivialLambdaClass &) = Store[l2] : &:r1714_1, r1714_9 +# 1714| r1714_3(TrivialLambdaClass) = Constant[0] : +# 1714| mu1714_4(TrivialLambdaClass) = Store[#temp1714:36] : &:r1714_2, r1714_3 +# 1714| r1714_5(glval) = Convert : r1714_2 +# 1714| r1714_6(TrivialLambdaClass &) = CopyValue : r1714_5 +# 1714| mu1714_7(TrivialLambdaClass &) = Store[l2] : &:r1714_1, r1714_6 # 1716| r1716_1(glval) = VariableAddress[l_outer1] : # 1716| r1716_2(glval) = VariableAddress[#temp1716:20] : # 1716| mu1716_3(decltype([...](...){...})) = Uninitialized[#temp1716:20] : &:r1716_2 @@ -10330,7 +10370,7 @@ ir.cpp: # 1930| r1930_1(int) = Constant[40] : # 1930| r1930_2(glval) = VariableAddress[j] : # 1930| mu1930_3(int) = Store[j] : &:r1930_2, r1930_1 -# 1930| r1930_4(int) = CopyValue : r1930_1 +# 1930| r1930_4(int) = Load[j] : &:r1930_2, ~m? # 1930| r1930_5(glval) = VariableAddress[i] : # 1930| mu1930_6(int) = Store[i] : &:r1930_5, r1930_4 # 1931| v1931_1(void) = NoOp : @@ -10353,8 +10393,9 @@ ir.cpp: # 1935| r1935_3(int) = Load[j] : &:r1935_2, ~m? # 1935| r1935_4(int) = Add : r1935_3, r1935_1 # 1935| mu1935_5(int) = Store[j] : &:r1935_2, r1935_4 -# 1935| r1935_6(glval) = VariableAddress[i] : -# 1935| mu1935_7(int) = Store[i] : &:r1935_6, r1935_4 +# 1935| r1935_6(int) = Load[j] : &:r1935_2, ~m? +# 1935| r1935_7(glval) = VariableAddress[i] : +# 1935| mu1935_8(int) = Store[i] : &:r1935_7, r1935_6 # 1936| v1936_1(void) = NoOp : # 1933| v1933_4(void) = ReturnVoid : # 1933| v1933_5(void) = AliasedUse : ~m? diff --git a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp index 825e02b8616..14b6049d717 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp @@ -672,7 +672,7 @@ void test17() { range(i); // $ range===50 i = 20 + (j -= 10); - range(i); // $ range="==Store: ... += ... | Store: ... = ...+10" range===60 + range(i); // $ range="==Store: ... += ... | Store: ... = ...+10" range===60 range="==Store: ... -= ...+20" } // Tests for unsigned multiplication. diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected index f3c6737ad16..0065fe2648f 100644 --- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected @@ -15,6 +15,7 @@ localCallNodes postIsNotPre postHasUniquePre uniquePostUpdate +| allocators.cpp:4:24:4:26 | this indirection | Node has multiple PostUpdateNodes. | | cpp11.cpp:82:17:82:17 | this indirection | Node has multiple PostUpdateNodes. | | cpp11.cpp:82:17:82:55 | [...](...){...} indirection | Node has multiple PostUpdateNodes. | | ir.cpp:514:10:514:11 | definition of r2 indirection | Node has multiple PostUpdateNodes. | diff --git a/cpp/ql/test/library-tests/templates/type_instantiations/types.expected b/cpp/ql/test/library-tests/templates/type_instantiations/types.expected index b73feb125e2..3539e52eecf 100644 --- a/cpp/ql/test/library-tests/templates/type_instantiations/types.expected +++ b/cpp/ql/test/library-tests/templates/type_instantiations/types.expected @@ -1,5 +1,10 @@ | file://:0:0:0:0 | Cl * | | file://:0:0:0:0 | _Complex _Float16 | +| file://:0:0:0:0 | _Complex _Float32 | +| file://:0:0:0:0 | _Complex _Float32x | +| file://:0:0:0:0 | _Complex _Float64 | +| file://:0:0:0:0 | _Complex _Float64x | +| file://:0:0:0:0 | _Complex _Float128 | | file://:0:0:0:0 | _Complex __float128 | | file://:0:0:0:0 | _Complex double | | file://:0:0:0:0 | _Complex float | @@ -16,7 +21,9 @@ | file://:0:0:0:0 | _Imaginary double | | file://:0:0:0:0 | _Imaginary float | | file://:0:0:0:0 | _Imaginary long double | +| file://:0:0:0:0 | __bf16 | | file://:0:0:0:0 | __float128 | +| file://:0:0:0:0 | __fp16 | | file://:0:0:0:0 | __int128 | | file://:0:0:0:0 | __va_list_tag | | file://:0:0:0:0 | __va_list_tag & | @@ -44,6 +51,7 @@ | file://:0:0:0:0 | signed long | | file://:0:0:0:0 | signed long long | | file://:0:0:0:0 | signed short | +| file://:0:0:0:0 | std::float16_t | | file://:0:0:0:0 | unknown | | file://:0:0:0:0 | unsigned __int128 | | file://:0:0:0:0 | unsigned char | diff --git a/cpp/ql/test/library-tests/type_sizes/type_sizes.expected b/cpp/ql/test/library-tests/type_sizes/type_sizes.expected index 69bfebe2195..b7bc9e04fe3 100644 --- a/cpp/ql/test/library-tests/type_sizes/type_sizes.expected +++ b/cpp/ql/test/library-tests/type_sizes/type_sizes.expected @@ -20,6 +20,11 @@ | file://:0:0:0:0 | UnionWithDef & | 8 | | file://:0:0:0:0 | UnionWithDef && | 8 | | file://:0:0:0:0 | _Complex _Float16 | 4 | +| file://:0:0:0:0 | _Complex _Float32 | 8 | +| file://:0:0:0:0 | _Complex _Float32x | 16 | +| file://:0:0:0:0 | _Complex _Float64 | 16 | +| file://:0:0:0:0 | _Complex _Float64x | 32 | +| file://:0:0:0:0 | _Complex _Float128 | 32 | | file://:0:0:0:0 | _Complex __float128 | 32 | | file://:0:0:0:0 | _Complex double | 16 | | file://:0:0:0:0 | _Complex float | 8 | @@ -37,7 +42,9 @@ | file://:0:0:0:0 | _Imaginary float | 4 | | file://:0:0:0:0 | _Imaginary long double | 16 | | file://:0:0:0:0 | __attribute((vector_size(16))) int | 16 | +| file://:0:0:0:0 | __bf16 | 2 | | file://:0:0:0:0 | __float128 | 16 | +| file://:0:0:0:0 | __fp16 | 2 | | file://:0:0:0:0 | __int128 | 16 | | file://:0:0:0:0 | __va_list_tag | 24 | | file://:0:0:0:0 | __va_list_tag & | 8 | @@ -83,6 +90,7 @@ | file://:0:0:0:0 | signed long | 8 | | file://:0:0:0:0 | signed long long | 8 | | file://:0:0:0:0 | signed short | 2 | +| file://:0:0:0:0 | std::float16_t | 2 | | file://:0:0:0:0 | unknown | 1 | | file://:0:0:0:0 | unsigned __int128 | 16 | | file://:0:0:0:0 | unsigned char | 1 | diff --git a/cpp/ql/test/library-tests/unspecified_type/types/unspecified_type.expected b/cpp/ql/test/library-tests/unspecified_type/types/unspecified_type.expected index d635ec8b5df..91078ac1431 100644 --- a/cpp/ql/test/library-tests/unspecified_type/types/unspecified_type.expected +++ b/cpp/ql/test/library-tests/unspecified_type/types/unspecified_type.expected @@ -2,6 +2,11 @@ | file://:0:0:0:0 | ..(*)(..) | ..(*)(..) | | file://:0:0:0:0 | Tmpl | Tmpl | | file://:0:0:0:0 | _Complex _Float16 | _Complex _Float16 | +| file://:0:0:0:0 | _Complex _Float32 | _Complex _Float32 | +| file://:0:0:0:0 | _Complex _Float32x | _Complex _Float32x | +| file://:0:0:0:0 | _Complex _Float64 | _Complex _Float64 | +| file://:0:0:0:0 | _Complex _Float64x | _Complex _Float64x | +| file://:0:0:0:0 | _Complex _Float128 | _Complex _Float128 | | file://:0:0:0:0 | _Complex __float128 | _Complex __float128 | | file://:0:0:0:0 | _Complex double | _Complex double | | file://:0:0:0:0 | _Complex float | _Complex float | @@ -18,7 +23,9 @@ | file://:0:0:0:0 | _Imaginary double | _Imaginary double | | file://:0:0:0:0 | _Imaginary float | _Imaginary float | | file://:0:0:0:0 | _Imaginary long double | _Imaginary long double | +| file://:0:0:0:0 | __bf16 | __bf16 | | file://:0:0:0:0 | __float128 | __float128 | +| file://:0:0:0:0 | __fp16 | __fp16 | | file://:0:0:0:0 | __int128 | __int128 | | file://:0:0:0:0 | __va_list_tag & | __va_list_tag & | | file://:0:0:0:0 | __va_list_tag && | __va_list_tag && | @@ -45,6 +52,7 @@ | file://:0:0:0:0 | signed long | signed long | | file://:0:0:0:0 | signed long long | signed long long | | file://:0:0:0:0 | signed short | signed short | +| file://:0:0:0:0 | std::float16_t | std::float16_t | | file://:0:0:0:0 | unknown | unknown | | file://:0:0:0:0 | unsigned __int128 | unsigned __int128 | | file://:0:0:0:0 | unsigned char | unsigned char | diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected index 88e365023a1..794d35433df 100644 --- a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected +++ b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected @@ -756,7 +756,7 @@ test.cpp: # 92| valnum = r92_1, r92_3, r93_2 # 92| m92_4(int) = Store[x] : &:r92_3, r92_2 # 92| valnum = m92_4, m92_6, m93_4, r92_2, r92_5, r93_3 -# 92| r92_5(int) = CopyValue : r92_2 +# 92| r92_5(int) = Load[x] : &:r92_3, m92_4 # 92| valnum = m92_4, m92_6, m93_4, r92_2, r92_5, r93_3 # 92| m92_6(int) = Store[x] : &:r92_1, r92_5 # 92| valnum = m92_4, m92_6, m93_4, r92_2, r92_5, r93_3 diff --git a/cpp/ql/test/library-tests/variables/variables/types.expected b/cpp/ql/test/library-tests/variables/variables/types.expected index f086dec166a..39659a7ae39 100644 --- a/cpp/ql/test/library-tests/variables/variables/types.expected +++ b/cpp/ql/test/library-tests/variables/variables/types.expected @@ -1,6 +1,11 @@ | ..()(..) | RoutineType | | | | | | ..(*)(..) | FunctionPointerType | | ..()(..) | | | | _Complex _Float16 | BinaryFloatingPointType, ComplexNumberType | | | | | +| _Complex _Float32 | BinaryFloatingPointType, ComplexNumberType | | | | | +| _Complex _Float32x | BinaryFloatingPointType, ComplexNumberType | | | | | +| _Complex _Float64 | BinaryFloatingPointType, ComplexNumberType | | | | | +| _Complex _Float64x | BinaryFloatingPointType, ComplexNumberType | | | | | +| _Complex _Float128 | BinaryFloatingPointType, ComplexNumberType | | | | | | _Complex __float128 | BinaryFloatingPointType, ComplexNumberType | | | | | | _Complex double | BinaryFloatingPointType, ComplexNumberType | | | | | | _Complex float | BinaryFloatingPointType, ComplexNumberType | | | | | @@ -17,7 +22,9 @@ | _Imaginary double | BinaryFloatingPointType, ImaginaryNumberType | | | | | | _Imaginary float | BinaryFloatingPointType, ImaginaryNumberType | | | | | | _Imaginary long double | BinaryFloatingPointType, ImaginaryNumberType | | | | | +| __bf16 | BinaryFloatingPointType, RealNumberType | | | | | | __float128 | Float128Type | | | | | +| __fp16 | BinaryFloatingPointType, RealNumberType | | | | | | __int128 | Int128Type | | | | | | __va_list_tag | DirectAccessHolder, MetricClass, Struct, StructLikeClass | | | | | | __va_list_tag & | LValueReferenceType | | __va_list_tag | | | @@ -83,6 +90,7 @@ | signed long | LongType | | | | | | signed long long | LongLongType | | | | | | signed short | ShortType | | | | | +| std::float16_t | BinaryFloatingPointType, RealNumberType | | | | | | unknown | UnknownType | | | | | | unsigned __int128 | Int128Type | | | | unsigned integral | | unsigned char | UnsignedCharType | | | | unsigned integral | diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected index a9aa883efad..141b7091d19 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected @@ -96,6 +96,7 @@ | test_free.cpp:255:10:255:10 | p | | test_free.cpp:260:9:260:9 | p | | test_free.cpp:263:12:263:12 | p | +| test_free.cpp:269:7:269:11 | ... = ... | | virtual.cpp:18:10:18:10 | a | | virtual.cpp:19:10:19:10 | c | | virtual.cpp:38:10:38:10 | b | diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected index fa069b8b46a..91bb79e6852 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected @@ -1 +1,2 @@ | test_free.cpp:36:22:36:35 | ... = ... | This memory allocation may not be released at $@. | test_free.cpp:38:1:38:1 | return ... | this exit point | +| test_free.cpp:267:12:267:17 | call to malloc | This memory allocation may not be released at $@. | test_free.cpp:270:1:270:1 | return ... | this exit point | diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp index 82af587c8ee..b9ea0ec6fbf 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp @@ -261,4 +261,10 @@ void test_ref_delete(int *&p) { p = new int; use(p); // GOOD delete p; // GOOD +} + +void test_free_assign() { + void *a = malloc(10); + void *b; + free(b = a); // GOOD } \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected index ae8073cf09f..64e99a6c629 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected @@ -16,18 +16,18 @@ edges | test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection | | test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | path indirection | | test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument | -| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | path indirection | +| test.cpp:106:20:106:38 | call to getenv | test.cpp:107:33:107:36 | path indirection | | test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:107:33:107:36 | path indirection | | test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | call to c_str indirection | | test.cpp:107:33:107:36 | path indirection | test.cpp:107:31:107:31 | call to operator+ | -| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | path indirection | +| test.cpp:113:20:113:38 | call to getenv | test.cpp:114:19:114:22 | path indirection | | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:19:114:22 | path indirection | | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | call to c_str indirection | | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | call to c_str indirection | | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | | test.cpp:114:19:114:22 | path indirection | test.cpp:114:10:114:23 | call to operator+ | | test.cpp:114:19:114:22 | path indirection | test.cpp:114:17:114:17 | call to operator+ | -| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | path indirection | +| test.cpp:119:20:119:38 | call to getenv | test.cpp:120:19:120:22 | path indirection | | test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:19:120:22 | path indirection | | test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | call to data indirection | | test.cpp:120:19:120:22 | path indirection | test.cpp:120:17:120:17 | call to operator+ | @@ -91,12 +91,12 @@ nodes | test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument | | test.cpp:93:17:93:24 | filename indirection | semmle.label | filename indirection | | test.cpp:94:45:94:48 | path indirection | semmle.label | path indirection | -| test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv | +| test.cpp:106:20:106:38 | call to getenv | semmle.label | call to getenv | | test.cpp:106:20:106:38 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ | | test.cpp:107:33:107:36 | path indirection | semmle.label | path indirection | | test.cpp:108:18:108:22 | call to c_str indirection | semmle.label | call to c_str indirection | -| test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv | +| test.cpp:113:20:113:38 | call to getenv | semmle.label | call to getenv | | test.cpp:113:20:113:38 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ | | test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ | @@ -104,7 +104,7 @@ nodes | test.cpp:114:19:114:22 | path indirection | semmle.label | path indirection | | test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection | | test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection | -| test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv | +| test.cpp:119:20:119:38 | call to getenv | semmle.label | call to getenv | | test.cpp:119:20:119:38 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:120:10:120:30 | call to data indirection | semmle.label | call to data indirection | | test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ | @@ -158,13 +158,13 @@ subpaths | test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument | | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument | | test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument | -| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ | +| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ | | test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | call to getenv indirection | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ | -| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | call to operator+ | call to operator+ | -| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ | +| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | call to operator+ | call to operator+ | +| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ | | test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:10:114:23 | call to operator+ | call to operator+ | | test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ | -| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ | +| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ | | test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | call to getenv indirection | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ | | test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument | | test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected index 52885ef1df9..d4bbf95a4b7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected @@ -1,26 +1,26 @@ edges -| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query | -| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query | -| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query | -| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query | -| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query | -| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query | -| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query | -| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query | -| search.c:55:17:55:25 | raw_query | search.c:14:24:14:28 | query | -| search.c:57:17:57:25 | raw_query | search.c:22:24:22:28 | query | -subpaths +| search.c:14:24:14:28 | query indirection | search.c:17:8:17:12 | query indirection | +| search.c:22:24:22:28 | query indirection | search.c:23:39:23:43 | query indirection | +| search.c:55:24:55:28 | query indirection | search.c:62:8:62:17 | query_text indirection | +| search.c:67:21:67:26 | call to getenv indirection | search.c:71:17:71:25 | raw_query indirection | +| search.c:67:21:67:26 | call to getenv indirection | search.c:73:17:73:25 | raw_query indirection | +| search.c:67:21:67:26 | call to getenv indirection | search.c:77:17:77:25 | raw_query indirection | +| search.c:71:17:71:25 | raw_query indirection | search.c:14:24:14:28 | query indirection | +| search.c:73:17:73:25 | raw_query indirection | search.c:22:24:22:28 | query indirection | +| search.c:77:17:77:25 | raw_query indirection | search.c:55:24:55:28 | query indirection | nodes -| search.c:14:24:14:28 | query | semmle.label | query | -| search.c:17:8:17:12 | query | semmle.label | query | -| search.c:17:8:17:12 | query | semmle.label | query | -| search.c:22:24:22:28 | query | semmle.label | query | -| search.c:23:39:23:43 | query | semmle.label | query | -| search.c:23:39:23:43 | query | semmle.label | query | -| search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv | -| search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv | -| search.c:55:17:55:25 | raw_query | semmle.label | raw_query | -| search.c:57:17:57:25 | raw_query | semmle.label | raw_query | +| search.c:14:24:14:28 | query indirection | semmle.label | query indirection | +| search.c:17:8:17:12 | query indirection | semmle.label | query indirection | +| search.c:22:24:22:28 | query indirection | semmle.label | query indirection | +| search.c:23:39:23:43 | query indirection | semmle.label | query indirection | +| search.c:55:24:55:28 | query indirection | semmle.label | query indirection | +| search.c:62:8:62:17 | query_text indirection | semmle.label | query_text indirection | +| search.c:67:21:67:26 | call to getenv indirection | semmle.label | call to getenv indirection | +| search.c:71:17:71:25 | raw_query indirection | semmle.label | raw_query indirection | +| search.c:73:17:73:25 | raw_query indirection | semmle.label | raw_query indirection | +| search.c:77:17:77:25 | raw_query indirection | semmle.label | raw_query indirection | +subpaths #select -| search.c:17:8:17:12 | query | search.c:51:21:51:26 | call to getenv | search.c:17:8:17:12 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data | -| search.c:23:39:23:43 | query | search.c:51:21:51:26 | call to getenv | search.c:23:39:23:43 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data | +| search.c:17:8:17:12 | query indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:17:8:17:12 | query indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data | +| search.c:23:39:23:43 | query indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:23:39:23:43 | query indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data | +| search.c:62:8:62:17 | query_text indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:62:8:62:17 | query_text indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c index 77c830985d2..9369d80fd91 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c @@ -47,6 +47,22 @@ void good_server2(char* query) { printf("\n

%i

\n", i); } +typedef unsigned long size_t; +size_t strlen(const char *s); +char *strcpy(char *dst, const char *src); +char *strcat(char *s1, const char *s2); + +void bad_server3(char* query) { + char query_text[strlen(query) + 8]; + strcpy(query_text, "query: "); + strcat(query_text, query); + + puts("

Query results for "); + // BAD: Printing out an HTTP parameter with no escaping + puts(query_text); + puts("\n

\n"); +} + int main(int argc, char** argv) { char* raw_query = getenv("QUERY_STRING"); if (strcmp("good1", argv[0]) == 0) { @@ -57,5 +73,7 @@ int main(int argc, char** argv) { bad_server2(raw_query); } else if (strcmp("good2", argv[0]) == 0) { good_server2(raw_query); + } else if (strcmp("bad3", argv[0]) == 0) { + bad_server3(raw_query); } } diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected index 73f93c6ba9b..82049fc9229 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected @@ -7,6 +7,7 @@ edges | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src indirection | | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument | +| overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument | | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 indirection | | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src indirection | | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src indirection | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected index 814689b7202..2b27b7ff732 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected @@ -67,8 +67,6 @@ edges | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | -| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 | | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 | | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 | @@ -163,7 +161,6 @@ nodes | argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ | | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... | | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... | -| argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... | | argvLocal.c:136:17:136:18 | i4 | semmle.label | i4 | | argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... | | argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected index e8e611e1961..555fa923549 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected @@ -5,33 +5,33 @@ edges | test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | | test.cpp:39:27:39:30 | argv indirection | test.cpp:50:17:50:30 | size | | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | -| test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | +| test.cpp:124:18:124:31 | call to getenv | test.cpp:128:24:128:41 | ... * ... | | test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... | -| test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | +| test.cpp:133:19:133:32 | call to getenv | test.cpp:135:10:135:27 | ... * ... | | test.cpp:133:19:133:32 | call to getenv indirection | test.cpp:135:10:135:27 | ... * ... | -| test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | +| test.cpp:148:20:148:33 | call to getenv | test.cpp:152:11:152:28 | ... * ... | | test.cpp:148:20:148:33 | call to getenv indirection | test.cpp:152:11:152:28 | ... * ... | | test.cpp:209:8:209:23 | get_tainted_size indirection | test.cpp:241:9:241:24 | call to get_tainted_size | -| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | get_tainted_size indirection | +| test.cpp:211:14:211:27 | call to getenv | test.cpp:209:8:209:23 | get_tainted_size indirection | | test.cpp:211:14:211:27 | call to getenv indirection | test.cpp:209:8:209:23 | get_tainted_size indirection | | test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s | -| test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size | -| test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size | -| test.cpp:237:24:237:29 | call to getenv | test.cpp:247:10:247:19 | local_size | +| test.cpp:237:24:237:37 | call to getenv | test.cpp:239:9:239:18 | local_size | +| test.cpp:237:24:237:37 | call to getenv | test.cpp:245:11:245:20 | local_size | +| test.cpp:237:24:237:37 | call to getenv | test.cpp:247:10:247:19 | local_size | | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:239:9:239:18 | local_size | | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:245:11:245:20 | local_size | | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:247:10:247:19 | local_size | | test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s | | test.cpp:250:20:250:27 | out_size | test.cpp:289:17:289:20 | get_size output argument | | test.cpp:250:20:250:27 | out_size | test.cpp:305:18:305:21 | get_size output argument | -| test.cpp:251:18:251:23 | call to getenv | test.cpp:250:20:250:27 | out_size | +| test.cpp:251:18:251:31 | call to getenv | test.cpp:250:20:250:27 | out_size | | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:250:20:250:27 | out_size | -| test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | +| test.cpp:259:20:259:33 | call to getenv | test.cpp:263:11:263:29 | ... * ... | | test.cpp:259:20:259:33 | call to getenv indirection | test.cpp:263:11:263:29 | ... * ... | | test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... | | test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... | -| test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size | -| test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size | +| test.cpp:353:18:353:31 | call to getenv | test.cpp:355:35:355:38 | size | +| test.cpp:353:18:353:31 | call to getenv | test.cpp:356:35:356:38 | size | | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:355:35:355:38 | size | | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:356:35:356:38 | size | nodes @@ -42,37 +42,37 @@ nodes | test.cpp:49:32:49:35 | size | semmle.label | size | | test.cpp:50:17:50:30 | size | semmle.label | size | | test.cpp:53:35:53:60 | ... * ... | semmle.label | ... * ... | -| test.cpp:124:18:124:23 | call to getenv | semmle.label | call to getenv | +| test.cpp:124:18:124:31 | call to getenv | semmle.label | call to getenv | | test.cpp:124:18:124:31 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:128:24:128:41 | ... * ... | semmle.label | ... * ... | -| test.cpp:133:19:133:24 | call to getenv | semmle.label | call to getenv | +| test.cpp:133:19:133:32 | call to getenv | semmle.label | call to getenv | | test.cpp:133:19:133:32 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:135:10:135:27 | ... * ... | semmle.label | ... * ... | -| test.cpp:148:20:148:25 | call to getenv | semmle.label | call to getenv | +| test.cpp:148:20:148:33 | call to getenv | semmle.label | call to getenv | | test.cpp:148:20:148:33 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... | | test.cpp:209:8:209:23 | get_tainted_size indirection | semmle.label | get_tainted_size indirection | -| test.cpp:211:14:211:19 | call to getenv | semmle.label | call to getenv | +| test.cpp:211:14:211:27 | call to getenv | semmle.label | call to getenv | | test.cpp:211:14:211:27 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:230:21:230:21 | s | semmle.label | s | | test.cpp:231:21:231:21 | s | semmle.label | s | -| test.cpp:237:24:237:29 | call to getenv | semmle.label | call to getenv | +| test.cpp:237:24:237:37 | call to getenv | semmle.label | call to getenv | | test.cpp:237:24:237:37 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:239:9:239:18 | local_size | semmle.label | local_size | | test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size | | test.cpp:245:11:245:20 | local_size | semmle.label | local_size | | test.cpp:247:10:247:19 | local_size | semmle.label | local_size | | test.cpp:250:20:250:27 | out_size | semmle.label | out_size | -| test.cpp:251:18:251:23 | call to getenv | semmle.label | call to getenv | +| test.cpp:251:18:251:31 | call to getenv | semmle.label | call to getenv | | test.cpp:251:18:251:31 | call to getenv indirection | semmle.label | call to getenv indirection | -| test.cpp:259:20:259:25 | call to getenv | semmle.label | call to getenv | +| test.cpp:259:20:259:33 | call to getenv | semmle.label | call to getenv | | test.cpp:259:20:259:33 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... | | test.cpp:289:17:289:20 | get_size output argument | semmle.label | get_size output argument | | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... | | test.cpp:305:18:305:21 | get_size output argument | semmle.label | get_size output argument | | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... | -| test.cpp:353:18:353:23 | call to getenv | semmle.label | call to getenv | +| test.cpp:353:18:353:31 | call to getenv | semmle.label | call to getenv | | test.cpp:353:18:353:31 | call to getenv indirection | semmle.label | call to getenv indirection | | test.cpp:355:35:355:38 | size | semmle.label | size | | test.cpp:356:35:356:38 | size | semmle.label | size | @@ -84,27 +84,27 @@ subpaths | test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | | test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv indirection | test.cpp:50:17:50:30 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | | test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | -| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) | +| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:31 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:31 | call to getenv | user input (an environment variable) | | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:31 | call to getenv indirection | user input (an environment variable) | -| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) | +| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:32 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:32 | call to getenv | user input (an environment variable) | | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:32 | call to getenv indirection | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:32 | call to getenv indirection | user input (an environment variable) | -| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) | +| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:33 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:33 | call to getenv | user input (an environment variable) | | test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:33 | call to getenv indirection | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:33 | call to getenv indirection | user input (an environment variable) | -| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) | +| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:37 | call to getenv | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv | user input (an environment variable) | | test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) | -| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) | +| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:37 | call to getenv | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv | user input (an environment variable) | | test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) | -| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:19 | call to getenv | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:19 | call to getenv | user input (an environment variable) | +| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:27 | call to getenv | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:27 | call to getenv | user input (an environment variable) | | test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:27 | call to getenv indirection | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:27 | call to getenv indirection | user input (an environment variable) | -| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) | +| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:37 | call to getenv | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv | user input (an environment variable) | | test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) | -| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:25 | call to getenv | user input (an environment variable) | +| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:33 | call to getenv | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:33 | call to getenv | user input (an environment variable) | | test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:33 | call to getenv indirection | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:33 | call to getenv indirection | user input (an environment variable) | -| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) | +| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:31 | call to getenv | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv | user input (an environment variable) | | test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv indirection | user input (an environment variable) | -| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) | +| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:31 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv | user input (an environment variable) | | test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv indirection | user input (an environment variable) | -| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) | +| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:31 | call to getenv | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv | user input (an environment variable) | | test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv indirection | user input (an environment variable) | -| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) | +| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:31 | call to getenv | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv | user input (an environment variable) | | test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv indirection | user input (an environment variable) | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected index 717777f83fa..1148e98980c 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected @@ -46,7 +46,6 @@ edges | test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | | test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | ... = ... | | test.cpp:238:20:238:32 | new[] | test.cpp:239:5:239:22 | ... = ... | -| test.cpp:248:13:248:36 | call to realloc | test.cpp:254:9:254:16 | ... = ... | | test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | | test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | * ... | @@ -182,6 +181,12 @@ edges | test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | | test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | | test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | +| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | +| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | +| test.cpp:856:12:856:35 | call to malloc | test.cpp:860:5:860:11 | ... = ... | +| test.cpp:857:16:857:29 | ... + ... | test.cpp:857:16:857:29 | ... + ... | +| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | +| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | nodes | test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc | | test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... | @@ -215,8 +220,6 @@ nodes | test.cpp:232:3:232:20 | ... = ... | semmle.label | ... = ... | | test.cpp:238:20:238:32 | new[] | semmle.label | new[] | | test.cpp:239:5:239:22 | ... = ... | semmle.label | ... = ... | -| test.cpp:248:13:248:36 | call to realloc | semmle.label | call to realloc | -| test.cpp:254:9:254:16 | ... = ... | semmle.label | ... = ... | | test.cpp:260:13:260:24 | new[] | semmle.label | new[] | | test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | | test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | @@ -310,6 +313,10 @@ nodes | test.cpp:842:3:842:20 | ... = ... | semmle.label | ... = ... | | test.cpp:848:20:848:37 | call to malloc | semmle.label | call to malloc | | test.cpp:849:5:849:22 | ... = ... | semmle.label | ... = ... | +| test.cpp:856:12:856:35 | call to malloc | semmle.label | call to malloc | +| test.cpp:857:16:857:29 | ... + ... | semmle.label | ... + ... | +| test.cpp:857:16:857:29 | ... + ... | semmle.label | ... + ... | +| test.cpp:860:5:860:11 | ... = ... | semmle.label | ... = ... | subpaths #select | test.cpp:6:14:6:15 | * ... | test.cpp:4:15:4:33 | call to malloc | test.cpp:6:14:6:15 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:33 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -322,7 +329,6 @@ subpaths | test.cpp:213:5:213:13 | ... = ... | test.cpp:205:15:205:33 | call to malloc | test.cpp:213:5:213:13 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:205:15:205:33 | call to malloc | call to malloc | test.cpp:206:21:206:23 | len | len | | test.cpp:232:3:232:20 | ... = ... | test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:231:18:231:30 | new[] | new[] | test.cpp:232:11:232:15 | index | index | | test.cpp:239:5:239:22 | ... = ... | test.cpp:238:20:238:32 | new[] | test.cpp:239:5:239:22 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:238:20:238:32 | new[] | new[] | test.cpp:239:13:239:17 | index | index | -| test.cpp:254:9:254:16 | ... = ... | test.cpp:248:13:248:36 | call to realloc | test.cpp:254:9:254:16 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:248:13:248:36 | call to realloc | call to realloc | test.cpp:254:11:254:11 | i | i | | test.cpp:264:13:264:14 | * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:358:14:358:26 | end_plus_one indirection | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | end_plus_one indirection | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | @@ -348,3 +354,4 @@ subpaths | test.cpp:821:7:821:12 | ... = ... | test.cpp:793:14:793:32 | call to malloc | test.cpp:821:7:821:12 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:793:14:793:32 | call to malloc | call to malloc | test.cpp:794:21:794:24 | size | size | | test.cpp:842:3:842:20 | ... = ... | test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:841:18:841:35 | call to malloc | call to malloc | test.cpp:842:11:842:15 | index | index | | test.cpp:849:5:849:22 | ... = ... | test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:848:20:848:37 | call to malloc | call to malloc | test.cpp:849:13:849:17 | index | index | +| test.cpp:860:5:860:11 | ... = ... | test.cpp:856:12:856:35 | call to malloc | test.cpp:860:5:860:11 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:856:12:856:35 | call to malloc | call to malloc | test.cpp:857:21:857:28 | ... + ... | ... + ... | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-193/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-193/test.cpp index 79966058a02..e1598902ac6 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-193/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-193/test.cpp @@ -251,7 +251,7 @@ void test17(unsigned *p, unsigned x, unsigned k) { // The following access is okay because: // n = 3*p[0] + k >= p[0] + k >= p[1] + k > p[1] = i // (where p[0] denotes the original value for p[0]) - p[i] = x; // $ alloc=L248 deref=L254 // GOOD [FALSE POSITIVE] + p[i] = x; // GOOD } } @@ -848,4 +848,15 @@ void test16_with_malloc(size_t index) { int* newname = (int*)malloc(size); newname[index] = 0; // $ SPURIOUS: alloc=L848 deref=L849 // GOOD [FALSE POSITIVE] } +} + +# define MyMalloc(size) malloc(((size) == 0 ? 1 : (size))) + +void test_regression(size_t size) { + int* p = (int*)MyMalloc(size + 1); + int* chend = p + (size + 1); // $ alloc=L856+1 + + if(p <= chend) { + *p = 42; // $ deref=L860 // BAD + } } \ No newline at end of file diff --git a/csharp/BUILD.bazel b/csharp/BUILD.bazel new file mode 100644 index 00000000000..657820b3395 --- /dev/null +++ b/csharp/BUILD.bazel @@ -0,0 +1,11 @@ +package(default_visibility = ["//visibility:public"]) + +alias( + name = "dbscheme", + actual = "//csharp/ql/lib:dbscheme", +) + +alias( + name = "dbscheme-stats", + actual = "//csharp/ql/lib:dbscheme-stats", +) diff --git a/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/old.dbscheme b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/old.dbscheme new file mode 100644 index 00000000000..1f291d4f424 --- /dev/null +++ b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/old.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/semmlecode.csharp.dbscheme b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..cc2eccd6026 --- /dev/null +++ b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/semmlecode.csharp.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/upgrade.properties b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/upgrade.properties new file mode 100644 index 00000000000..8546a8f5ebe --- /dev/null +++ b/csharp/downgrades/1f291d4f424b498e7500c0359ca1fe030628a448/upgrade.properties @@ -0,0 +1,2 @@ +description: Exclude @void_type from @value_type +compatibility: full diff --git a/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme new file mode 100644 index 00000000000..cc2eccd6026 --- /dev/null +++ b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..585d6402ff8 --- /dev/null +++ b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme @@ -0,0 +1,2078 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +#keyset[entity, location] +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties new file mode 100644 index 00000000000..d335b01f9d8 --- /dev/null +++ b/csharp/downgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties @@ -0,0 +1,2 @@ +description: Add keyset to metadata_handle +compatibility: full diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCache.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCache.cs index 75bfbc0e778..51ffdece6a3 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCache.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCache.cs @@ -70,7 +70,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching foreach (var info in assemblyInfoByFileName.Values .OrderBy(info => info.Name) .ThenBy(info => info.NetCoreVersion ?? emptyVersion) - .ThenBy(info => info.Version ?? emptyVersion)) + .ThenBy(info => info.Version ?? emptyVersion) + .ThenBy(info => info.Filename)) { foreach (var index in info.IndexStrings) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyInfo.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyInfo.cs index 9332f492774..d3522025e27 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyInfo.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyInfo.cs @@ -32,7 +32,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching ///

/// The version number of the .NET Core framework that this assembly targets. - /// + /// /// This is extracted from the `TargetFrameworkAttribute` of the assembly, e.g. /// ``` /// [assembly:TargetFramework(".NETCoreApp,Version=v7.0")] @@ -160,11 +160,22 @@ namespace Semmle.Extraction.CSharp.DependencyFetching * loading the same assembly from different locations. */ using var pereader = new System.Reflection.PortableExecutable.PEReader(new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read)); + if (!pereader.HasMetadata) + { + throw new AssemblyLoadException(); + } + using var sha1 = SHA1.Create(); var metadata = pereader.GetMetadata(); + unsafe { var reader = new MetadataReader(metadata.Pointer, metadata.Length); + if (!reader.IsAssembly) + { + throw new AssemblyLoadException(); + } + var def = reader.GetAssemblyDefinition(); // This is how you compute the public key token from the full public key. diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 95b6cf57b9a..25bbd1c83f7 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -47,9 +47,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching this.progressMonitor = new ProgressMonitor(logger); this.sourceDir = new DirectoryInfo(srcDir); + packageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName)); + tempWorkingDirectory = new TemporaryDirectory(FileUtils.GetTemporaryWorkingDirectory(out cleanupTempWorkingDirectory)); + try { - this.dotnet = DotNet.Make(options, progressMonitor); + this.dotnet = DotNet.Make(options, progressMonitor, tempWorkingDirectory); } catch { @@ -59,8 +62,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching this.progressMonitor.FindingFiles(srcDir); - packageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName)); - tempWorkingDirectory = new TemporaryDirectory(GetTemporaryWorkingDirectory(out cleanupTempWorkingDirectory)); var allFiles = GetAllFiles(); var binaryFileExtensions = new HashSet(new[] { ".dll", ".exe" }); // TODO: add more binary file extensions. @@ -77,21 +78,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching ? allFiles.SelectFileNamesByExtension(".dll").ToList() : options.DllDirs.Select(Path.GetFullPath).ToList(); - // Find DLLs in the .Net / Asp.Net Framework - if (options.ScanNetFrameworkDlls) - { - var runtime = new Runtime(dotnet); - var runtimeLocation = runtime.GetRuntime(options.UseSelfContainedDotnet); - progressMonitor.LogInfo($".NET runtime location selected: {runtimeLocation}"); - dllDirNames.Add(runtimeLocation); - - if (fileContent.UseAspNetDlls && runtime.GetAspRuntime() is string aspRuntime) - { - progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspRuntime}"); - dllDirNames.Add(aspRuntime); - } - } - if (options.UseNuGet) { dllDirNames.Add(packageDirectory.DirInfo.FullName); @@ -111,6 +97,26 @@ namespace Semmle.Extraction.CSharp.DependencyFetching DownloadMissingPackages(allNonBinaryFiles); } + var existsNetCoreRefNugetPackage = false; + var existsNetFrameworkRefNugetPackage = false; + + // Find DLLs in the .Net / Asp.Net Framework + // This block needs to come after the nuget restore, because the nuget restore might fetch the .NET Core/Framework reference assemblies. + if (options.ScanNetFrameworkDlls) + { + existsNetCoreRefNugetPackage = IsNugetPackageAvailable("microsoft.netcore.app.ref"); + existsNetFrameworkRefNugetPackage = IsNugetPackageAvailable("microsoft.netframework.referenceassemblies"); + + if (existsNetCoreRefNugetPackage || existsNetFrameworkRefNugetPackage) + { + progressMonitor.LogInfo("Found .NET Core/Framework DLLs in NuGet packages. Not adding installation directory."); + } + else + { + AddNetFrameworkDlls(dllDirNames); + } + } + assemblyCache = new AssemblyCache(dllDirNames, progressMonitor); AnalyseSolutions(solutions); @@ -119,7 +125,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching UseReference(filename); } - RemoveRuntimeNugetPackageReferences(); + RemoveUnnecessaryNugetPackages(existsNetCoreRefNugetPackage, existsNetFrameworkRefNugetPackage); ResolveConflicts(); // Output the findings @@ -154,7 +160,30 @@ namespace Semmle.Extraction.CSharp.DependencyFetching DateTime.Now - startTime); } - private void RemoveRuntimeNugetPackageReferences() + private void RemoveUnnecessaryNugetPackages(bool existsNetCoreRefNugetPackage, bool existsNetFrameworkRefNugetPackage) + { + RemoveNugetAnalyzerReferences(); + RemoveRuntimeNugetPackageReferences(); + + if (fileContent.IsNewProjectStructureUsed + && !fileContent.UseAspNetCoreDlls) + { + // This might have been restored by the CLI even though the project isn't an asp.net core one. + RemoveNugetPackageReference("microsoft.aspnetcore.app.ref"); + } + + if (existsNetCoreRefNugetPackage && existsNetFrameworkRefNugetPackage) + { + // Multiple packages are available, we keep only one: + RemoveNugetPackageReference("microsoft.netframework.referenceassemblies."); + } + + // TODO: There could be multiple `microsoft.netframework.referenceassemblies` packages, + // we could keep the newest one, but this is covered by the conflict resolution logic + // (if the file names match) + } + + private void RemoveNugetAnalyzerReferences() { if (!options.UseNuGet) { @@ -162,23 +191,108 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } var packageFolder = packageDirectory.DirInfo.FullName.ToLowerInvariant(); - var runtimePackageNamePrefixes = new[] + if (packageFolder == null) { - Path.Combine(packageFolder, "microsoft.netcore.app.runtime"), - Path.Combine(packageFolder, "microsoft.aspnetcore.app.runtime"), - Path.Combine(packageFolder, "microsoft.windowsdesktop.app.runtime"), - - // legacy runtime packages: - Path.Combine(packageFolder, "runtime.linux-x64.microsoft.netcore.app"), - Path.Combine(packageFolder, "runtime.osx-x64.microsoft.netcore.app"), - Path.Combine(packageFolder, "runtime.win-x64.microsoft.netcore.app"), - }; + return; + } foreach (var filename in usedReferences.Keys) { var lowerFilename = filename.ToLowerInvariant(); - if (runtimePackageNamePrefixes.Any(prefix => lowerFilename.StartsWith(prefix))) + if (lowerFilename.StartsWith(packageFolder)) + { + var firstDirectorySeparatorCharIndex = lowerFilename.IndexOf(Path.DirectorySeparatorChar, packageFolder.Length + 1); + if (firstDirectorySeparatorCharIndex == -1) + { + continue; + } + var secondDirectorySeparatorCharIndex = lowerFilename.IndexOf(Path.DirectorySeparatorChar, firstDirectorySeparatorCharIndex + 1); + if (secondDirectorySeparatorCharIndex == -1) + { + continue; + } + var subFolderIndex = secondDirectorySeparatorCharIndex + 1; + var isInAnalyzersFolder = lowerFilename.IndexOf("analyzers", subFolderIndex) == subFolderIndex; + if (isInAnalyzersFolder) + { + usedReferences.Remove(filename); + progressMonitor.RemovedReference(filename); + } + } + } + } + private void AddNetFrameworkDlls(List dllDirNames) + { + var runtime = new Runtime(dotnet); + string? runtimeLocation = null; + + if (options.UseSelfContainedDotnet) + { + runtimeLocation = runtime.ExecutingRuntime; + } + else if (fileContent.IsNewProjectStructureUsed) + { + runtimeLocation = runtime.NetCoreRuntime; + } + else if (fileContent.IsLegacyProjectStructureUsed) + { + runtimeLocation = runtime.DesktopRuntime; + } + + runtimeLocation ??= runtime.ExecutingRuntime; + + progressMonitor.LogInfo($".NET runtime location selected: {runtimeLocation}"); + dllDirNames.Add(runtimeLocation); + + if (fileContent.IsNewProjectStructureUsed + && fileContent.UseAspNetCoreDlls + && runtime.AspNetCoreRuntime is string aspRuntime) + { + progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspRuntime}"); + dllDirNames.Add(aspRuntime); + } + } + + private void RemoveRuntimeNugetPackageReferences() + { + var runtimePackagePrefixes = new[] + { + "microsoft.netcore.app.runtime", + "microsoft.aspnetcore.app.runtime", + "microsoft.windowsdesktop.app.runtime", + + // legacy runtime packages: + "runtime.linux-x64.microsoft.netcore.app", + "runtime.osx-x64.microsoft.netcore.app", + "runtime.win-x64.microsoft.netcore.app", + + // Internal implementation packages not meant for direct consumption: + "runtime." + }; + RemoveNugetPackageReference(runtimePackagePrefixes); + } + + private void RemoveNugetPackageReference(params string[] packagePrefixes) + { + if (!options.UseNuGet) + { + return; + } + + var packageFolder = packageDirectory.DirInfo.FullName.ToLowerInvariant(); + if (packageFolder == null) + { + return; + } + + var packagePathPrefixes = packagePrefixes.Select(p => Path.Combine(packageFolder, p.ToLowerInvariant())); + + foreach (var filename in usedReferences.Keys) + { + var lowerFilename = filename.ToLowerInvariant(); + + if (packagePathPrefixes.Any(prefix => lowerFilename.StartsWith(prefix))) { usedReferences.Remove(filename); progressMonitor.RemovedReference(filename); @@ -186,6 +300,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } } + private bool IsNugetPackageAvailable(string packagePrefix) + { + if (!options.UseNuGet) + { + return false; + } + + return new DirectoryInfo(packageDirectory.DirInfo.FullName) + .EnumerateDirectories(packagePrefix + "*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false }) + .Any(); + } + private void GenerateSourceFileFromImplicitUsings() { var usings = new HashSet(); @@ -198,7 +324,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching usings.UnionWith(new[] { "System", "System.Collections.Generic", "System.IO", "System.Linq", "System.Net.Http", "System.Threading", "System.Threading.Tasks" }); - if (fileContent.UseAspNetDlls) + if (fileContent.UseAspNetCoreDlls) { usings.UnionWith(new[] { "System.Net.Http.Json", "Microsoft.AspNetCore.Builder", "Microsoft.AspNetCore.Hosting", "Microsoft.AspNetCore.Http", "Microsoft.AspNetCore.Routing", "Microsoft.Extensions.Configuration", @@ -286,22 +412,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching return Path.Combine(Path.GetTempPath(), "GitHub", "packages", sb.ToString()); } - private static string GetTemporaryWorkingDirectory(out bool cleanupTempWorkingDirectory) - { - cleanupTempWorkingDirectory = false; - var tempFolder = EnvironmentVariables.GetScratchDirectory(); - - if (string.IsNullOrEmpty(tempFolder)) - { - var tempPath = Path.GetTempPath(); - var name = Guid.NewGuid().ToString("N").ToUpper(); - tempFolder = Path.Combine(tempPath, "GitHub", name); - cleanupTempWorkingDirectory = true; - } - - return tempFolder; - } - /// /// Creates a temporary directory with the given subfolder name. /// The created directory might be inside the repo folder, and it is deleted when the object is disposed. @@ -338,7 +448,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } var emptyVersion = new Version(0, 0); - sortedReferences = sortedReferences.OrderBy(r => r.NetCoreVersion ?? emptyVersion).ThenBy(r => r.Version ?? emptyVersion).ToList(); + sortedReferences = sortedReferences + .OrderBy(r => r.NetCoreVersion ?? emptyVersion) + .ThenBy(r => r.Version ?? emptyVersion) + .ThenBy(r => r.Filename) + .ToList(); var finalAssemblyList = new Dictionary(); @@ -473,11 +587,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } - private bool RestoreProject(string project, string? pathToNugetConfig = null) => - dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, pathToNugetConfig); + private bool RestoreProject(string project, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) => + dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching, pathToNugetConfig); private bool RestoreSolution(string solution, out IEnumerable projects) => - dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, out projects); + dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching: true, out projects); /// /// Executes `dotnet restore` on all solution files in solutions. @@ -503,7 +617,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { Parallel.ForEach(projects, new ParallelOptions { MaxDegreeOfParallelism = options.Threads }, project => { - RestoreProject(project); + RestoreProject(project, forceDotnetRefAssemblyFetching: true); }); } @@ -548,7 +662,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching return; } - success = RestoreProject(tempDir.DirInfo.FullName, nugetConfig); + success = RestoreProject(tempDir.DirInfo.FullName, forceDotnetRefAssemblyFetching: false, pathToNugetConfig: nugetConfig); // TODO: the restore might fail, we could retry with a prerelease (*-* instead of *) version of the package. if (!success) { @@ -576,9 +690,25 @@ namespace Semmle.Extraction.CSharp.DependencyFetching public void Dispose() { - packageDirectory?.Dispose(); + try + { + packageDirectory?.Dispose(); + } + catch (Exception exc) + { + progressMonitor.LogInfo("Couldn't delete package directory: " + exc.Message); + } if (cleanupTempWorkingDirectory) - tempWorkingDirectory?.Dispose(); + { + try + { + tempWorkingDirectory?.Dispose(); + } + catch (Exception exc) + { + progressMonitor.LogInfo("Couldn't delete temporary working directory: " + exc.Message); + } + } } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs index 8a5db9fed12..52c56b2ad0f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.IO; using System.Linq; using System.Text.RegularExpressions; +using Semmle.Util; namespace Semmle.Extraction.CSharp.DependencyFetching { @@ -13,19 +14,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { private readonly IDotNetCliInvoker dotnetCliInvoker; private readonly ProgressMonitor progressMonitor; + private readonly TemporaryDirectory? tempWorkingDirectory; - private DotNet(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor) + private DotNet(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor, TemporaryDirectory? tempWorkingDirectory = null) { this.progressMonitor = progressMonitor; + this.tempWorkingDirectory = tempWorkingDirectory; this.dotnetCliInvoker = dotnetCliInvoker; Info(); } - private DotNet(IDependencyOptions options, ProgressMonitor progressMonitor) : this(new DotNetCliInvoker(progressMonitor, Path.Combine(options.DotNetPath ?? string.Empty, "dotnet")), progressMonitor) { } + private DotNet(IDependencyOptions options, ProgressMonitor progressMonitor, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(progressMonitor, Path.Combine(options.DotNetPath ?? string.Empty, "dotnet")), progressMonitor, tempWorkingDirectory) { } internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor) => new DotNet(dotnetCliInvoker, progressMonitor); - public static IDotNet Make(IDependencyOptions options, ProgressMonitor progressMonitor) => new DotNet(options, progressMonitor); + public static IDotNet Make(IDependencyOptions options, ProgressMonitor progressMonitor, TemporaryDirectory tempWorkingDirectory) => new DotNet(options, progressMonitor, tempWorkingDirectory); private void Info() { @@ -37,12 +40,29 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } } - private static string GetRestoreArgs(string projectOrSolutionFile, string packageDirectory) => - $"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true"; - - public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, string? pathToNugetConfig = null) + private string GetRestoreArgs(string projectOrSolutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching) { - var args = GetRestoreArgs(projectFile, packageDirectory); + var args = $"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true"; + + if (forceDotnetRefAssemblyFetching) + { + // Ugly hack: we set the TargetFrameworkRootPath and NetCoreTargetingPackRoot properties to an empty folder: + var path = ".empty"; + if (tempWorkingDirectory != null) + { + path = Path.Combine(tempWorkingDirectory.ToString(), "emptyFakeDotnetRoot"); + Directory.CreateDirectory(path); + } + + args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\""; + } + + return args; + } + + public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) + { + var args = GetRestoreArgs(projectFile, packageDirectory, forceDotnetRefAssemblyFetching); if (pathToNugetConfig != null) { args += $" --configfile \"{pathToNugetConfig}\""; @@ -51,9 +71,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching return dotnetCliInvoker.RunCommand(args); } - public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, out IEnumerable projects) + public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable projects) { - var args = GetRestoreArgs(solutionFile, packageDirectory); + var args = GetRestoreArgs(solutionFile, packageDirectory, forceDotnetRefAssemblyFetching); args += " --verbosity normal"; if (dotnetCliInvoker.RunCommand(args, out var output)) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileContent.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileContent.cs index 1dd0ad42318..1fc3c07fd17 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileContent.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileContent.cs @@ -31,21 +31,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } } - private bool useAspNetDlls = false; + private bool useAspNetCoreDlls = false; /// - /// True if any file in the source directory indicates that ASP.NET is used. - /// The following heuristic is used to decide, if ASP.NET is used: + /// True if any file in the source directory indicates that ASP.NET Core is used. + /// The following heuristic is used to decide, if ASP.NET Core is used: /// If any file in the source directory contains something like (this will most like be a .csproj file) /// /// /// - public bool UseAspNetDlls + public bool UseAspNetCoreDlls { get { initialize.Run(); - return useAspNetDlls; + return useAspNetCoreDlls; } } @@ -60,6 +60,27 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } } + private bool isLegacyProjectStructureUsed = false; + + public bool IsLegacyProjectStructureUsed + { + get + { + initialize.Run(); + return isLegacyProjectStructureUsed; + } + } + + private bool isNewProjectStructureUsed = false; + public bool IsNewProjectStructureUsed + { + get + { + initialize.Run(); + return isNewProjectStructureUsed; + } + } + public HashSet CustomImplicitUsings { get @@ -141,19 +162,15 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } // Determine if ASP.NET is used. - if (!useAspNetDlls) - { - useAspNetDlls = - IsGroupMatch(line, ProjectSdk(), "Sdk", "Microsoft.NET.Sdk.Web") || - IsGroupMatch(line, FrameworkReference(), "Include", "Microsoft.AspNetCore.App"); - } + useAspNetCoreDlls = useAspNetCoreDlls + || IsGroupMatch(line, ProjectSdk(), "Sdk", "Microsoft.NET.Sdk.Web") + || IsGroupMatch(line, FrameworkReference(), "Include", "Microsoft.AspNetCore.App"); + // Determine if implicit usings are used. - if (!useImplicitUsings) - { - useImplicitUsings = line.Contains("enable".AsSpan(), StringComparison.Ordinal) || - line.Contains("true".AsSpan(), StringComparison.Ordinal); - } + useImplicitUsings = useImplicitUsings + || line.Contains("enable".AsSpan(), StringComparison.Ordinal) + || line.Contains("true".AsSpan(), StringComparison.Ordinal); // Find all custom implicit usings. foreach (var valueMatch in CustomImplicitUsingDeclarations().EnumerateMatches(line)) @@ -164,6 +181,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching implicitUsingNamespaces.Add(ns); } } + + // Determine project structure: + isLegacyProjectStructureUsed = isLegacyProjectStructureUsed || MicrosoftCSharpTargets().IsMatch(line); + isNewProjectStructureUsed = isNewProjectStructureUsed + || ProjectSdk().IsMatch(line) + || FrameworkReference().IsMatch(line); + // TODO: we could also check `` } } catch (Exception ex) @@ -184,6 +208,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching [GeneratedRegex("", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)] private static partial Regex CustomImplicitUsingDeclarations(); + + [GeneratedRegex("", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)] + private static partial Regex MicrosoftCSharpTargets(); } internal interface IUnsafeFileReader diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs index 0612d772880..6211fde32ad 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs @@ -4,8 +4,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { internal interface IDotNet { - bool RestoreProjectToDirectory(string project, string directory, string? pathToNugetConfig = null); - bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, out IEnumerable projects); + bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null); + bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable projects); bool New(string folder); bool AddPackage(string folder, string package); IList GetListedRuntimes(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackages.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackages.cs index 6443c99127e..541853faf38 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackages.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackages.cs @@ -13,7 +13,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching /// internal class NugetPackages { - private readonly string nugetExe; + private readonly string? nugetExe; private readonly ProgressMonitor progressMonitor; /// @@ -36,10 +36,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching this.packageDirectory = packageDirectory; this.progressMonitor = progressMonitor; - nugetExe = ResolveNugetExe(sourceDir); packageFiles = new DirectoryInfo(sourceDir) .EnumerateFiles("packages.config", SearchOption.AllDirectories) .ToArray(); + + if (packageFiles.Length > 0) + { + nugetExe = ResolveNugetExe(sourceDir); + } + else + { + progressMonitor.LogInfo("Found no packages.config file"); + } } /// @@ -111,7 +119,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching string exe, args; if (Util.Win32.IsWindows()) { - exe = nugetExe; + exe = nugetExe!; args = string.Format("install -OutputDirectory {0} {1}", packageDirectory, package); } else diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/ProgressMonitor.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/ProgressMonitor.cs index e9204e18ef3..f71dbe9498f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/ProgressMonitor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/ProgressMonitor.cs @@ -55,10 +55,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching LogInfo($"Restoring {package}..."); public void ResolvedReference(string filename) => - LogInfo($"Resolved {filename}"); + LogInfo($"Resolved reference {filename}"); public void RemovedReference(string filename) => - LogInfo($"Reference {filename} has been removed"); + LogInfo($"Removed reference {filename}"); public void Summary(int existingSources, int usedSources, int missingSources, int references, int unresolvedReferences, diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs index 3928e8f689e..5b6f47d22f3 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs @@ -19,7 +19,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching private readonly IDotNet dotNet; private readonly Lazy> newestRuntimes; private Dictionary NewestRuntimes => newestRuntimes.Value; - private static string ExecutingRuntime => RuntimeEnvironment.GetRuntimeDirectory(); public Runtime(IDotNet dotNet) { @@ -70,17 +69,17 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { get { - var monoPath = FileUtils.FindProgramOnPath(Win32.IsWindows() ? "mono.exe" : "mono"); - var monoDirs = monoPath is not null - ? new[] { monoPath } - : new[] { "/usr/lib/mono", @"C:\Program Files\Mono\lib\mono" }; - if (Directory.Exists(@"C:\Windows\Microsoft.NET\Framework64")) { return Directory.EnumerateDirectories(@"C:\Windows\Microsoft.NET\Framework64", "v*") .OrderByDescending(Path.GetFileName); } + var monoPath = FileUtils.FindProgramOnPath(Win32.IsWindows() ? "mono.exe" : "mono"); + var monoDirs = monoPath is not null + ? new[] { Path.GetFullPath(Path.Combine(monoPath, "..", "lib", "mono")), monoPath } + : new[] { "/usr/lib/mono", "/usr/local/mono", "/usr/local/bin/mono", @"C:\Program Files\Mono\lib\mono" }; + var dir = monoDirs.FirstOrDefault(Directory.Exists); if (dir is not null) @@ -107,33 +106,23 @@ namespace Semmle.Extraction.CSharp.DependencyFetching } /// - /// Gets the .NET runtime location to use for extraction. + /// Gets the Dotnet Core location. /// - public string GetRuntime(bool useSelfContained) - { - if (useSelfContained) - { - return ExecutingRuntime; - } - - // Location of the newest .NET Core Runtime. - if (GetVersion(netCoreApp) is string path) - { - return path; - } - - if (DesktopRuntimes.Any()) - { - return DesktopRuntimes.First(); - } - - // A bad choice if it's the self-contained runtime distributed in codeql dist. - return ExecutingRuntime; - } + public string? NetCoreRuntime => GetVersion(netCoreApp); /// - /// Gets the ASP.NET runtime location to use for extraction, if one exists. + /// Gets the .NET Framework location. Either the installation folder on Windows or Mono /// - public string? GetAspRuntime() => GetVersion(aspNetCoreApp); + public string? DesktopRuntime => DesktopRuntimes?.FirstOrDefault(); + + /// + /// Gets the executing runtime location, this is the self contained runtime shipped in the CodeQL CLI bundle. + /// + public string ExecutingRuntime => RuntimeEnvironment.GetRuntimeDirectory(); + + /// + /// Gets the ASP.NET Core location. + /// + public string? AspNetCoreRuntime => GetVersion(aspNetCoreApp); } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj index f5b0e319531..45a4858b2bf 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj @@ -8,6 +8,7 @@ true win-x64;linux-x64;osx-x64 enable + $(NoWarn);CA1822 diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs index 0724ad88dfd..47ae7f92986 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs @@ -30,29 +30,46 @@ namespace Semmle.Extraction.CSharp.Standalone IProgressMonitor progressMonitor, Stopwatch stopwatch) { - CSharp.Extractor.Analyse(stopwatch, analyser, options, - references => GetResolvedReferencesStandalone(referencePaths, references), - (analyser, syntaxTrees) => CSharp.Extractor.ReadSyntaxTrees(sources, analyser, null, null, syntaxTrees), - (syntaxTrees, references) => CSharpCompilation.Create( - "csharp.dll", syntaxTrees, references, new CSharpCompilationOptions(OutputKind.ConsoleApplication, allowUnsafe: true) - ), - (compilation, options) => analyser.Initialize(compilation, options), - () => { }, - _ => { }, - () => + var output = FileUtils.CreateTemporaryFile(".dll", out var shouldCleanUpContainingFolder); + + try + { + CSharp.Extractor.Analyse(stopwatch, analyser, options, + references => GetResolvedReferencesStandalone(referencePaths, references), + (analyser, syntaxTrees) => CSharp.Extractor.ReadSyntaxTrees(sources, analyser, null, null, syntaxTrees), + (syntaxTrees, references) => CSharpCompilation.Create( + output.Name, syntaxTrees, references, new CSharpCompilationOptions(OutputKind.ConsoleApplication, allowUnsafe: true) + ), + (compilation, options) => analyser.Initialize(output.FullName, compilation, options), + _ => { }, + () => + { + foreach (var type in analyser.MissingNamespaces) + { + progressMonitor.MissingNamespace(type); + } + + foreach (var type in analyser.MissingTypes) + { + progressMonitor.MissingType(type); + } + + progressMonitor.MissingSummary(analyser.MissingTypes.Count(), analyser.MissingNamespaces.Count()); + }); + } + finally + { + try { - foreach (var type in analyser.MissingNamespaces) + FileUtils.TryDelete(output.FullName); + if (shouldCleanUpContainingFolder) { - progressMonitor.MissingNamespace(type); + output.Directory?.Delete(true); } - - foreach (var type in analyser.MissingTypes) - { - progressMonitor.MissingType(type); - } - - progressMonitor.MissingSummary(analyser.MissingTypes.Count(), analyser.MissingNamespaces.Count()); - }); + } + catch + { } + } } private static void ExtractStandalone( diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs index 3a326a5c019..a997b7129df 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Assembly.cs @@ -16,7 +16,7 @@ namespace Semmle.Extraction.CSharp.Entities if (init is null) { // This is the output assembly - assemblyPath = ((TracingExtractor)cx.Extractor).OutputPath; + assemblyPath = cx.Extractor.OutputPath; assembly = cx.Compilation.Assembly; } else @@ -63,8 +63,6 @@ namespace Semmle.Extraction.CSharp.Entities public static Assembly CreateOutputAssembly(Context cx) { - if (cx.Extractor.Mode.HasFlag(ExtractorMode.Standalone)) - throw new InternalError("Attempting to create the output assembly in standalone extraction mode"); return AssemblyConstructorFactory.Instance.CreateEntity(cx, outputAssemblyCacheKey, null); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs index 4d5eb76f57d..d0130385f42 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs @@ -63,10 +63,7 @@ namespace Semmle.Extraction.CSharp.Entities if (attributeSyntax is not null) { - if (!Context.Extractor.Mode.HasFlag(ExtractorMode.Standalone)) - { - trapFile.attribute_location(this, Assembly.CreateOutputAssembly(Context)); - } + trapFile.attribute_location(this, Assembly.CreateOutputAssembly(Context)); TypeMention.Create(Context, attributeSyntax.Name, this, type); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs index 1b56a72a87d..cc8357ee4ca 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CachedSymbol.cs @@ -97,7 +97,7 @@ namespace Semmle.Extraction.CSharp.Entities { // Some built in operators lack locations, so loc is null. yield return Context.CreateLocation(ReportingLocation); - if (!Context.Extractor.Mode.HasFlag(ExtractorMode.Standalone) && loc.Kind == LocationKind.SourceFile) + if (loc.Kind == LocationKind.SourceFile) yield return Assembly.CreateOutputAssembly(Context); } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs index 68783da51db..da39613e124 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs @@ -15,11 +15,8 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.preprocessor_directive_active(this, Symbol.IsActive); trapFile.preprocessor_directive_location(this, Context.CreateLocation(ReportingLocation)); - if (!Context.Extractor.Mode.HasFlag(ExtractorMode.Standalone)) - { - var compilation = Compilation.Create(Context); - trapFile.preprocessor_directive_compilation(this, compilation); - } + var compilation = Compilation.Create(Context); + trapFile.preprocessor_directive_compilation(this, compilation); } protected abstract void PopulatePreprocessor(TextWriter trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs index e2dafc4df37..93a9add36c4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs @@ -108,7 +108,7 @@ namespace Semmle.Extraction.CSharp.Entities foreach (var l in GetLocations(Symbol)) yield return Context.CreateLocation(l); - if (!Context.Extractor.Mode.HasFlag(ExtractorMode.Standalone) && Symbol.DeclaringSyntaxReferences.Any()) + if (Symbol.DeclaringSyntaxReferences.Any()) yield return Assembly.CreateOutputAssembly(Context); } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs index 5f9c281bdf7..69fa75d8b2c 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs @@ -19,6 +19,8 @@ namespace Semmle.Extraction.CSharp protected Extraction.Extractor? extractor; protected CSharpCompilation? compilation; protected CommonOptions? options; + private protected Entities.Compilation? compilationEntity; + private IDisposable? compilationTrapFile; private readonly object progressMutex = new object(); @@ -226,8 +228,35 @@ namespace Semmle.Extraction.CSharp } } + private void DoAnalyseCompilation() + { + try + { + var assemblyPath = extractor.OutputPath; + var transformedAssemblyPath = PathTransformer.Transform(assemblyPath); + var assembly = compilation.Assembly; + var trapWriter = transformedAssemblyPath.CreateTrapWriter(Logger, options.TrapCompression, discardDuplicates: false); + compilationTrapFile = trapWriter; // Dispose later + var cx = new Context(extractor, compilation.Clone(), trapWriter, new AssemblyScope(assembly, assemblyPath), addAssemblyTrapPrefix); + + compilationEntity = Entities.Compilation.Create(cx); + } + catch (Exception ex) // lgtm[cs/catch-of-all-exceptions] + { + Logger.Log(Severity.Error, " Unhandled exception analyzing {0}: {1}", "compilation", ex); + } + } + #nullable restore warnings + /// + /// Extracts compilation-wide entities, such as compilations and compiler diagnostics. + /// + public void AnalyseCompilation() + { + extractionTasks.Add(() => DoAnalyseCompilation()); + } + private static bool FileIsUpToDate(string src, string dest) { return File.Exists(dest) && @@ -275,6 +304,8 @@ namespace Semmle.Extraction.CSharp Logger.Log(Severity.Info, "EXTRACTION SUCCEEDED in {0}", stopWatch.Elapsed); Logger.Dispose(); + + compilationTrapFile?.Dispose(); } /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs index 33674808f90..5d5bc5860f4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs @@ -302,7 +302,6 @@ namespace Semmle.Extraction.CSharp Func, IEnumerable> getSyntaxTreeTasks, Func, IEnumerable, CSharpCompilation> getCompilation, Action initializeAnalyser, - Action analyseCompilation, Action logPerformance, Action postProcess) { @@ -332,7 +331,7 @@ namespace Semmle.Extraction.CSharp var compilation = getCompilation(syntaxTrees, references); initializeAnalyser(compilation, options); - analyseCompilation(); + analyser.AnalyseCompilation(); analyser.AnalyseReferences(); foreach (var tree in compilation.SyntaxTrees) @@ -416,7 +415,6 @@ namespace Semmle.Extraction.CSharp ); }, (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation), - () => analyser.AnalyseCompilation(), performance => analyser.LogPerformance(performance), () => { }); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/StandaloneAnalyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs similarity index 71% rename from csharp/extractor/Semmle.Extraction.CSharp.Standalone/StandaloneAnalyser.cs rename to csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs index ddc9b60085b..3ae7b8a1d0e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/StandaloneAnalyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs @@ -1,4 +1,6 @@ +using System; using System.Collections.Generic; +using System.IO; using Microsoft.CodeAnalysis.CSharp; using Semmle.Util.Logging; @@ -11,13 +13,15 @@ namespace Semmle.Extraction.CSharp { } - public void Initialize(CSharpCompilation compilationIn, CommonOptions options) + public void Initialize(string outputPath, CSharpCompilation compilationIn, CommonOptions options) { compilation = compilationIn; - extractor = new StandaloneExtractor(Logger, PathTransformer, options); + extractor = new StandaloneExtractor(outputPath, Logger, PathTransformer, options); this.options = options; LogExtractorInfo(Extraction.Extractor.Version); SetReferencePaths(); + + Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), Array.Empty()); } #nullable disable warnings diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs index 27eeb58e536..c6c8cb0f7aa 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs @@ -9,11 +9,8 @@ using Semmle.Util.Logging; namespace Semmle.Extraction.CSharp { - public class TracingAnalyser : Analyser, IDisposable + public class TracingAnalyser : Analyser { - private Entities.Compilation? compilationEntity; - private IDisposable? compilationTrapFile; - private bool init; public TracingAnalyser(IProgressMonitor pm, ILogger logger, bool addAssemblyTrapPrefix, PathTransformer pathTransformer) @@ -55,20 +52,6 @@ namespace Semmle.Extraction.CSharp CompilationErrors += FilteredDiagnostics.Count(); } - public override void Dispose() - { - compilationTrapFile?.Dispose(); - base.Dispose(); - } - - /// - /// Extracts compilation-wide entities, such as compilations and compiler diagnostics. - /// - public void AnalyseCompilation() - { - extractionTasks.Add(() => DoAnalyseCompilation()); - } - /// /// Logs information about the extractor, as well as the arguments to Roslyn. /// @@ -193,25 +176,6 @@ namespace Semmle.Extraction.CSharp } } - private void DoAnalyseCompilation() - { - try - { - var assemblyPath = ((TracingExtractor?)extractor).OutputPath; - var transformedAssemblyPath = PathTransformer.Transform(assemblyPath); - var assembly = compilation.Assembly; - var trapWriter = transformedAssemblyPath.CreateTrapWriter(Logger, options.TrapCompression, discardDuplicates: false); - compilationTrapFile = trapWriter; // Dispose later - var cx = new Context(extractor, compilation.Clone(), trapWriter, new AssemblyScope(assembly, assemblyPath), addAssemblyTrapPrefix); - - compilationEntity = Entities.Compilation.Create(cx); - } - catch (Exception ex) // lgtm[cs/catch-of-all-exceptions] - { - Logger.Log(Severity.Error, " Unhandled exception analyzing {0}: {1}", "compilation", ex); - } - } - public void LogPerformance(Entities.PerformanceMetrics p) => compilationEntity.PopulatePerformance(p); #nullable restore warnings diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Populators/TypeContainerVisitor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Populators/TypeContainerVisitor.cs index 8ffd5df256c..2bd5a9f4e03 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Populators/TypeContainerVisitor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Populators/TypeContainerVisitor.cs @@ -82,9 +82,6 @@ namespace Semmle.Extraction.CSharp.Populators public override void VisitAttributeList(AttributeListSyntax node) { - if (Cx.Extractor.Mode.HasFlag(ExtractorMode.Standalone)) - return; - var outputAssembly = Assembly.CreateOutputAssembly(Cx); var kind = node.Target?.Identifier.Kind() switch { diff --git a/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs b/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs index f7ede993808..491be3ef137 100644 --- a/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs +++ b/csharp/extractor/Semmle.Extraction.Tests/DotNet.cs @@ -99,7 +99,7 @@ namespace Semmle.Extraction.Tests var dotnet = MakeDotnet(dotnetCliInvoker); // Execute - dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages"); + dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); @@ -114,7 +114,7 @@ namespace Semmle.Extraction.Tests var dotnet = MakeDotnet(dotnetCliInvoker); // Execute - dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", "myconfig.config"); + dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false, "myconfig.config"); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); @@ -129,7 +129,7 @@ namespace Semmle.Extraction.Tests var dotnet = MakeDotnet(dotnetCliInvoker); // Execute - dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", out var projects); + dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); @@ -148,7 +148,7 @@ namespace Semmle.Extraction.Tests dotnetCliInvoker.Success = false; // Execute - dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", out var projects); + dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects); // Verify var lastArgs = dotnetCliInvoker.GetLastArgs(); diff --git a/csharp/extractor/Semmle.Extraction.Tests/FileContent.cs b/csharp/extractor/Semmle.Extraction.Tests/FileContent.cs index 4c50cfaa8d1..561af4bb967 100644 --- a/csharp/extractor/Semmle.Extraction.Tests/FileContent.cs +++ b/csharp/extractor/Semmle.Extraction.Tests/FileContent.cs @@ -1,4 +1,5 @@ using Xunit; +using System; using System.Collections.Generic; using Semmle.Extraction.CSharp.DependencyFetching; @@ -6,9 +7,9 @@ namespace Semmle.Extraction.Tests { internal class UnsafeFileReaderStub : IUnsafeFileReader { - private readonly List lines; + private readonly IEnumerable lines; - public UnsafeFileReaderStub(List lines) + public UnsafeFileReaderStub(IEnumerable lines) { this.lines = lines; } @@ -24,7 +25,7 @@ namespace Semmle.Extraction.Tests internal class TestFileContent : FileContent { - public TestFileContent(List lines) : base(new ProgressMonitor(new LoggerStub()), + public TestFileContent(IEnumerable lines) : base(new ProgressMonitor(new LoggerStub()), new List() { "test1.cs" }, new UnsafeFileReaderStub(lines)) { } @@ -48,7 +49,7 @@ namespace Semmle.Extraction.Tests // Execute var allPackages = fileContent.AllPackages; - var useAspNetDlls = fileContent.UseAspNetDlls; + var useAspNetDlls = fileContent.UseAspNetCoreDlls; // Verify Assert.False(useAspNetDlls); @@ -72,7 +73,7 @@ namespace Semmle.Extraction.Tests var fileContent = new TestFileContent(lines); // Execute - var useAspNetDlls = fileContent.UseAspNetDlls; + var useAspNetDlls = fileContent.UseAspNetCoreDlls; var allPackages = fileContent.AllPackages; // Verify @@ -136,5 +137,53 @@ namespace Semmle.Extraction.Tests Assert.Contains("Ns0.Ns1", customImplicitUsings); Assert.Contains("Ns2", customImplicitUsings); } + + [Fact] + public void TestFileContent_LegacyProjectStructure() + { + // Setup + var input = + """ + + + + + """; + var lines = input.Split(Environment.NewLine); + var fileContent = new TestFileContent(lines); + + // Execute + var isLegacy = fileContent.IsLegacyProjectStructureUsed; + var isNew = fileContent.IsNewProjectStructureUsed; + + // Verify + Assert.True(isLegacy); + Assert.False(isNew); + } + + [Fact] + public void TestFileContent_NewProjectStructure() + { + // Setup + var input = + """ + + + net461;net70 + + + """; + var lines = input.Split(Environment.NewLine); + + var fileContent = new TestFileContent(lines); + + // Execute + var isLegacy = fileContent.IsLegacyProjectStructureUsed; + var isNew = fileContent.IsNewProjectStructureUsed; + + // Verify + Assert.True(isNew); + Assert.False(isLegacy); + } } } diff --git a/csharp/extractor/Semmle.Extraction.Tests/Runtime.cs b/csharp/extractor/Semmle.Extraction.Tests/Runtime.cs index 2afd467f8d4..bb6d5ed4307 100644 --- a/csharp/extractor/Semmle.Extraction.Tests/Runtime.cs +++ b/csharp/extractor/Semmle.Extraction.Tests/Runtime.cs @@ -19,9 +19,9 @@ namespace Semmle.Extraction.Tests public bool New(string folder) => true; - public bool RestoreProjectToDirectory(string project, string directory, string? pathToNugetConfig = null) => true; + public bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) => true; - public bool RestoreSolutionToDirectory(string solution, string directory, out IEnumerable projects) + public bool RestoreSolutionToDirectory(string solution, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable projects) { projects = Array.Empty(); return true; diff --git a/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs index b16022181df..e4284f97cfd 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs @@ -9,14 +9,16 @@ namespace Semmle.Extraction public abstract class Extractor { public abstract ExtractorMode Mode { get; } + public string OutputPath { get; } /// /// Creates a new extractor instance for one compilation unit. /// /// The object used for logging. /// The object used for path transformations. - protected Extractor(ILogger logger, PathTransformer pathTransformer) + protected Extractor(string outputPath, ILogger logger, PathTransformer pathTransformer) { + OutputPath = outputPath; Logger = logger; PathTransformer = pathTransformer; } diff --git a/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs index 4244e34795a..d9f8725a1e2 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs @@ -11,7 +11,7 @@ namespace Semmle.Extraction /// /// The object used for logging. /// The object used for path transformations. - public StandaloneExtractor(ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(logger, pathTransformer) + public StandaloneExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, logger, pathTransformer) { Mode = ExtractorMode.Standalone; if (options.QlTest) diff --git a/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs index d43dd891bbe..dadda4c8488 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs @@ -5,7 +5,6 @@ namespace Semmle.Extraction public class TracingExtractor : Extractor { public override ExtractorMode Mode { get; } - public string OutputPath { get; } /// /// Creates a new extractor instance for one compilation unit. @@ -13,9 +12,8 @@ namespace Semmle.Extraction /// The name of the output DLL/EXE, or null if not specified (standalone extraction). /// The object used for logging. /// The object used for path transformations. - public TracingExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(logger, pathTransformer) + public TracingExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, logger, pathTransformer) { - OutputPath = outputPath; Mode = ExtractorMode.None; if (options.QlTest) { diff --git a/csharp/extractor/Semmle.Util/FileUtils.cs b/csharp/extractor/Semmle.Util/FileUtils.cs index ad8cb6cbec3..4d21bf3fde8 100644 --- a/csharp/extractor/Semmle.Util/FileUtils.cs +++ b/csharp/extractor/Semmle.Util/FileUtils.cs @@ -143,5 +143,37 @@ namespace Semmle.Util } return nested; } + + public static string GetTemporaryWorkingDirectory(out bool shouldCleanUp) + { + shouldCleanUp = false; + var tempFolder = EnvironmentVariables.GetScratchDirectory(); + + if (string.IsNullOrEmpty(tempFolder)) + { + var tempPath = Path.GetTempPath(); + var name = Guid.NewGuid().ToString("N").ToUpper(); + tempFolder = Path.Combine(tempPath, "GitHub", name); + shouldCleanUp = true; + } + + return tempFolder; + } + + public static FileInfo CreateTemporaryFile(string extension, out bool shouldCleanUpContainingFolder) + { + var tempFolder = GetTemporaryWorkingDirectory(out shouldCleanUpContainingFolder); + Directory.CreateDirectory(tempFolder); + string outputPath; + do + { + outputPath = Path.Combine(tempFolder, Path.GetRandomFileName() + extension); + } + while (File.Exists(outputPath)); + + File.Create(outputPath); + + return new FileInfo(outputPath); + } } } diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 887b20471da..6d013d8ce69 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 1.7.1 + +No user-facing changes. + +## 1.7.0 + +No user-facing changes. + +## 1.6.5 + +No user-facing changes. + +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md new file mode 100644 index 00000000000..44f1ca6de3e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.5.md @@ -0,0 +1,3 @@ +## 1.6.5 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md new file mode 100644 index 00000000000..07492eebff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md new file mode 100644 index 00000000000..5c9570fd0c3 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md @@ -0,0 +1,3 @@ +## 1.7.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 00b51441d88..7bdec0d85c7 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.7.1 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 5719e05afcf..ab51dd17629 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,9 +1,9 @@ name: codeql/csharp-solorigate-all -version: 1.6.4-dev +version: 1.7.2-dev groups: - - csharp - - solorigate + - csharp + - solorigate library: true dependencies: - codeql/csharp-all: ${workspace} + codeql/csharp-all: ${workspace} warnOnImplicitThis: true diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 887b20471da..6d013d8ce69 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,19 @@ +## 1.7.1 + +No user-facing changes. + +## 1.7.0 + +No user-facing changes. + +## 1.6.5 + +No user-facing changes. + +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md new file mode 100644 index 00000000000..44f1ca6de3e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.5.md @@ -0,0 +1,3 @@ +## 1.6.5 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md new file mode 100644 index 00000000000..07492eebff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md new file mode 100644 index 00000000000..5c9570fd0c3 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md @@ -0,0 +1,3 @@ +## 1.7.1 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 00b51441d88..7bdec0d85c7 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.7.1 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 2a3524ece6d..a7e94bb3774 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,10 +1,10 @@ name: codeql/csharp-solorigate-queries -version: 1.6.4-dev +version: 1.7.2-dev groups: - - csharp - - solorigate + - csharp + - solorigate defaultSuiteFile: codeql-suites/solorigate.qls dependencies: - codeql/csharp-all: ${workspace} - codeql/csharp-solorigate-all: ${workspace} + codeql/csharp-all: ${workspace} + codeql/csharp-solorigate-all: ${workspace} warnOnImplicitThis: true diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/Files.expected b/csharp/ql/integration-tests/all-platforms/autobuild/Files.expected new file mode 100644 index 00000000000..f13c50c1680 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/Files.expected @@ -0,0 +1,3 @@ +| Program.cs:0:0:0:0 | Program.cs | +| obj/Debug/net5.0/.NETCoreApp,Version=v5.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net5.0/.NETCoreApp,Version=v5.0.AssemblyAttributes.cs | +| obj/Debug/net5.0/autobuild.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net5.0/autobuild.AssemblyInfo.cs | diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/Files.ql b/csharp/ql/integration-tests/all-platforms/autobuild/Files.ql new file mode 100644 index 00000000000..bea5557a25f --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/Files.ql @@ -0,0 +1,5 @@ +import csharp + +from File f +where f.fromSource() +select f diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/Program.cs b/csharp/ql/integration-tests/all-platforms/autobuild/Program.cs new file mode 100644 index 00000000000..47eee48cc79 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/Program.cs @@ -0,0 +1 @@ +var dummy = "dummy"; \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/autobuild.csproj b/csharp/ql/integration-tests/all-platforms/autobuild/autobuild.csproj new file mode 100644 index 00000000000..c3285bc0ac2 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/autobuild.csproj @@ -0,0 +1,14 @@ + + + + Exe + net5.0 + enable + enable + + + + + + + diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/global.json b/csharp/ql/integration-tests/all-platforms/autobuild/global.json new file mode 100644 index 00000000000..bb4954bd9ed --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "5.0.408" + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/autobuild/test.py b/csharp/ql/integration-tests/all-platforms/autobuild/test.py new file mode 100644 index 00000000000..6a1f8864145 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/autobuild/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=cil=false"]) diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.expected b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.expected new file mode 100644 index 00000000000..fe35f504546 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.expected @@ -0,0 +1,235 @@ +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Accessibility.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/CustomMarshalers.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/Microsoft.Win32.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.AppContext.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.Concurrent.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.NonGeneric.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.Specialized.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.Annotations.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.EventBasedAsync.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.TypeConverter.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Console.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Data.Common.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Contracts.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Debug.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.FileVersionInfo.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Process.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.StackTrace.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.TextWriterTraceListener.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Tools.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.TraceSource.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Drawing.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Dynamic.Runtime.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.Calendars.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.Extensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.Compression.ZipFile.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.DriveInfo.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.Watcher.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.IsolatedStorage.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.MemoryMappedFiles.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.Pipes.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.UnmanagedMemoryStream.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Expressions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Parallel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Queryable.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Http.Rtc.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.NameResolution.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.NetworkInformation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Ping.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Requests.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Security.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Sockets.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebHeaderCollection.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebSockets.Client.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebSockets.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ObjectModel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.ILGeneration.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.Lightweight.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Extensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.Reader.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.ResourceManager.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.Writer.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.CompilerServices.VisualC.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Extensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Handles.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.RuntimeInformation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.WindowsRuntime.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Numerics.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Formatters.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Json.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Xml.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Claims.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Algorithms.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Csp.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Encoding.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.X509Certificates.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Principal.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.SecureString.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Duplex.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Http.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.NetTcp.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Primitives.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Security.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.Encoding.Extensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.Encoding.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.RegularExpressions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Overlapped.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Tasks.Parallel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Tasks.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Thread.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.ThreadPool.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Timer.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ValueTuple.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.ReaderWriter.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XDocument.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XPath.XDocument.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XPath.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XmlDocument.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XmlSerializer.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/netstandard.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/ISymWrapper.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Activities.Build.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Conversion.v4.0.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Engine.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Framework.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Tasks.v4.0.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Utilities.v4.0.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.CSharp.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.JScript.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.Compatibility.Data.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.Compatibility.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualC.STLCLR.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualC.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationBuildTasks.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationCore.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Aero2.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Aero.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.AeroLite.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Classic.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Luna.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Royale.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/ReachFramework.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.Core.Presentation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.DurableInstancing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.Presentation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.AddIn.Contract.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.AddIn.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.Composition.Registration.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.Composition.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.DataAnnotations.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Configuration.Install.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Configuration.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Core.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.DataSetExtensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Entity.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Entity.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Linq.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.OracleClient.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.Client.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.SqlXml.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Deployment.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Device.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Diagnostics.Tracing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.AccountManagement.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.Protocols.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Drawing.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Drawing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Dynamic.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.EnterpriseServices.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Compression.FileSystem.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Compression.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Log.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.Selectors.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.Services.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Management.Instrumentation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Management.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Messaging.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.Http.WebRequest.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.Http.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Numerics.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Printing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Reflection.Context.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Caching.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.DurableInstancing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Remoting.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Serialization.Formatters.Soap.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Serialization.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Security.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Activation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Activities.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Channels.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Discovery.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Routing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Web.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceProcess.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Speech.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Transactions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Abstractions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.ApplicationServices.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DataVisualization.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DataVisualization.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DynamicData.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DynamicData.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Entity.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Entity.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Extensions.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Extensions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Mobile.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.RegularExpressions.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Routing.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Services.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Controls.Ribbon.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.DataVisualization.Design.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.DataVisualization.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Input.Manipulations.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Presentation.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.Activities.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.ComponentModel.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.Runtime.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.WorkflowServices.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xaml.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.Linq.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.Serialization.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationClient.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationClientsideProviders.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationProvider.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationTypes.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/WindowsBase.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/WindowsFormsIntegration.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/XamlBuildTask.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/mscorlib.dll | +| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/sysglobl.dll | diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.ql b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.ql new file mode 100644 index 00000000000..91ee82c1c7a --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Assemblies.ql @@ -0,0 +1,15 @@ +import csharp + +private string getPath(Assembly a) { + not a.getCompilation().getOutputAssembly() = a and + exists(string s | s = a.getFile().getAbsolutePath() | + result = + s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length()) + or + result = s and + not exists(s.indexOf("GitHub/packages/")) + ) +} + +from Assembly a +select getPath(a) diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Program.cs b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Program.cs new file mode 100644 index 00000000000..39a9e95bb6e --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/Program.cs @@ -0,0 +1,6 @@ +class Program +{ + static void Main(string[] args) + { + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/global.json b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/global.json new file mode 100644 index 00000000000..24caabe88a1 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "7.0.401" + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/standalone.csproj b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/standalone.csproj new file mode 100644 index 00000000000..208dbbe7093 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/standalone.csproj @@ -0,0 +1,12 @@ + + + + Exe + net48 + + + + + + + diff --git a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/test.py b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/test.py new file mode 100644 index 00000000000..58074b430b2 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"]) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected new file mode 100644 index 00000000000..eebdb8558eb --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected @@ -0,0 +1,173 @@ +| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll | +| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll | +| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll | +| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll | +| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll | +| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll | +| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.CSharp.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Core.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.AppContext.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Buffers.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Concurrent.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Immutable.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.NonGeneric.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Specialized.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Annotations.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.DataAnnotations.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.EventBasedAsync.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.TypeConverter.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Configuration.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.FileVersionInfo.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Process.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.StackTrace.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TextWriterTraceListener.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tools.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TraceSource.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tracing.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Dynamic.Runtime.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Asn1.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Tar.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Calendars.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.Brotli.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.FileSystem.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.ZipFile.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.DriveInfo.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Watcher.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.IsolatedStorage.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.MemoryMappedFiles.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.UnmanagedMemoryStream.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Expressions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Parallel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Queryable.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Memory.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.HttpListener.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Mail.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NameResolution.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NetworkInformation.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Ping.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Quic.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Requests.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Security.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.ServicePoint.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Sockets.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebClient.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebHeaderCollection.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebProxy.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.Client.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.Vectors.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ObjectModel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.DispatchProxy.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.ILGeneration.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.Lightweight.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Metadata.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.TypeExtensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Reader.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.ResourceManager.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Writer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.Unsafe.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.VisualC.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Handles.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.JavaScript.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.RuntimeInformation.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Intrinsics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Loader.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Numerics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Formatters.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Xml.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Claims.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Algorithms.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Cng.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Csp.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Encoding.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.OpenSsl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.X509Certificates.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.Windows.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.SecureString.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceModel.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceProcess.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.CodePages.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encodings.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.RegularExpressions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Channels.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Overlapped.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Dataflow.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Parallel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Thread.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.ThreadPool.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Timer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.Local.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ValueTuple.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.HttpUtility.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Windows.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Linq.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.ReaderWriter.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Serialization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.XDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlSerializer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/WindowsBase.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll | +| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll | +| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll | +| /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.ql b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.ql new file mode 100644 index 00000000000..91ee82c1c7a --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.ql @@ -0,0 +1,15 @@ +import csharp + +private string getPath(Assembly a) { + not a.getCompilation().getOutputAssembly() = a and + exists(string s | s = a.getFile().getAbsolutePath() | + result = + s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length()) + or + result = s and + not exists(s.indexOf("GitHub/packages/")) + ) +} + +from Assembly a +select getPath(a) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/Program.cs b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Program.cs new file mode 100644 index 00000000000..39a9e95bb6e --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Program.cs @@ -0,0 +1,6 @@ +class Program +{ + static void Main(string[] args) + { + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/global.json b/csharp/ql/integration-tests/posix-only/standalone_dependencies/global.json new file mode 100644 index 00000000000..1a974fd253e --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "7.0.102" + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/standalone.csproj b/csharp/ql/integration-tests/posix-only/standalone_dependencies/standalone.csproj new file mode 100644 index 00000000000..628d0390403 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/standalone.csproj @@ -0,0 +1,19 @@ + + + + Exe + net7.0;net6.0;netcoreapp3.1;netstandard2.0;net48 + + + + + + + + + + + + + + diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/test.py b/csharp/ql/integration-tests/posix-only/standalone_dependencies/test.py new file mode 100644 index 00000000000..58074b430b2 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"]) diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected new file mode 100644 index 00000000000..1eae4e66233 --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected @@ -0,0 +1,217 @@ +| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll | +| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll | +| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll | +| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll | +| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll | +| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll | +| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll | +| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.CSharp.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Core.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.AppContext.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Buffers.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Concurrent.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Immutable.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.NonGeneric.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Specialized.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Annotations.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.DataAnnotations.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.EventBasedAsync.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.TypeConverter.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Configuration.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.FileVersionInfo.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Process.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.StackTrace.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TextWriterTraceListener.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tools.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TraceSource.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tracing.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Dynamic.Runtime.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Asn1.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Tar.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Calendars.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.Brotli.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.FileSystem.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.ZipFile.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.DriveInfo.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Watcher.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.IsolatedStorage.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.MemoryMappedFiles.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.UnmanagedMemoryStream.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Expressions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Parallel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Queryable.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Memory.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.HttpListener.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Mail.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NameResolution.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NetworkInformation.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Ping.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Quic.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Requests.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Security.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.ServicePoint.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Sockets.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebClient.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebHeaderCollection.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebProxy.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.Client.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.Vectors.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ObjectModel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.DispatchProxy.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.ILGeneration.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.Lightweight.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Metadata.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.TypeExtensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Reader.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.ResourceManager.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Writer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.Unsafe.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.VisualC.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Handles.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.JavaScript.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.RuntimeInformation.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Intrinsics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Loader.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Numerics.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Formatters.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Xml.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.AccessControl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Claims.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Algorithms.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Cng.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Csp.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Encoding.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.OpenSsl.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Primitives.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.X509Certificates.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.Windows.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.SecureString.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceModel.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceProcess.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.CodePages.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encodings.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Json.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.RegularExpressions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Channels.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Overlapped.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Dataflow.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Extensions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Parallel.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Thread.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.ThreadPool.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Timer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.Local.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ValueTuple.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.HttpUtility.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Windows.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Linq.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.ReaderWriter.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Serialization.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.XDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlDocument.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlSerializer.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll | +| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Accessibility.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Forms.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.AccessControl.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.SystemEvents.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationCore.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Aero2.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Aero.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.AeroLite.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Classic.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Luna.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Royale.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationUI.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/ReachFramework.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.CodeDom.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Configuration.ConfigurationManager.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Design.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Diagnostics.EventLog.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Diagnostics.PerformanceCounter.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.DirectoryServices.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.Common.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.Design.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.IO.Packaging.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Printing.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Resources.Extensions.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Pkcs.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.ProtectedData.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Xml.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Permissions.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Threading.AccessControl.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Controls.Ribbon.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Extensions.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Design.Editors.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Design.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Primitives.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Input.Manipulations.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Presentation.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Xaml.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationClient.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationClientSideProviders.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationProvider.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationTypes.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsBase.dll | +| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsFormsIntegration.dll | +| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll | +| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll | +| /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll | diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.ql b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.ql new file mode 100644 index 00000000000..91ee82c1c7a --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.ql @@ -0,0 +1,15 @@ +import csharp + +private string getPath(Assembly a) { + not a.getCompilation().getOutputAssembly() = a and + exists(string s | s = a.getFile().getAbsolutePath() | + result = + s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length()) + or + result = s and + not exists(s.indexOf("GitHub/packages/")) + ) +} + +from Assembly a +select getPath(a) diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/Program.cs b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Program.cs new file mode 100644 index 00000000000..39a9e95bb6e --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Program.cs @@ -0,0 +1,6 @@ +class Program +{ + static void Main(string[] args) + { + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/global.json b/csharp/ql/integration-tests/windows-only/standalone_dependencies/global.json new file mode 100644 index 00000000000..1a974fd253e --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/global.json @@ -0,0 +1,5 @@ +{ + "sdk": { + "version": "7.0.102" + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/standalone.csproj b/csharp/ql/integration-tests/windows-only/standalone_dependencies/standalone.csproj new file mode 100644 index 00000000000..628d0390403 --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/standalone.csproj @@ -0,0 +1,19 @@ + + + + Exe + net7.0;net6.0;netcoreapp3.1;netstandard2.0;net48 + + + + + + + + + + + + + + diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/test.py b/csharp/ql/integration-tests/windows-only/standalone_dependencies/test.py new file mode 100644 index 00000000000..58074b430b2 --- /dev/null +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"]) diff --git a/csharp/ql/lib/BUILD.bazel b/csharp/ql/lib/BUILD.bazel new file mode 100644 index 00000000000..f5fac296439 --- /dev/null +++ b/csharp/ql/lib/BUILD.bazel @@ -0,0 +1,15 @@ +load("@rules_pkg//:mappings.bzl", "pkg_files") + +package(default_visibility = ["//csharp:__pkg__"]) + +pkg_files( + name = "dbscheme", + srcs = ["semmlecode.csharp.dbscheme"], + prefix = "csharp", +) + +pkg_files( + name = "dbscheme-stats", + srcs = ["semmlecode.csharp.dbscheme.stats"], + prefix = "csharp", +) diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index c96f22b5aa8..8c7b2cd062c 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,23 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. + +## 0.8.0 + +No user-facing changes. + +## 0.7.5 + +No user-facing changes. + +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. + ## 0.7.3 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md b/csharp/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md rename to csharp/ql/lib/change-notes/released/0.7.4.md index 47da98538af..9665706305a 100644 --- a/csharp/ql/lib/change-notes/2023-08-20-standaloneextraction-mscorlib.md +++ b/csharp/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `--nostdlib` extractor option for the standalone extractor has been removed. \ No newline at end of file +## 0.7.4 + +### Minor Analysis Improvements + +* The `--nostdlib` extractor option for the standalone extractor has been removed. diff --git a/csharp/ql/lib/change-notes/released/0.7.5.md b/csharp/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 00000000000..b2759d5bd80 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/0.8.0.md b/csharp/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/0.8.1.md b/csharp/ql/lib/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..272351f6e76 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.1.md @@ -0,0 +1,5 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index a4ea9c8de17..2f693f95ba6 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.8.1 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index ba47a23065f..2ac975f1003 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.4-dev +version: 0.8.2-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index 0b1e90fa7d6..797196d2cc4 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -397,7 +397,7 @@ class NonNestedType extends ValueOrRefType { /** * The `void` type. */ -class VoidType extends DotNet::ValueOrRefType, Type, @void_type { +class VoidType extends ValueOrRefType, @void_type { override predicate hasQualifiedName(string qualifier, string name) { qualifier = "System" and name = "Void" diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index 77bc8693684..0434cc0b7e2 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index b297ec6b423..c686f226452 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -187,30 +187,6 @@ module BarrierGuard { } } -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends Guard { - /** Holds if this guard validates `e` upon evaluating to `v`. */ - abstract predicate checks(Expr e, AbstractValue v); - - /** Gets a node guarded by this guard. */ - final ExprNode getAGuardedNode() { - exists(Expr e, AbstractValue v | - this.checks(e, v) and - this.controlsNode(result.getControlFlowNode(), e, v) - ) - } -} - /** * A reference contained in an object. This is either a field, a property, * or an element in a collection. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll index 3e3c8ca79e8..5d276e5bdc5 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Access.qll @@ -398,7 +398,7 @@ class MemberConstantAccess extends FieldAccess { * An internal helper class to share logic between `PropertyAccess` and * `PropertyCall`. */ -library class PropertyAccessExpr extends Expr, @property_access_expr { +class PropertyAccessExpr extends Expr, @property_access_expr { /** Gets the target of this property access. */ Property getProperty() { expr_access(this, result) } @@ -540,7 +540,7 @@ class ElementWrite extends ElementAccess, AssignableWrite { } * An internal helper class to share logic between `IndexerAccess` and * `IndexerCall`. */ -library class IndexerAccessExpr extends Expr, @indexer_access_expr { +class IndexerAccessExpr extends Expr, @indexer_access_expr { /** Gets the target of this indexer access. */ Indexer getIndexer() { expr_access(this, result) } @@ -628,7 +628,7 @@ class VirtualIndexerAccess extends IndexerAccess { * An internal helper class to share logic between `EventAccess` and * `EventCall`. */ -library class EventAccessExpr extends Expr, @event_access_expr { +class EventAccessExpr extends Expr, @event_access_expr { /** Gets the target of this event access. */ Event getEvent() { expr_access(this, result) } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index c3e7d51f0ae..9ad08cf73d9 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -654,7 +654,7 @@ class DisposeMethod extends Method { } /** A method with the signature `void Dispose(bool)`. */ -library class DisposeBoolMethod extends Method { +class DisposeBoolMethod extends Method { DisposeBoolMethod() { this.hasName("Dispose") and this.getReturnType() instanceof VoidType and diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll index 6325c4ff3b3..37a678a954e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll @@ -51,31 +51,33 @@ private predicate callsPlus(Callable c1, Callable c2) = fastTC(calls/2)(c1, c2) /** Holds if `m`, its containing class, or a parent class has an attribute that extends `AuthorizeAttribute` */ private predicate hasAuthorizeAttribute(ActionMethod m) { exists(Attribute attr | - attr.getType() - .getABaseType*() + getAnUnboundBaseType*(attr.getType()) .hasQualifiedName([ "Microsoft.AspNetCore.Authorization", "System.Web.Mvc", "System.Web.Http" ], "AuthorizeAttribute") | attr = m.getOverridee*().getAnAttribute() or - attr = m.getDeclaringType().getABaseType*().getAnAttribute() + attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute() ) } /** Holds if `m`, its containing class, or a parent class has an attribute that extends `AllowAnonymousAttribute` */ private predicate hasAllowAnonymousAttribute(ActionMethod m) { exists(Attribute attr | - attr.getType() - .getABaseType*() + getAnUnboundBaseType*(attr.getType()) .hasQualifiedName([ "Microsoft.AspNetCore.Authorization", "System.Web.Mvc", "System.Web.Http" ], "AllowAnonymousAttribute") | attr = m.getOverridee*().getAnAttribute() or - attr = m.getDeclaringType().getABaseType*().getAnAttribute() + attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute() ) } +private ValueOrRefType getAnUnboundBaseType(ValueOrRefType t) { + result = t.getABaseType().getUnboundDeclaration() +} + /** Holds if `m` is authorized via an `Authorize` attribute */ private predicate isAuthorizedViaAttribute(ActionMethod m) { hasAuthorizeAttribute(m) and diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/MissingFunctionLevelAccessControlQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/MissingFunctionLevelAccessControlQuery.qll index 79a39f093ee..22eddb86e23 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/auth/MissingFunctionLevelAccessControlQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/auth/MissingFunctionLevelAccessControlQuery.qll @@ -82,11 +82,15 @@ predicate hasAuthViaXml(ActionMethod m) { /** Holds if the given action has an attribute that indications authorization. */ predicate hasAuthViaAttribute(ActionMethod m) { exists(Attribute attr | attr.getType().getName().toLowerCase().matches("%auth%") | - attr = m.getAnAttribute() or - attr = m.getDeclaringType().getABaseType*().getAnAttribute() + attr = m.getOverridee*().getAnAttribute() or + attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute() ) } +private ValueOrRefType getAnUnboundBaseType(ValueOrRefType t) { + result = t.getABaseType().getUnboundDeclaration() +} + /** Holds if `m` is a method that should have an auth check, but is missing it. */ predicate missingAuth(ActionMethod m) { needsAuth(m) and diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index 56c409b38b5..2def16decd9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -26,13 +26,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard for unvalidated URL redirect vulnerabilities. - */ -abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * DEPRECATED: Use `UrlRedirect` instead. * @@ -46,10 +39,6 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll index b34fdd3d5f9..4b1069eff0e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll @@ -20,13 +20,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard for unsafe zip extraction. - */ -abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * DEPRECATED: Use `ZipSlip` instead. * @@ -40,10 +33,6 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme b/csharp/ql/lib/semmlecode.csharp.dbscheme index 585d6402ff8..1f291d4f424 100644 --- a/csharp/ql/lib/semmlecode.csharp.dbscheme +++ b/csharp/ql/lib/semmlecode.csharp.dbscheme @@ -456,7 +456,7 @@ case @type.kind of @unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; @floating_point_type = @float_type | @double_type; @value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type - | @uint_ptr_type | @tuple_type; + | @uint_ptr_type | @tuple_type | @void_type; @ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type | @dynamic_type; @value_or_ref_type = @value_type | @ref_type; @@ -1292,7 +1292,7 @@ expr_argument_name( lambda_expr_return_type( unique int id: @lambda_expr ref, int type_id: @type_or_ref ref); - + /** CONTROL/DATA FLOW **/ @control_flow_element = @stmt | @expr; @@ -2074,5 +2074,4 @@ cil_attribute_positional_argument( @metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | @callable | @value_or_ref_type | @void_type; -#keyset[entity, location] metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/old.dbscheme b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/old.dbscheme new file mode 100644 index 00000000000..585d6402ff8 --- /dev/null +++ b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/old.dbscheme @@ -0,0 +1,2078 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +#keyset[entity, location] +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/semmlecode.csharp.dbscheme b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..cc2eccd6026 --- /dev/null +++ b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/semmlecode.csharp.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/upgrade.properties b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/upgrade.properties new file mode 100644 index 00000000000..05474ea47e0 --- /dev/null +++ b/csharp/ql/lib/upgrades/585d6402ff8ba3d15114a869d205bdf6d4e0aa3f/upgrade.properties @@ -0,0 +1,2 @@ +description: Remove keyset from metadata_handle +compatibility: full diff --git a/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme new file mode 100644 index 00000000000..cc2eccd6026 --- /dev/null +++ b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/old.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..1f291d4f424 --- /dev/null +++ b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/semmlecode.csharp.dbscheme @@ -0,0 +1,2077 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + unique int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +compiler_generated(unique int id: @modifiable ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, array = 3, this = 4 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_compiler_generated( + unique int id: @expr ref); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); + +/* Common Intermediate Language - CIL */ + +case @cil_instruction.opcode of + 0 = @cil_nop +| 1 = @cil_break +| 2 = @cil_ldarg_0 +| 3 = @cil_ldarg_1 +| 4 = @cil_ldarg_2 +| 5 = @cil_ldarg_3 +| 6 = @cil_ldloc_0 +| 7 = @cil_ldloc_1 +| 8 = @cil_ldloc_2 +| 9 = @cil_ldloc_3 +| 10 = @cil_stloc_0 +| 11 = @cil_stloc_1 +| 12 = @cil_stloc_2 +| 13 = @cil_stloc_3 +| 14 = @cil_ldarg_s +| 15 = @cil_ldarga_s +| 16 = @cil_starg_s +| 17 = @cil_ldloc_s +| 18 = @cil_ldloca_s +| 19 = @cil_stloc_s +| 20 = @cil_ldnull +| 21 = @cil_ldc_i4_m1 +| 22 = @cil_ldc_i4_0 +| 23 = @cil_ldc_i4_1 +| 24 = @cil_ldc_i4_2 +| 25 = @cil_ldc_i4_3 +| 26 = @cil_ldc_i4_4 +| 27 = @cil_ldc_i4_5 +| 28 = @cil_ldc_i4_6 +| 29 = @cil_ldc_i4_7 +| 30 = @cil_ldc_i4_8 +| 31 = @cil_ldc_i4_s +| 32 = @cil_ldc_i4 +| 33 = @cil_ldc_i8 +| 34 = @cil_ldc_r4 +| 35 = @cil_ldc_r8 +| 37 = @cil_dup +| 38 = @cil_pop +| 39 = @cil_jmp +| 40 = @cil_call +| 41 = @cil_calli +| 42 = @cil_ret +| 43 = @cil_br_s +| 44 = @cil_brfalse_s +| 45 = @cil_brtrue_s +| 46 = @cil_beq_s +| 47 = @cil_bge_s +| 48 = @cil_bgt_s +| 49 = @cil_ble_s +| 50 = @cil_blt_s +| 51 = @cil_bne_un_s +| 52 = @cil_bge_un_s +| 53 = @cil_bgt_un_s +| 54 = @cil_ble_un_s +| 55 = @cil_blt_un_s +| 56 = @cil_br +| 57 = @cil_brfalse +| 58 = @cil_brtrue +| 59 = @cil_beq +| 60 = @cil_bge +| 61 = @cil_bgt +| 62 = @cil_ble +| 63 = @cil_blt +| 64 = @cil_bne_un +| 65 = @cil_bge_un +| 66 = @cil_bgt_un +| 67 = @cil_ble_un +| 68 = @cil_blt_un +| 69 = @cil_switch +| 70 = @cil_ldind_i1 +| 71 = @cil_ldind_u1 +| 72 = @cil_ldind_i2 +| 73 = @cil_ldind_u2 +| 74 = @cil_ldind_i4 +| 75 = @cil_ldind_u4 +| 76 = @cil_ldind_i8 +| 77 = @cil_ldind_i +| 78 = @cil_ldind_r4 +| 79 = @cil_ldind_r8 +| 80 = @cil_ldind_ref +| 81 = @cil_stind_ref +| 82 = @cil_stind_i1 +| 83 = @cil_stind_i2 +| 84 = @cil_stind_i4 +| 85 = @cil_stind_i8 +| 86 = @cil_stind_r4 +| 87 = @cil_stind_r8 +| 88 = @cil_add +| 89 = @cil_sub +| 90 = @cil_mul +| 91 = @cil_div +| 92 = @cil_div_un +| 93 = @cil_rem +| 94 = @cil_rem_un +| 95 = @cil_and +| 96 = @cil_or +| 97 = @cil_xor +| 98 = @cil_shl +| 99 = @cil_shr +| 100 = @cil_shr_un +| 101 = @cil_neg +| 102 = @cil_not +| 103 = @cil_conv_i1 +| 104 = @cil_conv_i2 +| 105 = @cil_conv_i4 +| 106 = @cil_conv_i8 +| 107 = @cil_conv_r4 +| 108 = @cil_conv_r8 +| 109 = @cil_conv_u4 +| 110 = @cil_conv_u8 +| 111 = @cil_callvirt +| 112 = @cil_cpobj +| 113 = @cil_ldobj +| 114 = @cil_ldstr +| 115 = @cil_newobj +| 116 = @cil_castclass +| 117 = @cil_isinst +| 118 = @cil_conv_r_un +| 121 = @cil_unbox +| 122 = @cil_throw +| 123 = @cil_ldfld +| 124 = @cil_ldflda +| 125 = @cil_stfld +| 126 = @cil_ldsfld +| 127 = @cil_ldsflda +| 128 = @cil_stsfld +| 129 = @cil_stobj +| 130 = @cil_conv_ovf_i1_un +| 131 = @cil_conv_ovf_i2_un +| 132 = @cil_conv_ovf_i4_un +| 133 = @cil_conv_ovf_i8_un +| 134 = @cil_conv_ovf_u1_un +| 135 = @cil_conv_ovf_u2_un +| 136 = @cil_conv_ovf_u4_un +| 137 = @cil_conv_ovf_u8_un +| 138 = @cil_conv_ovf_i_un +| 139 = @cil_conv_ovf_u_un +| 140 = @cil_box +| 141 = @cil_newarr +| 142 = @cil_ldlen +| 143 = @cil_ldelema +| 144 = @cil_ldelem_i1 +| 145 = @cil_ldelem_u1 +| 146 = @cil_ldelem_i2 +| 147 = @cil_ldelem_u2 +| 148 = @cil_ldelem_i4 +| 149 = @cil_ldelem_u4 +| 150 = @cil_ldelem_i8 +| 151 = @cil_ldelem_i +| 152 = @cil_ldelem_r4 +| 153 = @cil_ldelem_r8 +| 154 = @cil_ldelem_ref +| 155 = @cil_stelem_i +| 156 = @cil_stelem_i1 +| 157 = @cil_stelem_i2 +| 158 = @cil_stelem_i4 +| 159 = @cil_stelem_i8 +| 160 = @cil_stelem_r4 +| 161 = @cil_stelem_r8 +| 162 = @cil_stelem_ref +| 163 = @cil_ldelem +| 164 = @cil_stelem +| 165 = @cil_unbox_any +| 179 = @cil_conv_ovf_i1 +| 180 = @cil_conv_ovf_u1 +| 181 = @cil_conv_ovf_i2 +| 182 = @cil_conv_ovf_u2 +| 183 = @cil_conv_ovf_i4 +| 184 = @cil_conv_ovf_u4 +| 185 = @cil_conv_ovf_i8 +| 186 = @cil_conv_ovf_u8 +| 194 = @cil_refanyval +| 195 = @cil_ckinfinite +| 198 = @cil_mkrefany +| 208 = @cil_ldtoken +| 209 = @cil_conv_u2 +| 210 = @cil_conv_u1 +| 211 = @cil_conv_i +| 212 = @cil_conv_ovf_i +| 213 = @cil_conv_ovf_u +| 214 = @cil_add_ovf +| 215 = @cil_add_ovf_un +| 216 = @cil_mul_ovf +| 217 = @cil_mul_ovf_un +| 218 = @cil_sub_ovf +| 219 = @cil_sub_ovf_un +| 220 = @cil_endfinally +| 221 = @cil_leave +| 222 = @cil_leave_s +| 223 = @cil_stind_i +| 224 = @cil_conv_u +| 65024 = @cil_arglist +| 65025 = @cil_ceq +| 65026 = @cil_cgt +| 65027 = @cil_cgt_un +| 65028 = @cil_clt +| 65029 = @cil_clt_un +| 65030 = @cil_ldftn +| 65031 = @cil_ldvirtftn +| 65033 = @cil_ldarg +| 65034 = @cil_ldarga +| 65035 = @cil_starg +| 65036 = @cil_ldloc +| 65037 = @cil_ldloca +| 65038 = @cil_stloc +| 65039 = @cil_localloc +| 65041 = @cil_endfilter +| 65042 = @cil_unaligned +| 65043 = @cil_volatile +| 65044 = @cil_tail +| 65045 = @cil_initobj +| 65046 = @cil_constrained +| 65047 = @cil_cpblk +| 65048 = @cil_initblk +| 65050 = @cil_rethrow +| 65052 = @cil_sizeof +| 65053 = @cil_refanytype +| 65054 = @cil_readonly +; + +// CIL ignored instructions + +@cil_ignore = @cil_nop | @cil_break | @cil_volatile | @cil_unaligned; + +// CIL local/parameter/field access + +@cil_ldarg_any = @cil_ldarg_0 | @cil_ldarg_1 | @cil_ldarg_2 | @cil_ldarg_3 | @cil_ldarg_s | @cil_ldarga_s | @cil_ldarg | @cil_ldarga; +@cil_starg_any = @cil_starg | @cil_starg_s; + +@cil_ldloc_any = @cil_ldloc_0 | @cil_ldloc_1 | @cil_ldloc_2 | @cil_ldloc_3 | @cil_ldloc_s | @cil_ldloca_s | @cil_ldloc | @cil_ldloca; +@cil_stloc_any = @cil_stloc_0 | @cil_stloc_1 | @cil_stloc_2 | @cil_stloc_3 | @cil_stloc_s | @cil_stloc; + +@cil_ldfld_any = @cil_ldfld | @cil_ldsfld | @cil_ldsflda | @cil_ldflda; +@cil_stfld_any = @cil_stfld | @cil_stsfld; + +@cil_local_access = @cil_stloc_any | @cil_ldloc_any; +@cil_arg_access = @cil_starg_any | @cil_ldarg_any; +@cil_read_access = @cil_ldloc_any | @cil_ldarg_any | @cil_ldfld_any; +@cil_write_access = @cil_stloc_any | @cil_starg_any | @cil_stfld_any; + +@cil_stack_access = @cil_local_access | @cil_arg_access; +@cil_field_access = @cil_ldfld_any | @cil_stfld_any; + +@cil_access = @cil_read_access | @cil_write_access; + +// CIL constant/literal instructions + +@cil_ldc_i = @cil_ldc_i4_any | @cil_ldc_i8; + +@cil_ldc_i4_any = @cil_ldc_i4_m1 | @cil_ldc_i4_0 | @cil_ldc_i4_1 | @cil_ldc_i4_2 | @cil_ldc_i4_3 | + @cil_ldc_i4_4 | @cil_ldc_i4_5 | @cil_ldc_i4_6 | @cil_ldc_i4_7 | @cil_ldc_i4_8 | @cil_ldc_i4_s | @cil_ldc_i4; + +@cil_ldc_r = @cil_ldc_r4 | @cil_ldc_r8; + +@cil_literal = @cil_ldnull | @cil_ldc_i | @cil_ldc_r | @cil_ldstr; + +// Control flow + +@cil_conditional_jump = @cil_binary_jump | @cil_unary_jump; +@cil_binary_jump = @cil_beq_s | @cil_bge_s | @cil_bgt_s | @cil_ble_s | @cil_blt_s | + @cil_bne_un_s | @cil_bge_un_s | @cil_bgt_un_s | @cil_ble_un_s | @cil_blt_un_s | + @cil_beq | @cil_bge | @cil_bgt | @cil_ble | @cil_blt | + @cil_bne_un | @cil_bge_un | @cil_bgt_un | @cil_ble_un | @cil_blt_un; +@cil_unary_jump = @cil_brfalse_s | @cil_brtrue_s | @cil_brfalse | @cil_brtrue | @cil_switch; +@cil_unconditional_jump = @cil_br | @cil_br_s | @cil_leave_any; +@cil_leave_any = @cil_leave | @cil_leave_s; +@cil_jump = @cil_unconditional_jump | @cil_conditional_jump; + +// CIL call instructions + +@cil_call_any = @cil_jmp | @cil_call | @cil_calli | @cil_tail | @cil_callvirt | @cil_newobj; + +// CIL expression instructions + +@cil_expr = @cil_literal | @cil_binary_expr | @cil_unary_expr | @cil_call_any | @cil_read_access | + @cil_newarr | @cil_ldtoken | @cil_sizeof | + @cil_ldftn | @cil_ldvirtftn | @cil_localloc | @cil_mkrefany | @cil_refanytype | @cil_arglist | @cil_dup; + +@cil_unary_expr = + @cil_conversion_operation | @cil_unary_arithmetic_operation | @cil_unary_bitwise_operation| + @cil_ldlen | @cil_isinst | @cil_box | @cil_ldobj | @cil_castclass | @cil_unbox_any | + @cil_ldind | @cil_unbox; + +@cil_conversion_operation = + @cil_conv_i1 | @cil_conv_i2 | @cil_conv_i4 | @cil_conv_i8 | + @cil_conv_u1 | @cil_conv_u2 | @cil_conv_u4 | @cil_conv_u8 | + @cil_conv_ovf_i | @cil_conv_ovf_i_un | @cil_conv_ovf_i1 | @cil_conv_ovf_i1_un | + @cil_conv_ovf_i2 | @cil_conv_ovf_i2_un | @cil_conv_ovf_i4 | @cil_conv_ovf_i4_un | + @cil_conv_ovf_i8 | @cil_conv_ovf_i8_un | @cil_conv_ovf_u | @cil_conv_ovf_u_un | + @cil_conv_ovf_u1 | @cil_conv_ovf_u1_un | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_ovf_u4 | @cil_conv_ovf_u4_un | @cil_conv_ovf_u8 | @cil_conv_ovf_u8_un | + @cil_conv_r4 | @cil_conv_r8 | @cil_conv_ovf_u2 | @cil_conv_ovf_u2_un | + @cil_conv_i | @cil_conv_u | @cil_conv_r_un; + +@cil_ldind = @cil_ldind_i | @cil_ldind_i1 | @cil_ldind_i2 | @cil_ldind_i4 | @cil_ldind_i8 | + @cil_ldind_r4 | @cil_ldind_r8 | @cil_ldind_ref | @cil_ldind_u1 | @cil_ldind_u2 | @cil_ldind_u4; + +@cil_stind = @cil_stind_i | @cil_stind_i1 | @cil_stind_i2 | @cil_stind_i4 | @cil_stind_i8 | + @cil_stind_r4 | @cil_stind_r8 | @cil_stind_ref; + +@cil_bitwise_operation = @cil_binary_bitwise_operation | @cil_unary_bitwise_operation; + +@cil_binary_bitwise_operation = @cil_and | @cil_or | @cil_xor | @cil_shr | @cil_shr | @cil_shr_un | @cil_shl; + +@cil_binary_arithmetic_operation = @cil_add | @cil_sub | @cil_mul | @cil_div | @cil_div_un | + @cil_rem | @cil_rem_un | @cil_add_ovf | @cil_add_ovf_un | @cil_mul_ovf | @cil_mul_ovf_un | + @cil_sub_ovf | @cil_sub_ovf_un; + +@cil_unary_bitwise_operation = @cil_not; + +@cil_binary_expr = @cil_binary_arithmetic_operation | @cil_binary_bitwise_operation | @cil_read_array | @cil_comparison_operation; + +@cil_unary_arithmetic_operation = @cil_neg; + +@cil_comparison_operation = @cil_cgt_un | @cil_ceq | @cil_cgt | @cil_clt | @cil_clt_un; + +// Elements that retrieve an address of something +@cil_read_ref = @cil_ldloca_s | @cil_ldarga_s | @cil_ldflda | @cil_ldsflda | @cil_ldelema; + +// CIL array instructions + +@cil_read_array = + @cil_ldelem | @cil_ldelema | @cil_ldelem_i1 | @cil_ldelem_ref | @cil_ldelem_i | + @cil_ldelem_i1 | @cil_ldelem_i2 | @cil_ldelem_i4 | @cil_ldelem_i8 | @cil_ldelem_r4 | + @cil_ldelem_r8 | @cil_ldelem_u1 | @cil_ldelem_u2 | @cil_ldelem_u4; + +@cil_write_array = @cil_stelem | @cil_stelem_ref | + @cil_stelem_i | @cil_stelem_i1 | @cil_stelem_i2 | @cil_stelem_i4 | @cil_stelem_i8 | + @cil_stelem_r4 | @cil_stelem_r8; + +@cil_throw_any = @cil_throw | @cil_rethrow; + +#keyset[impl, index] +cil_instruction( + unique int id: @cil_instruction, + int opcode: int ref, + int index: int ref, + int impl: @cil_method_implementation ref); + +cil_jump( + unique int instruction: @cil_jump ref, + int target: @cil_instruction ref); + +cil_access( + unique int instruction: @cil_instruction ref, + int target: @cil_accessible ref); + +cil_value( + unique int instruction: @cil_literal ref, + string value: string ref); + +#keyset[instruction, index] +cil_switch( + int instruction: @cil_switch ref, + int index: int ref, + int target: @cil_instruction ref); + +cil_instruction_location( + unique int id: @cil_instruction ref, + int loc: @location ref); + +cil_type_location( + int id: @cil_type ref, + int loc: @location ref); + +cil_method_location( + int id: @cil_method ref, + int loc: @location ref); + +@cil_namespace = @namespace; + +@cil_type_container = @cil_type | @cil_namespace | @cil_method; + +case @cil_type.kind of + 0 = @cil_valueorreftype +| 1 = @cil_typeparameter +| 2 = @cil_array_type +| 3 = @cil_pointer_type +| 4 = @cil_function_pointer_type +; + +cil_type( + unique int id: @cil_type, + string name: string ref, + int kind: int ref, + int parent: @cil_type_container ref, + int sourceDecl: @cil_type ref); + +cil_pointer_type( + unique int id: @cil_pointer_type ref, + int pointee: @cil_type ref); + +cil_array_type( + unique int id: @cil_array_type ref, + int element_type: @cil_type ref, + int rank: int ref); + +cil_function_pointer_return_type( + unique int id: @cil_function_pointer_type ref, + int return_type: @cil_type ref); + +cil_method( + unique int id: @cil_method, + string name: string ref, + int parent: @cil_type ref, + int return_type: @cil_type ref); + +cil_method_source_declaration( + unique int method: @cil_method ref, + int source: @cil_method ref); + +cil_method_implementation( + unique int id: @cil_method_implementation, + int method: @cil_method ref, + int location: @assembly ref); + +cil_implements( + int id: @cil_method ref, + int decl: @cil_method ref); + +#keyset[parent, name] +cil_field( + unique int id: @cil_field, + int parent: @cil_type ref, + string name: string ref, + int field_type: @cil_type ref); + +@cil_element = @cil_instruction | @cil_declaration | @cil_handler | @cil_attribute | @cil_namespace; +@cil_named_element = @cil_declaration | @cil_namespace; +@cil_declaration = @cil_variable | @cil_method | @cil_type | @cil_member; +@cil_accessible = @cil_declaration; +@cil_variable = @cil_field | @cil_stack_variable; +@cil_stack_variable = @cil_local_variable | @cil_parameter; +@cil_member = @cil_method | @cil_type | @cil_field | @cil_property | @cil_event; +@cil_custom_modifier_receiver = @cil_method | @cil_property | @cil_parameter | @cil_field | @cil_function_pointer_type; +@cil_parameterizable = @cil_method | @cil_function_pointer_type; +@cil_has_type_annotation = @cil_stack_variable | @cil_property | @cil_field | @cil_method | @cil_function_pointer_type; + +#keyset[parameterizable, index] +cil_parameter( + unique int id: @cil_parameter, + int parameterizable: @cil_parameterizable ref, + int index: int ref, + int param_type: @cil_type ref); + +cil_parameter_in(unique int id: @cil_parameter ref); +cil_parameter_out(unique int id: @cil_parameter ref); + +cil_setter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +#keyset[id, modifier] +cil_custom_modifiers( + int id: @cil_custom_modifier_receiver ref, + int modifier: @cil_type ref, + int kind: int ref); // modreq: 1, modopt: 0 + +cil_type_annotation( + int id: @cil_has_type_annotation ref, + int annotation: int ref); + +cil_getter(unique int prop: @cil_property ref, + int method: @cil_method ref); + +cil_adder(unique int event: @cil_event ref, + int method: @cil_method ref); + +cil_remover(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_raiser(unique int event: @cil_event ref, int method: @cil_method ref); + +cil_property( + unique int id: @cil_property, + int parent: @cil_type ref, + string name: string ref, + int property_type: @cil_type ref); + +#keyset[parent, name] +cil_event(unique int id: @cil_event, + int parent: @cil_type ref, + string name: string ref, + int event_type: @cil_type ref); + +#keyset[impl, index] +cil_local_variable( + unique int id: @cil_local_variable, + int impl: @cil_method_implementation ref, + int index: int ref, + int var_type: @cil_type ref); + +cil_function_pointer_calling_conventions( + int id: @cil_function_pointer_type ref, + int kind: int ref); + +// CIL handlers (exception handlers etc). + +case @cil_handler.kind of + 0 = @cil_catch_handler +| 1 = @cil_filter_handler +| 2 = @cil_finally_handler +| 4 = @cil_fault_handler +; + +#keyset[impl, index] +cil_handler( + unique int id: @cil_handler, + int impl: @cil_method_implementation ref, + int index: int ref, + int kind: int ref, + int try_start: @cil_instruction ref, + int try_end: @cil_instruction ref, + int handler_start: @cil_instruction ref); + +cil_handler_filter( + unique int id: @cil_handler ref, + int filter_start: @cil_instruction ref); + +cil_handler_type( + unique int id: @cil_handler ref, + int catch_type: @cil_type ref); + +@cil_controlflow_node = @cil_entry_point | @cil_instruction; + +@cil_entry_point = @cil_method_implementation | @cil_handler; + +@cil_dataflow_node = @cil_instruction | @cil_variable | @cil_method; + +cil_method_stack_size( + unique int method: @cil_method_implementation ref, + int size: int ref); + +// CIL modifiers + +cil_public(int id: @cil_member ref); +cil_private(int id: @cil_member ref); +cil_protected(int id: @cil_member ref); +cil_internal(int id: @cil_member ref); +cil_static(int id: @cil_member ref); +cil_sealed(int id: @cil_member ref); +cil_virtual(int id: @cil_method ref); +cil_abstract(int id: @cil_member ref); +cil_class(int id: @cil_type ref); +cil_interface(int id: @cil_type ref); +cil_security(int id: @cil_member ref); +cil_requiresecobject(int id: @cil_method ref); +cil_specialname(int id: @cil_method ref); +cil_newslot(int id: @cil_method ref); + +cil_base_class(unique int id: @cil_type ref, int base: @cil_type ref); +cil_base_interface(int id: @cil_type ref, int base: @cil_type ref); +cil_enum_underlying_type(unique int id: @cil_type ref, int underlying: @cil_type ref); + +#keyset[unbound, index] +cil_type_parameter( + int unbound: @cil_member ref, + int index: int ref, + int param: @cil_typeparameter ref); + +#keyset[bound, index] +cil_type_argument( + int bound: @cil_member ref, + int index: int ref, + int t: @cil_type ref); + +// CIL type parameter constraints + +cil_typeparam_covariant(int tp: @cil_typeparameter ref); +cil_typeparam_contravariant(int tp: @cil_typeparameter ref); +cil_typeparam_class(int tp: @cil_typeparameter ref); +cil_typeparam_struct(int tp: @cil_typeparameter ref); +cil_typeparam_new(int tp: @cil_typeparameter ref); +cil_typeparam_constraint(int tp: @cil_typeparameter ref, int supertype: @cil_type ref); + +// CIL attributes + +cil_attribute( + unique int attributeid: @cil_attribute, + int element: @cil_declaration ref, + int constructor: @cil_method ref); + +#keyset[attribute_id, param] +cil_attribute_named_argument( + int attribute_id: @cil_attribute ref, + string param: string ref, + string value: string ref); + +#keyset[attribute_id, index] +cil_attribute_positional_argument( + int attribute_id: @cil_attribute ref, + int index: int ref, + string value: string ref); + + +// Common .Net data model covering both C# and CIL + +// Common elements +@dotnet_element = @element | @cil_element; +@dotnet_named_element = @named_element | @cil_named_element; +@dotnet_callable = @callable | @cil_method; +@dotnet_variable = @variable | @cil_variable; +@dotnet_field = @field | @cil_field; +@dotnet_parameter = @parameter | @cil_parameter; +@dotnet_declaration = @declaration | @cil_declaration; +@dotnet_member = @member | @cil_member; +@dotnet_event = @event | @cil_event; +@dotnet_property = @property | @cil_property | @indexer; +@dotnet_parameterizable = @parameterizable | @cil_parameterizable; + +// Common types +@dotnet_type = @type | @cil_type; +@dotnet_call = @call | @cil_call_any; +@dotnet_throw = @throw_element | @cil_throw_any; +@dotnet_valueorreftype = @cil_valueorreftype | @value_or_ref_type | @cil_array_type | @void_type; +@dotnet_typeparameter = @type_parameter | @cil_typeparameter; +@dotnet_array_type = @array_type | @cil_array_type; +@dotnet_pointer_type = @pointer_type | @cil_pointer_type; +@dotnet_type_parameter = @type_parameter | @cil_typeparameter; +@dotnet_generic = @dotnet_valueorreftype | @dotnet_callable; + +// Attributes +@dotnet_attribute = @attribute | @cil_attribute; + +// Expressions +@dotnet_expr = @expr | @cil_expr; + +// Literals +@dotnet_literal = @literal_expr | @cil_literal; +@dotnet_string_literal = @string_literal_expr | @cil_ldstr; +@dotnet_int_literal = @integer_literal_expr | @cil_ldc_i; +@dotnet_float_literal = @float_literal_expr | @cil_ldc_r; +@dotnet_null_literal = @null_literal_expr | @cil_ldnull; + +@metadata_entity = @cil_method | @cil_type | @cil_field | @cil_property | @field | @property | + @callable | @value_or_ref_type | @void_type; + +metadata_handle(int entity : @metadata_entity ref, int location: @assembly ref, int handle: int ref) diff --git a/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties new file mode 100644 index 00000000000..17fd620e204 --- /dev/null +++ b/csharp/ql/lib/upgrades/cc2eccd6026e5405594b75eb9d2d3f4646747ccd/upgrade.properties @@ -0,0 +1,2 @@ +description: Include @void_type in @value_type +compatibility: full diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0d165e05a25..e1d837bb40b 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,23 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes. + +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. + +## 0.7.5 + +No user-facing changes. + +## 0.7.4 + +No user-facing changes. + ## 0.7.3 No user-facing changes. diff --git a/csharp/ql/src/Stubs/make_stubs_nuget.py b/csharp/ql/src/Stubs/make_stubs_nuget.py index c02d2fad387..28126b0cf7b 100644 --- a/csharp/ql/src/Stubs/make_stubs_nuget.py +++ b/csharp/ql/src/Stubs/make_stubs_nuget.py @@ -193,7 +193,7 @@ for framework in frameworks: pf.write('\n') for pathInfo in pathInfos: - if 'packs/' + framework.lower() in pathInfo.lower(): + if framework.lower() + '.ref' in pathInfo.lower(): copiedFiles.add(pathInfo) shutil.copy2(pathInfos[pathInfo], os.path.join( frameworksDir, framework)) @@ -207,7 +207,7 @@ with open(os.path.join(frameworksDir, 'Microsoft.NETCore.App', 'Microsoft.NETCor pf.write('\n') for pathInfo in pathInfos: - if 'packs/microsoft.netcore.app.ref/' in pathInfo.lower(): + if 'microsoft.netcore.app.ref/' in pathInfo.lower(): copiedFiles.add(pathInfo) shutil.copy2(pathInfos[pathInfo], frameworkDir) diff --git a/csharp/ql/src/change-notes/released/0.7.4.md b/csharp/ql/src/change-notes/released/0.7.4.md new file mode 100644 index 00000000000..1b33df9cb1e --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.7.4.md @@ -0,0 +1,3 @@ +## 0.7.4 + +No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.7.5.md b/csharp/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 00000000000..b2759d5bd80 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md b/csharp/ql/src/change-notes/released/0.8.0.md similarity index 69% rename from csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md rename to csharp/ql/src/change-notes/released/0.8.0.md index edbb1134739..caef33b6a93 100644 --- a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md +++ b/csharp/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- -* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. \ No newline at end of file +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. diff --git a/csharp/ql/src/change-notes/released/0.8.1.md b/csharp/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..dcdfbc83265 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,5 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index a4ea9c8de17..2f693f95ba6 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.8.1 diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll index 78008a6c69b..50395db47e7 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll @@ -8,6 +8,22 @@ private import internal.IRBlockImports as Imports import Imports::EdgeKind private import Cached +/** + * Holds if `block` is a block in `func` and `sortOverride`, `sortKey1`, and `sortKey2` are the + * sort keys of the block (derived from its first instruction) + */ +pragma[nomagic] +private predicate blockSortKeys( + IRFunction func, IRBlockBase block, int sortOverride, int sortKey1, int sortKey2 +) { + block.getEnclosingIRFunction() = func and + block.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and + // Ensure that the block containing `EnterFunction` always comes first. + if block.getFirstInstruction() instanceof EnterFunctionInstruction + then sortOverride = 0 + else sortOverride = 1 +} + /** * A basic block in the IR. A basic block consists of a sequence of `Instructions` with the only * incoming edges at the beginning of the sequence and the only outgoing edges at the end of the @@ -37,17 +53,14 @@ class IRBlockBase extends TIRBlock { exists(IRConfiguration::IRConfiguration config | config.shouldEvaluateDebugStringsForFunction(this.getEnclosingFunction()) ) and - this = - rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 | - funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and - funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and - // Ensure that the block containing `EnterFunction` always comes first. - if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction - then sortOverride = 0 - else sortOverride = 1 - | - funcBlock order by sortOverride, sortKey1, sortKey2 - ) + exists(IRFunction func | + this = + rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 | + blockSortKeys(func, funcBlock, sortOverride, sortKey1, sortKey2) + | + funcBlock order by sortOverride, sortKey1, sortKey2 + ) + ) } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll index 2a3a6d3407a..bf07e73d5fe 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll @@ -116,14 +116,14 @@ class Instruction extends Construction::TStageInstruction { private int getLineRank() { this.shouldGenerateDumpStrings() and - this = - rank[result](Instruction instr | - instr = - getAnInstructionAtLine(this.getEnclosingIRFunction(), this.getLocation().getFile(), - this.getLocation().getStartLine()) - | - instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() - ) + exists(IRFunction enclosing, Language::File file, int line | + this = + rank[result](Instruction instr | + instr = getAnInstructionAtLine(enclosing, file, line) + | + instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() + ) + ) } /** diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll index 78008a6c69b..50395db47e7 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll @@ -8,6 +8,22 @@ private import internal.IRBlockImports as Imports import Imports::EdgeKind private import Cached +/** + * Holds if `block` is a block in `func` and `sortOverride`, `sortKey1`, and `sortKey2` are the + * sort keys of the block (derived from its first instruction) + */ +pragma[nomagic] +private predicate blockSortKeys( + IRFunction func, IRBlockBase block, int sortOverride, int sortKey1, int sortKey2 +) { + block.getEnclosingIRFunction() = func and + block.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and + // Ensure that the block containing `EnterFunction` always comes first. + if block.getFirstInstruction() instanceof EnterFunctionInstruction + then sortOverride = 0 + else sortOverride = 1 +} + /** * A basic block in the IR. A basic block consists of a sequence of `Instructions` with the only * incoming edges at the beginning of the sequence and the only outgoing edges at the end of the @@ -37,17 +53,14 @@ class IRBlockBase extends TIRBlock { exists(IRConfiguration::IRConfiguration config | config.shouldEvaluateDebugStringsForFunction(this.getEnclosingFunction()) ) and - this = - rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 | - funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and - funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and - // Ensure that the block containing `EnterFunction` always comes first. - if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction - then sortOverride = 0 - else sortOverride = 1 - | - funcBlock order by sortOverride, sortKey1, sortKey2 - ) + exists(IRFunction func | + this = + rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 | + blockSortKeys(func, funcBlock, sortOverride, sortKey1, sortKey2) + | + funcBlock order by sortOverride, sortKey1, sortKey2 + ) + ) } /** diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll index 2a3a6d3407a..bf07e73d5fe 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll @@ -116,14 +116,14 @@ class Instruction extends Construction::TStageInstruction { private int getLineRank() { this.shouldGenerateDumpStrings() and - this = - rank[result](Instruction instr | - instr = - getAnInstructionAtLine(this.getEnclosingIRFunction(), this.getLocation().getFile(), - this.getLocation().getStartLine()) - | - instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() - ) + exists(IRFunction enclosing, Language::File file, int line | + this = + rank[result](Instruction instr | + instr = getAnInstructionAtLine(enclosing, file, line) + | + instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() + ) + ) } /** diff --git a/csharp/ql/src/meta/frameworks/Coverage.ql b/csharp/ql/src/meta/frameworks/Coverage.ql index f24d519e51d..b4e210c79ed 100644 --- a/csharp/ql/src/meta/frameworks/Coverage.ql +++ b/csharp/ql/src/meta/frameworks/Coverage.ql @@ -1,6 +1,6 @@ /** * @name Framework coverage - * @description The number of API endpoints covered by CSV models sorted by + * @description The number of API endpoints covered by MaD models sorted by * package and source-, sink-, and summary-kind. * @kind table * @id cs/meta/framework-coverage diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index a9d4c81c0f1..54fe066d096 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/csharp-queries -version: 0.7.4-dev -groups: +version: 0.8.2-dev +groups: - csharp - queries suites: codeql-suites diff --git a/csharp/ql/test/library-tests/standalone/errorrecovery/DiagnosticsAndErrors.expected b/csharp/ql/test/library-tests/standalone/errorrecovery/DiagnosticsAndErrors.expected index d9d0da247be..125535c32e6 100644 --- a/csharp/ql/test/library-tests/standalone/errorrecovery/DiagnosticsAndErrors.expected +++ b/csharp/ql/test/library-tests/standalone/errorrecovery/DiagnosticsAndErrors.expected @@ -1,4 +1,35 @@ compilationMessages +| errors.cs:6:1:6:22 | CS8019: Unnecessary using directive. | +| errors.cs:6:7:6:21 | CS0246: The type or namespace name 'NoSuchAssembly1' could not be found (are you missing a using directive or an assembly reference?) | +| errors.cs:7:1:7:41 | CS8019: Unnecessary using directive. | +| errors.cs:7:14:7:28 | CS0246: The type or namespace name 'NoSuchAssembly2' could not be found (are you missing a using directive or an assembly reference?) | +| errors.cs:16:9:16:17 | CS0246: The type or namespace name 'ErrorType' could not be found (are you missing a using directive or an assembly reference?) | +| errors.cs:16:19:16:20 | CS0649: Field 'C1.f1' is never assigned to, and will always have its default value null | +| errors.cs:25:18:25:17 | CS1002: ; expected | +| errors.cs:30:3:30:3 | CS1022: Type or namespace definition, or end-of-file expected | +| errors.cs:33:9:33:10 | CS0101: The namespace 'ErrorRecovery' already contains a definition for 'C1' | +| errors.cs:50:12:50:13 | CS0169: The field 'C2.c1' is never used | +| errors.cs:51:21:51:22 | CS1729: 'C2' does not contain a constructor that takes 1 arguments | +| errors.cs:53:9:53:17 | CS0246: The type or namespace name 'ErrorType' could not be found (are you missing a using directive or an assembly reference?) | +| errors.cs:53:21:53:29 | CS0246: The type or namespace name 'ErrorType' could not be found (are you missing a using directive or an assembly reference?) | +| errors.cs:59:21:59:20 | CS1026: ) expected | +| errors.cs:67:22:67:22 | CS0621: 'C3.M()': virtual or abstract members cannot be private | +| errors.cs:72:22:72:22 | CS0621: 'C4.M(int, string, bool, bool)': virtual or abstract members cannot be private | +| errors.cs:74:17:74:17 | CS0219: The variable 'x' is assigned but its value is never used | +| errors.cs:75:17:75:17 | CS0128: A local variable or function named 'x' is already defined in this scope | +| errors.cs:79:11:79:12 | CS0263: Partial declarations of 'C5' must not specify different base classes | +| errors.cs:82:13:82:13 | CS0414: The field 'C5.F' is assigned but its value is never used | +| errors.cs:83:23:83:23 | CS0547: 'C5.M': property or indexer cannot have void type | +| errors.cs:83:23:83:23 | CS0548: 'C5.M': property or indexer must have at least one accessor | +| errors.cs:83:23:83:23 | CS0621: 'C5.M': virtual or abstract members cannot be private | +| errors.cs:86:11:86:12 | CS0101: The namespace 'ErrorRecovery' already contains a definition for 'C5' | +| errors.cs:89:13:89:13 | CS0414: The field 'C5.F' is assigned but its value is never used | +| errors.cs:90:22:90:22 | CS0547: 'C5.M': property or indexer cannot have void type | +| errors.cs:90:22:90:22 | CS0548: 'C5.M': property or indexer must have at least one accessor | +| errors.cs:90:22:90:22 | CS0621: 'C5.M': virtual or abstract members cannot be private | +| errors.cs:91:45:91:45 | CS0103: The name 'x' does not exist in the current context | +| errors.cs:92:45:92:45 | CS0103: The name 'y' does not exist in the current context | +| file://:0:0:0:0 | CS5001: Program does not contain a static 'Main' method suitable for an entry point | extractorMessages | errors.cs:6:1:6:22 | Namespace not found | | errors.cs:22:31:22:32 | Failed to determine type | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs index 39943dd4ce4..8fb88eacd3e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs @@ -27,4 +27,30 @@ public class ProfileController : Controller { return View(); } +} + +[Authorize] +public class AuthBaseController : Controller { + protected void doThings() { } +} + +public class SubController : AuthBaseController { + // GOOD: The Authorize attribute is used on the base class. + public ActionResult Delete4(int id) { + doThings(); + return View(); + } +} + +[Authorize] +public class AuthBaseGenericController : Controller { + protected void doThings() { } +} + +public class SubGenericController : AuthBaseGenericController { + // GOOD: The Authorize attribute is used on the base class. + public ActionResult Delete5(int id) { + doThings(); + return View(); + } } \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs index 3966d418a93..503b2955933 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs @@ -43,4 +43,14 @@ public class CController : BaseAnonController { // BAD - AllowAnonymous is inherited from base class and overrides Authorize [Authorize] public ActionResult Edit4(int id) { return View(); } +} + +[Authorize] +public class BaseGenController : Controller { + +} + +public class SubGenController : BaseGenController { + // GOOD - Authorize is inherited from parent class + public ActionResult Edit5(int id) { return View(); } } \ No newline at end of file diff --git a/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst index 362f2d68889..52bf7c53c1a 100644 --- a/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code.rst @@ -62,7 +62,7 @@ When telemetry collection is disabled, no data will be sent to GitHub servers. You can disable telemetry collection by setting ``codeQL.telemetry.enableTelemetry`` to ``false`` in your settings. For more information about CodeQL settings, see ":doc:`Customizing settings `." -Additionally, telemetry collection will be disabled if the global ``telemetry.enableTelemetry`` setting is set to ``false``. For more information about global telemetry collection, see "`Microsoft's documentation `__." +Additionally, telemetry collection will be disabled if the global ``telemetry.telemetryLevel`` setting is set to ``off``. For more information about global telemetry collection, see "`Microsoft's documentation `__." Further reading ---------------- diff --git a/docs/codeql/codeql-for-visual-studio-code/index.rst b/docs/codeql/codeql-for-visual-studio-code/index.rst index 1b45ef10a3e..fc615f932f8 100644 --- a/docs/codeql/codeql-for-visual-studio-code/index.rst +++ b/docs/codeql/codeql-for-visual-studio-code/index.rst @@ -37,7 +37,10 @@ The CodeQL extension for Visual Studio Code adds rich language support for CodeQ CodeQL queries using the Visual Studio Code extension. - :doc:`Working with CodeQL packs in Visual Studio Code - `: You can view and edit CodeQL packs in Visual Studio Code. + `: You can view, create, and edit all types of CodeQL pack in Visual Studio Code. + +- :doc:`Using the CodeQL model editor + `: You can view, create, and edit CodeQL model packs using a dedicated editor. - :doc:`Customizing settings `: You can edit the settings for the @@ -67,6 +70,7 @@ The CodeQL extension for Visual Studio Code adds rich language support for CodeQ running-codeql-queries-at-scale-with-mrva testing-codeql-queries-in-visual-studio-code working-with-codeql-packs-in-visual-studio-code + using-the-codeql-model-editor customizing-settings troubleshooting-codeql-for-visual-studio-code troubleshooting-variant-analysis diff --git a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst index 6ed374381d8..ac67d31afde 100644 --- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst @@ -74,6 +74,8 @@ To use the starter workspace: #. In VS Code, use the **File** > **Open Workspace** option to open the ``vscode-codeql-starter.code-workspace`` file from your checkout of the workspace repository. +Remember to update the ``ql`` submodule in the starter workspace periodically to ensure that it remains compatible with newer versions of the VS Code extension and the CodeQL CLI. + .. _existing-workspace: Updating an existing workspace for CodeQL diff --git a/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst new file mode 100644 index 00000000000..95bdb926c32 --- /dev/null +++ b/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst @@ -0,0 +1,139 @@ +:tocdepth: 1 + +.. _using-the-codeql-model-editor: + +Using the CodeQL model editor +============================= + +.. include:: ../reusables/beta-note-model-pack-editor-vsc.rst + +You can view, write, and edit CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries. + +About the CodeQL model editor +----------------------------- + +The CodeQL model editor guides you through modeling the calls to external dependencies in your application or fully modeling all the public entry and exit points in an external dependency. + +When you open the model editor, it analyzes the currently selected CodeQL database and identifies where the application uses external APIs and all public methods. An external (or third party) API is any API that is not part of the CodeQL database you have selected. + +The model editor has two different modes: + +- Application mode (default view): The editor lists each external framework used by the selected CodeQL database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the CodeQL results for the specific codebase. + +- Dependency mode: The editor identifies all of the publicly accessible APIs in the selected CodeQL database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the CodeQL analysis for all codebases that use the dependency. + +Displaying the CodeQL model editor +---------------------------------- + +#. Open your CodeQL workspace in VS Code, for example, the ``vscode-codeql-starter`` workspace. + If you haven't updated the ``ql`` submodule for a while, update it from ``main`` to ensure that you have the queries used to gather data for the model editor. +#. Open the CodeQL extension and select the CodeQL database that you want to model from the "Databases" section of the left side pane. +#. Use the command palette to run the “CodeQL: Open Model Editor (Beta)” command. +#. The CodeQL model editor will open in a new tab and run a series of telemetry queries to identify APIs in the code. +#. When the queries are complete, the APIs that have been identified are shown in the editor. + +Modeling the calls your codebase makes to external APIs +------------------------------------------------------- + +You typically use this approach when you are looking at a specific codebase where you want to improve the precision of CodeQL results. This is usually when the codebase uses frameworks or libraries that are not supported by CodeQL and if the source code of the framework or library is not included in the analysis. + +#. Select the CodeQL database that you want to improve CodeQL coverage for. +#. Display the CodeQL model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown. + + .. image:: ../images/codeql-for-visual-studio-code/model-application-mode.png + :width: 800 + :alt: Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the external frameworks used by the "sofa-jraft" codebase. + +#. Click to expand an external API and view the list of calls from the codebase to the external dependency. +#. Click **View** associated with an API call or method to show where it is used in your codebase. + + .. image:: ../images/codeql-for-visual-studio-code/model-application-mode-expanded.png + :width: 800 + :alt: Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing the calls to the "rocksdbjni" framework ready for modeling. The "View" option for the first call is highlighted with a dark orange outline. + +#. When you have determined how to model the call or method, define the **Model type**. +#. The remaining fields are updated with available options: + + - **Source**: choose the **Output** element to model. + - **Sink**: choose the **Input** element to model. + - **Flow summary**: choose the **Input** and **Output** elements to model. + +#. Define the **Kind** of dataflow for the model. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. + +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. + +The models are stored in a series of YAML data extension files, one for each external API. For example: + +.. code-block:: none + + .github/codeql/extensions/sofa-jraft-java # the model pack directory + models + jmh-core.model.yml # models calls to jmh-core@1.20 + rocksdbjni.model.yml # models calls to rocksdbjni@7.7.3 + +Modeling the public API of a codebase +------------------------------------- + +You typically use this method when you want to model a framework or library that your organization uses in more than one codebase. Once you have finished creating and testing the model, you can publish the CodeQL model pack to the GitHub Container Registry for your whole organization to use. + +#. Select the CodeQL database that you want to model. +#. Display the CodeQL model editor. By default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library. + + .. image:: ../images/codeql-for-visual-studio-code/model-dependency-mode.png + :width: 800 + :alt: Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the packages published by the "sofa-jraft" codebase. + +#. Click to expand a package and view the list of available methods. +#. Click **View** associated with a method to show its definition. + + .. image:: ../images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png + :width: 800 + :alt: Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing the public methods available in the "com.alipay.soft.jraft.option" package ready for modeling. The "View" option for the first method is highlighted with a dark orange outline. + +#. When you have determined how to model the method, define the **Model type**. +#. The remaining fields are updated with available options: + + - **Source**: choose the **Output** element to model. + - **Sink**: choose the **Input** element to model. + - **Flow summary**: choose the **Input** and **Output** elements to model. + +#. Define the **Kind** of dataflow for the model. +#. When you have finished modeling, click **Save all** or **Save** (shown at the bottom right of each expanded list of calls). The percentage of calls modeled in the editor is updated. + +The models are stored in your workspace at ``.github/codeql/extensions/``, where ```` is the name of the CodeQL database that you selected. That is, the name of the repository, hyphen, the language analyzed by CodeQL. + +The models are stored in a series of YAML data extension files, one for each public method. For example: + +.. code-block:: none + + .github/codeql/extensions/sofa-jraft-java # the model pack directory + models + com.alipay.sofa.jraft.option.model.yml # models public methods in package + com.alipay.sofa.jraft.rhea.options.model.yml # models public methods in package + +The editor will create a separate model file for each package that you model. + +Testing CodeQL model packs +-------------------------- + +You can test any CodeQL model packs you create in VS Code by toggling the "use model packs" setting on and off. This method works for both databases and for variant analysis repositories. + +- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": all,`` +- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": none,`` + +If your model is working well, you should see a difference in the results of the two different runs. If you don't see any differences in results, you may need to introduce a known bug to verify that the model behaves as expected. + +Using CodeQL model packs with code scanning +------------------------------------------- + +There are two methods for using CodeQL model packs with code scanning: + +#. Copy the model pack directory into the ``.github/codeql/extensions`` directory of the repository. It will automatically be used by all future code scanning analysis for the repository (default setup or advanced setup). +#. Publish the model pack to the GitHub Container Registry as a CodeQL model pack. This can be downloaded and used by advanced setup for code scanning or by the CodeQL CLI running in an external CI system. + +For more information, see the following articles on the GitHub Docs site: + +- Default setup of code scanning: `Extending CodeQL coverage with CodeQL model packs in default setup `__ +- Advanced setup of code scanning: `Extending CodeQL coverage with CodeQL model packs `__ +- CodeQL CLI setup in external CI system: `Using model packs to analyze calls to custom dependencies `__ diff --git a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst index dabf59cc563..fe1e9a0bbdd 100644 --- a/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst @@ -7,33 +7,49 @@ Working with CodeQL packs in Visual Studio Code .. include:: ../reusables/beta-note-package-management.rst -You can view CodeQL packs and write and edit queries for them in Visual Studio Code. +You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension. About CodeQL packs ------------------ -CodeQL packs are used to create, share, depend on, and run CodeQL queries and libraries. You can publish your own CodeQL packs and download packs created by others. For more information, see "`About CodeQL packs `__." +You use CodeQL packs to share your expertise in query writing, CodeQL library development, and modeling dependencies with other users. The CodeQL package management system ensures that when you publish a CodeQL pack it is ready to use, without any compilation. Anything the CodeQL pack depends on is explicitly defined within the pack. You can publish your own CodeQL packs and download packs created by others. For more information, see "`About CodeQL packs `__." -Using standard CodeQL packs in Visual Studio Code --------------------------------------------------------------- +There are three types of CodeQL packs, each with a specific purpose. + +- Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack. +- Model packs are used to model dependencies that are not supported by the standard CodeQL libraries. When you add a model pack to your analysis, all relevant queries also recognize the sources, sinks and flow steps of the dependencies defined in the pack. +- Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately. + +Using the CodeQL packs shipped with the CLI in Visual Studio Code +----------------------------------------------------------------- To install dependencies for a CodeQL pack in your Visual Studio Code workspace, run the **CodeQL: Install Pack Dependencies** command from the Command Palette and select the packs you want to install dependencies for. You can write and run query packs that depend on the CodeQL standard libraries, without needing to check out the standard libraries in your workspace. Instead, you can install only the dependencies required by the query packs you want to use. -Creating and editing CodeQL packs in Visual Studio Code -------------------------------------------------------- -To create a new CodeQL pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For more information, see "`Creating and working with CodeQL packs `__." +Working with CodeQL query packs +------------------------------- + +One of the main benefits of working with a CodeQL query pack is that all dependencies are resolved, not just those defined within the query and standard libraries. + +Creating and editing CodeQL query packs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To create a new query pack, you will need to use the CodeQL CLI from a terminal, which you can do within Visual Studio Code or outside of it with the ``codeql pack init`` command. Once you create an empty pack, you can edit the ``qlpack.yml`` file or run the ``codeql pack add`` command to add dependencies or change the name or version. For detailed information, see "`Creating and working with CodeQL packs `__." You can create or edit queries in a CodeQL pack in Visual Studio Code as you would with any CodeQL query, using the standard code editing features such as autocomplete suggestions to find elements to use from the pack's dependencies. -You can then use the CodeQL CLI to publish your pack to share with others. For more information, see "`Publishing and using CodeQL packs `__." +You can then use the CodeQL CLI to publish your pack to share with others. For detailed information, see "`Publishing and using CodeQL packs `__." -Viewing CodeQL packs and their dependencies in Visual Studio Code ------------------------------------------------------------------ -To download a CodeQL pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. -You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java or Kotlin, enter ``codeql/java-queries``. +Viewing CodeQL query packs and their dependencies +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To download a query pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette. +You can download all the core query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java and Kotlin, enter ``codeql/java-queries``. Whether you have downloaded a CodeQL pack or created your own, you can open the ``qlpack.yml`` file in the root of a CodeQL pack directory in Visual Studio Code and view the dependencies section to see what libraries the pack depends on. If you want to understand a query in a CodeQL pack better, you can open the query file and view the code, using the IntelliSense code editing features of Visual Studio Code. For example, if you hover over an element from a library depended on by the pack, Visual Studio Code will resolve it so you can see documentation about the element. To view the full definition of an element of a query, you can right-click and choose **Go to Definition**. If the library pack is present within the same Visual Studio Code workspace, this will take you to the definition within the workspace. Otherwise it will take you to the definition within your package cache, the shared location where downloaded dependencies are stored, which is in your home directory by default. + +Working with CodeQL model packs +------------------------------- + +The CodeQL extension for Visual Studio Code includes a dedicated editor for creating and editing model packs. For information on using the model editor, see ":ref:`Using the CodeQL model editor `." diff --git a/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst new file mode 100644 index 00000000000..09d7e9ab7e4 --- /dev/null +++ b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst @@ -0,0 +1,459 @@ +.. _advanced-dataflow-scenarios-cpp: + +.. include:: ../reusables/cpp-new-dataflow-api-note.rst + +Advanced dataflow scenarios for C/C++ +====================================== + +Data flow for C and C++ distinguishes between the value of a pointer and the value of what the pointer points to. We call this the "indirection" of the pointer. Tracking the pointer and its indirection as separate entities is important for precise dataflow. However, it also means that you need to specify which data flow node to model. If you select the wrong data flow node, then analysis will be flawed. This article discusses several scenarios where it is important to consider whether data flow should be computed on the value of the pointer or its indirection. + +Overview +--------- + +For almost all situations we only need to instantiate a dataflow configuration and specify our sources and sinks, and the dataflow library will handle everything for us. + +However, when a write to a field is not visible to CodeQL (for example, because it happens in a function whose definition is not in the database) we need to track the qualifier, and tell the dataflow library that it should transfer flow from the qualifier to the field access. This is done by adding an ``isAdditionalFlowStep`` predicate to the dataflow module. + +When you write additional flow steps to track pointers, you must decide whether the dataflow step should flow from the pointer or its indirection. Similarly, you must decide whether the additional step should target a pointer or its indirection. + +In contrast, if the read of a field is not visible to CodeQL, you can add an ``allowImplicitRead`` predicate to model the data flow. + +Regular dataflow analysis +------------------------- + +Consider the following scenario: We have data coming out of ``user_input()`` and we want to figure out if that data can ever reach an argument of ``sink``. + +.. code-block:: cpp + + void sink(int); + int user_input(); + +A regular dataflow query such as the following query: + +.. code-block:: ql + + /** + * @kind path-problem + */ + + import semmle.code.cpp.dataflow.new.DataFlow + import Flow::PathGraph + + module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source.asExpr().(Call).getTarget().hasName("user_input") + } + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("sink") and + sink.asExpr() = call.getAnArgument() + ) + } + } + + module Flow = DataFlow::Global; + + from Flow::PathNode source, Flow::PathNode sink + where Flow::flowPath(source, sink) + select sink.getNode(), source, sink, "Flow from user input to sink!" + +will catch most things such as: + +.. code-block:: cpp + :caption: Example 1 + :linenos: + + struct A { + const int *p; + int x; + }; + + struct B { + A *a; + int y; + }; + + void fill_structure(B* b, const int* pu) { + // ... + b->a->p = pu; + } + + void process_structure(const B* b) { + sink(*b->a->p); + } + + void get_and_process() { + int u = user_input(); + B* b = (B*)malloc(sizeof(B)); + // ... + fill_structure(b, &u); + // ... + process_structure(b); + free(b); + } + +This data flow is simple to match because the CodeQL database contains the information to see: + 1. User input starts at ``user_input()`` and flows into ``fill_structure``. + 2. The data is written to the object ``b`` with access path ``[a, p]``. + 3. The object ``b`` flows out of ``fill_structure`` and into ``process_structure``. + 4. The access path ``[a, p]`` is read in ``process_structure`` and the value ends up in the sink. + +Flow from a qualifier to a field access +--------------------------------------- + +Sometimes field accesses are not visible to CodeQL (for example, because the implementation of the function isn't included in the database), and so dataflow cannot match up all stores with reads. This leads to missing (false negative) results. + +For example, consider an alternative setup where our source of data starts as the outgoing argument of a function ``write_user_input_to``. We can model this setup in the dataflow library using the following ``isSource``: + +.. code-block:: ql + + predicate isSource(DataFlow::Node source) { + exists(Call call | + call.getTarget().hasName("write_user_input_to") and + source.asDefiningArgument() = call.getArgument(0) + ) + } + +This would match the call to ``write_user_input_to`` in the following example: + +.. code-block:: cpp + :caption: Example 2 + :linenos: + + void write_user_input_to(void*); + void use_value(int); + void* malloc(unsigned long); + + struct U { + const int* p; + int x; + }; + + void process_user_data(const int* p) { + // ... + use_value(*p); + } + + void get_and_process_user_input_v2() { + U* u = (U*)malloc(sizeof(U)); + write_user_input_to(u); + process_user_data(u->p); + free(u); + } + +With this definition of ``isSource`` the dataflow library tracks flow along the following path: + + 1. The flow now starts at the outgoing argument of ``write_user_input_to(...)``. + 2. The flow proceeds to ``u->p`` on the next line. + +However, because CodeQL has not observed a write to ``p`` before the read ``u->p``, dataflow will stop at ``u``. We can correct this gap in the information available to dataflow by adding an additional flow step through field reads: + +.. code-block:: ql + + /** + * @kind path-problem + */ + + import semmle.code.cpp.dataflow.new.DataFlow + import Flow::PathGraph + + module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Call call | + call.getTarget().hasName("write_user_input_to") and + source.asDefiningArgument() = call.getArgument(0) + ) + } + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("use_value") and + sink.asExpr() = call.getAnArgument() + ) + } + + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(FieldAccess fa | + n1.asIndirectExpr() = fa.getQualifier() and + n2.asIndirectExpr() = fa + ) + } + } + + module Flow = DataFlow::Global; + + from Flow::PathNode source, Flow::PathNode sink + where Flow::flowPath(source, sink) + select sink.getNode(), source, sink, "Flow from user input to sink!" + +Notice how the ``isSource`` and ``isSink`` are as expected: we're looking for flow that starts at the outgoing parameter of ``write_user_input_to(...)``, and ends up as an argument to ``isSink``. The interesting part is the addition of ``isAdditionalFlow`` which specifies an additional flow step from the qualifier of a ``FieldAccess`` to the result of the access. + +In a real query the ``isAdditionalFlowStep`` step would be restricted in various ways to make sure that it doesn't add too much flow (since flow from a field qualifier to the field access in general will generate a lot of spurious flow). For example, one could restrict ``fa`` to be a field access that targets a particular field, or a field access of a field that's defined in a certain ``struct`` type. + +We have an important choice here: Should ``n2`` be the node corresponding to the pointer value of ``fa`` or the indirection of ``fa`` (that is, what ``fa`` points to)? + +.. _using-asIndirectExpr: + +Using asIndirectExpr +~~~~~~~~~~~~~~~~~~~~ + +If we use ``n2.asIndirectExpr() = fa`` we specify that flow in example 2 moves to what ``fa`` points to. This allows data to flow through a later dereference, which is exactly what we need to track data flow from ``p`` to ``*p`` in ``process_user_data``. + +Thus we get the required flow path. + +Consider a slightly different sink: + +.. code-block:: cpp + :caption: Example 3 + :linenos: + + void write_user_input_to(void*); + void use_pointer(int*); + void* malloc(unsigned long); + + struct U { + const int* p; + int x; + }; + + void process_user_data(const int* p) { + // ... + use_pointer(p); + } + + void get_and_process_user_input_v2() { + U* u = (U*)malloc(sizeof(U)); + write_user_input_to(u); + process_user_data(u->p); + free(u); + } + +The only difference between the previous example and this one is that our data ends up in a call to ``use_pointer`` which takes an ``int*`` instead of an ``int`` as an argument. Since our ``isAdditionalFlowStep`` implementation already steps to the indirection of the ``FieldAccess`` we're already tracking what the field points to. So we can find this flow by using ``sink.asIndirectExpr()`` to specify that the data we're interested in tracking is the value that ends up being pointed to by an argument that is passed to ``use_pointer``: + +.. code-block:: ql + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("use_pointer") and + sink.asIndirectExpr() = call.getAnArgument() + ) + } + +.. _using-asExpr: + +Using asExpr +~~~~~~~~~~~~ + +Alternatively, the flow in example 2 could also be tracked by: + 1. Changing ``isAdditionalFlowStep`` so that it targets the dataflow node that represents the value of the ``FieldAccess`` instead of the value it points to, and + 2. Changing ``isSink`` to specify that we're interested in tracking the value the argument passed to ``use_pointer`` (instead of the value of what the argument points to). + +With those changes our query becomes: + +.. code-block:: ql + + /** + * @kind path-problem + */ + + import semmle.code.cpp.dataflow.new.DataFlow + import Flow::PathGraph + + module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Call call | + call.getTarget().hasName("write_user_input_to") and + source.asDefiningArgument() = call.getArgument(0) + ) + } + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("use_pointer") and + sink.asExpr() = call.getAnArgument() + ) + } + + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(FieldAccess fa | + n1.asIndirectExpr() = fa.getQualifier() and + n2.asExpr() = fa + ) + } + } + + module Flow = DataFlow::Global; + + from Flow::PathNode source, Flow::PathNode sink + where Flow::flowPath(source, sink) + select sink.getNode(), source, sink, "Flow from user input to sink!" + +When we get to ``u->p`` the additional step transfers flow from what the qualifier points to, to the result of the ``FieldAccess``. After this, dataflow proceeds to ``p`` in ``use_pointer(p)`` and since we specified in our ``isSink`` that we're interested in the value of the argument, our dataflow analysis finds a result. + +Passing the address of a variable to ``use_pointer`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Consider an alternative scenario where ``U`` contains a single ``int`` data, and we pass the address of data to ``use_pointer`` as seen below. + +.. code-block:: cpp + :caption: Example 4 + :linenos: + + void write_user_input_to(void*); + void use_pointer(int*); + void* malloc(unsigned long); + + struct U { + int data; + int x; + }; + + void process_user_data(int data) { + // ... + use_pointer(&data); + } + + + void get_and_process_user_input_v2() { + U* u = (U*)malloc(sizeof(U)); + write_user_input_to(u); + process_user_data(u->data); + free(u); + } + +Since the ``data`` field is now an ``int`` instead of an ``int*`` the field no longer has any indirections, and so the use of ``asIndirectExpr`` in ``isAdditionalFlowStep`` no longer makes sense (and so the additional step will have no results). So there is no choice about whether to taint the value of the field or its indirection: it has to be the value. + +However, since we pass the address of ``data`` to ``use_pointer`` on line 12 the tainted value is what is pointed to by the argument of ``use_pointer`` (since the value pointed to by ``&data`` is exactly ``data``). So to handle this case we need a mix of the two situations above: + 1. We need to taint the value of the field as described in the :ref:`Using asExpr ` section. + 2. We need to select the indirection of the argument as described in the :ref:`Using asIndirectExpr ` section. + +With these changes the query looks like: + +.. code-block:: ql + + /** + * @kind path-problem + */ + + import semmle.code.cpp.dataflow.new.DataFlow + import Flow::PathGraph + + module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Call call | + call.getTarget().hasName("write_user_input_to") and + source.asDefiningArgument() = call.getArgument(0) + ) + } + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("use_pointer") and + sink.asIndirectExpr() = call.getAnArgument() + ) + } + + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(FieldAccess fa | + n1.asIndirectExpr() = fa.getQualifier() and + n2.asExpr() = fa + ) + } + } + + module Flow = DataFlow::Global; + + from Flow::PathNode source, Flow::PathNode sink + where Flow::flowPath(source, sink) + select sink.getNode(), source, sink, "Flow from user input to sink!" + +And with that query the flow is identified. + +Specifying implicit reads +------------------------- + +The previous section demonstrated how to add flow from qualifiers to field accesses because a source implicitly tainted all the fields of a struct. This section considers the opposite scenario: A specific field is being tainted, and we want to find any place that may read from this object, including any place that reads an unknown set of fields. + +To set the stage, consider the following scenario: + +.. code-block:: cpp + :caption: Example 5 + :linenos: + + struct A { + const int *p; + int x; + }; + + struct B { + A *a; + int z; + }; + + int user_input(); + void read_data(const void *); + void *malloc(size_t); + + void get_input_and_read_data() { + B b; + b.a = (A *)malloc(sizeof(A)); + b.a->x = user_input(); + // ... + read_data(&b); + free(b.a); + } + +In this example, the data flows as follows: + + 1. We write a user-controlled value into the object ``b`` at the access path ``[a, x]``. + 2. Afterwards, ``b`` is passed to ``read_data`` which we don't have the definition of in the database. + +We now want to track this user-input flowing into ``read_data``. + +The dataflow library has a specific predicate to handle this scenario, and thus we don't need to add any additional flow steps using ``isAdditionalFlowStep``. Instead, we tell the dataflow library that ``read_data`` is a sink and may implicitly read the data from fields in the object it is passed. To do that, we implement ``allowImplicitRead`` in our dataflow module: + +.. code-block:: ql + + /** + * @kind path-problem + */ + + import semmle.code.cpp.dataflow.new.DataFlow + import Flow::PathGraph + + module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Call call | + call.getTarget().hasName("user_input") and + source.asExpr() = call + ) + } + + predicate isSink(DataFlow::Node sink) { + exists(Call call | + call.getTarget().hasName("read_data") and + sink.asIndirectExpr() = call.getAnArgument() + ) + } + + predicate allowImplicitRead(DataFlow::Node n, DataFlow::ContentSet cs) { + isSink(n) and + cs.getAReadContent().(DataFlow::FieldContent).getField().hasName(["a", "x"]) + } + } + + module Flow = DataFlow::Global; + + from Flow::PathNode source, Flow::PathNode sink + where Flow::flowPath(source, sink) + select sink.getNode(), source, sink, "Flow from user input to sink!" + +The ``allowImplicitRead`` predicate specifies that if we're at a node that satisfies ``isSink`` then we're allowed to assume that there is an implicit read of a field named ``a`` or a field named ``x`` (in this case both). This gets us the flow we are interested in because the dataflow library now will see: + + 1. User input starts at ``user_input()``. + 2. The data flowing into ``b`` with access path ``[a, x]``. + 3. The data flowing to the indirection of ``&b`` (i.e., the object ``b``). + 4. An implicit read of the field ``x`` followed by an implicit read of the field ``a`` at the sink. + +Thus, we end up at a node that satisfies ``isSink`` with an empty access path, and successfully track the full dataflow path. \ No newline at end of file diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst index 003bc8c0aef..0356b928817 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst @@ -1,8 +1,6 @@ .. _analyzing-data-flow-in-cpp-new: -.. pull-quote:: Note - - The data flow library described here is available from CodeQL 2.12.5 onwards. With the release of CodeQL 2.13.0 the library uses the new modular API for data flow. For information on the previous version of the library, see :ref:`Analyzing data flow in C and C++ ` and for information about the new modular API and how to migrate any existing queries to the updated data flow library, see `New dataflow API for CodeQL query writing `__. +.. include:: ../reusables/cpp-new-dataflow-api-note.rst Analyzing data flow in C and C++ (new) ====================================== diff --git a/docs/codeql/codeql-language-guides/codeql-for-cpp.rst b/docs/codeql/codeql-language-guides/codeql-for-cpp.rst index 703c3e93e4f..a564f54042f 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-cpp.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-cpp.rst @@ -20,6 +20,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat using-the-guards-library-in-cpp using-range-analsis-in-cpp hash-consing-and-value-numbering + advanced-dataflow-scenarios-cpp - :doc:`Basic query for C and C++ code `: Learn to write and run a simple CodeQL query. @@ -43,3 +44,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Using range analysis for C and C++ `: You can use range analysis to determine the upper or lower bounds on an expression, or whether an expression could potentially over or underflow. - :doc:`Hash consing and value numbering `: You can use specialized CodeQL libraries to recognize expressions that are syntactically identical or compute the same value at runtime in C and C++ codebases. + +- :doc:`Advanced C/C++ dataflow scenarios `: You can track precise data flow in C and C++ codebases by distinguishing between a pointer and its indirection(s). diff --git a/docs/codeql/codeql-language-guides/codeql-for-java.rst b/docs/codeql/codeql-language-guides/codeql-for-java.rst index 97f212ac64b..0b4c3cb822a 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-java.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-java.rst @@ -25,6 +25,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat javadoc working-with-source-locations abstract-syntax-tree-classes-for-working-with-java-programs + customizing-library-models-for-java-and-kotlin - :doc:`Basic query for Java and Kotlin code `: Learn to write and run a simple CodeQL query. @@ -45,3 +46,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Working with source locations `: You can use the location of entities within Java/Kotlin code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem. - :doc:`Abstract syntax tree classes for working with Java and Kotlin programs `: CodeQL has a large selection of classes for representing the abstract syntax tree of Java/Kotlin programs. + +- :doc:`Customizing library models for Java and Kotlin `: You can model frameworks and libraries that your code base depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst new file mode 100644 index 00000000000..cc8e4e51b7b --- /dev/null +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst @@ -0,0 +1,293 @@ +.. _customizing-library-models-for-java-and-kotlin: + +Customizing library models for Java and Kotlin +============================================== + +You can model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. + +.. include:: ../reusables/kotlin-beta-note.rst + +.. include:: ../reusables/beta-note-model-packs-java.rst + +About this article +------------------ + +This article contains reference material about how to define custom models for sources, sinks and flow summaries for Java dependencies in data extension files. + +The best way to create your own models is using the CodeQL model editor in the CodeQL extension for Visual Studio Code. The model editor automatically guides you through the process of defining models, displaying the properties you need to define and the options available. You can save the resulting models as data extension files in CodeQL model packs and use them without worrying about the syntax. + +For more information, see ":ref:`Using the CodeQL model editor `." + +About data extensions +--------------------- + +You can customize analysis by defining models (summaries, sinks, and sources) of your code's dependencies in data extension files. Each model defines the behavior of one or more elements of your library or framework, such as methods and callables. When you run dataflow analysis, these models expand the potential sources and sinks tracked by dataflow analysis and improve the precision of results. + +Most of the security queries search for paths from a source of untrusted input to a sink that represents a vulnerability. This is known as taint tracking. Each source is a starting point for dataflow analysis to track tainted data and each sink is an end point. + +Taint tracking queries also need to know how data can flow through elements that are not included in the source code. These are modeled as summaries. A summary model enables queries to synthesize the flow behavior through elements in dependency code that is not stored in your repository. + +Syntax used to define an element in an extension file +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Each model of an element is defined using a data extension where each tuple constitutes a model. +A data extension file to extend the standard Java queries included with CodeQL is a YAML file with the form: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: + data: + - + - + - ... + +Each YAML file may contain one or more top-level extensions. + +- ``addsTo`` defines the CodeQL pack name and extensible predicate that the extension is injected into. +- ``data`` defines one or more rows of tuples that are injected as values into the extensible predicate. The number of columns and their types must match the definition of the extensible predicate. + +Data extensions use union semantics, which means that the tuples of all extensions for a single extensible predicate are combined, duplicates are removed, and all of the remaining tuples are queryable by referencing the extensible predicate. + +Publish data extension files in a CodeQL model pack to share +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can group one or more data extention files into a CodeQL model pack and publish it to the GitHub Container Registry. This makes it easy for anyone to download the model pack and use it to extend their analysis. For more information, see "`Creating a CodeQL model pack `__ and `Publishing and using CodeQL packs `__ in the CodeQL CLI documentation. + +Extensible predicates used to create custom models in Java and Kotlin +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The CodeQL library for Java and Kotlin analysis exposes the following extensible predicates: + +- ``sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance)``. This is used to model sources of potentially tainted data. +- ``sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)``. This is used to model sinks where tainted data maybe used in a way that makes the code vulnerable. +- ``summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)``. This is used to model flow through elements. +- ``neutralModel(package, type, name, signature, kind, provenance)``. This is similar to a summary model but used to model the flow of values that have only a minor impact on the dataflow analysis. + +The extensible predicates are populated using the models defined in data extension files. + +Examples of custom model definitions +------------------------------------ + +The examples in this section are taken from the standard CodeQL Java query pack published by GitHub. They demonstrate how to add tuples to extend extensible predicates that are used by the standard queries. + +Example: Taint sink in the ``java.sql`` package +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This example shows how the Java query pack models the argument of the ``execute`` method as a SQL injection sink. +This is the ``execute`` method in the ``Statement`` class, which is located in the ``java.sql`` package. + +.. code-block:: java + + public static void taintsink(Connection conn, String query) throws SQLException { + Statement stmt = conn.createStatement(); + stmt.execute(query); // The argument to this method is a SQL injection sink. + } + +We need to add a tuple to the ``sinkModel``\(package, type, subtypes, name, signature, ext, input, kind, provenance) extensible predicate by updating a data extension file. + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.sql", "Statement", True, "execute", "(String)", "", "Argument[0]", "sql-injection", "manual"] + + +Since we want to add a new sink, we need to add a tuple to the ``sinkModel`` extensible predicate. +The first five values identify the callable (in this case a method) to be modeled as a sink. + +- The first value ``java.sql`` is the package name. +- The second value ``Statement`` is the name of the class (type) that contains the method. +- The third value ``True`` is a flag that indicates whether or not the sink also applies to all overrides of the method. +- The fourth value ``execute`` is the method name. +- The fifth value ``(String)`` is the method input type signature. + +The sixth value should be left empty and is out of scope for this documentation. +The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the sink. + +- The seventh value ``Argument[0]`` is the ``access path`` to the first argument passed to the method, which means that this is the location of the sink. +- The eighth value ``sql-injection`` is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries. +- The ninth value ``manual`` is the provenance of the sink, which is used to identify the origin of the sink. + +Example: Taint source from the ``java.net`` package +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This example shows how the Java query pack models the return value from the ``getInputStream`` method as a ``remote`` source. +This is the ``getInputStream`` method in the ``Socket`` class, which is located in the ``java.net`` package. + +.. code-block:: java + + public static void tainted(Socket socket) throws IOException { + InputStream stream = socket.getInputStream(); // The return value of this method is a remote source of taint. + ... + } + +We need to add a tuple to the ``sourceModel``\(package, type, subtypes, name, signature, ext, output, kind, provenance) extensible predicate by updating a data extension file. + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["java.net", "Socket", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"] + + +Since we are adding a new source, we need to add a tuple to the ``sourceModel`` extensible predicate. +The first five values identify the callable (in this case a method) to be modeled as a source. + +- The first value ``java.net`` is the package name. +- The second value ``Socket`` is the name of the class (type) that contains the source. +- The third value ``False`` is a flag that indicates whether or not the source also applies to all overrides of the method. +- The fourth value ``getInputStream`` is the method name. +- The fifth value ``()`` is the method input type signature. + +The sixth value should be left empty and is out of scope for this documentation. +The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the source. + +- The seventh value ``ReturnValue`` is the access path to the return of the method, which means that it is the return value that should be considered a source of tainted input. +- The eighth value ``remote`` is the kind of the source. The source kind is used to define the queries where the source is in scope. ``remote`` applies to many of the security related queries as it means a remote source of untrusted data. As an example the SQL injection query uses ``remote`` sources. +- The ninth value ``manual`` is the provenance of the source, which is used to identify the origin of the source. + +Example: Add flow through the ``concat`` method +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This example shows how the Java query pack models flow through a method for a simple case. +This pattern covers many of the cases where we need to summarize flow through a method that is stored in a library or framework outside the repository. + +.. code-block:: java + + public static void taintflow(String s1, String s2) { + String t = s1.concat(s2); // There is taint flow from s1 and s2 to t. + ... + } + +We need to add tuples to the ``summaryModel``\(package, type, subtypes, name, signature, ext, input, output, kind, provenance) extensible predicate by updating a data extension file: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["java.lang", "String", False, "concat", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + +Since we are adding flow through a method, we need to add tuples to the ``summaryModel`` extensible predicate. +Each tuple defines flow from one argument to the return value. +The first row defines flow from the qualifier (``s1`` in the example) to the return value (``t`` in the example) and the second row defines flow from the first argument (``s2`` in the example) to the return value (``t`` in the example). + +The first five values identify the callable (in this case a method) to be modeled as a summary. +These are the same for both of the rows above as we are adding two summaries for the same method. + +- The first value ``java.lang`` is the package name. +- The second value ``String`` is the class (type) name. +- The third value ``False`` is a flag that indicates whether or not the summary also applies to all overrides of the method. +- The fourth value ``concat`` is the method name. +- The fifth value ``(String)`` is the method input type signature. + +The sixth value should be left empty and is out of scope for this documentation. +The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the summary. + +- The seventh value is the access path to the input (where data flows from). ``Argument[this]`` is the access path to the qualifier (``s1`` in the example) and ``Argument[0]`` is the access path to the first argument (``s2`` in the example). +- The eighth value ``ReturnValue`` is the access path to the output (where data flows to), in this case ``ReturnValue``, which means that the input flows to the return value. +- The ninth value ``taint`` is the kind of the flow. ``taint`` means that taint is propagated through the call. +- The tenth value ``manual`` is the provenance of the summary, which is used to identify the origin of the summary. + +Example: Add flow through the ``map`` method +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This example shows how the Java query pack models a more complex flow through a method. +Here we model flow through higher order methods and collection types. + +.. code-block:: java + + public static void taintflow(Stream s) { + Stream l = s.map(e -> e.concat("\n")); + ... + } + +We need to add tuples to the ``summaryModel``\(package, type, subtypes, name, signature, ext, input, output, kind, provenance) extensible predicate by updating a data extension file: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[this].Element", "Argument[0].Parameter[0]", "value", "manual"] + - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] + + +Since we are adding flow through a method, we need to add tuples to the ``summaryModel`` extensible predicate. +Each tuple defines part of the flow that comprises the total flow through the ``map`` method. +The first five values identify the callable (in this case a method) to be modeled as a summary. +These are the same for both of the rows above as we are adding two summaries for the same method. + +- The first value ``java.util.stream`` is the package name. +- The second value ``Stream`` is the class (type) name. +- The third value ``True`` is a flag that indicates whether or not the summary also applies to all overrides of the method. +- The fourth value ``map`` is the method name. +- The fifth value ``Function`` is the method input type signature. + +The sixth value should be left empty and is out of scope for this documentation. +The remaining values are used to define the ``access path``, the ``kind``, and the ``provenance`` (origin) of the summary definition. + +- The seventh value is the access path to the ``input`` (where data flows from). +- The eighth value is the access path to the ``output`` (where data flows to). + +For the first row: + +- The seventh value is ``Argument[this].Element``, which is the access path to the elements of the qualifier (the elements of the stream ``s`` in the example). +- The eight value is ``Argument[0].Parameter[0]``, which is the access path to the first parameter of the ``Function`` argument of ``map`` (the lambda parameter ``e`` in the example). + +For the second row: + +- The seventh value is ``Argument[0].ReturnValue``, which is the access path to the return value of the ``Function`` argument of ``map`` (the return value of the lambda in the example). +- The eighth value is ``ReturnValue.Element``, which is the access path to the elements of the return value of ``map`` (the elements of the stream ``l`` in the example). + +For the remaining values for both rows: + +- The ninth value ``value`` is the kind of the flow. ``value`` means that the value is preserved. +- The tenth value ``manual`` is the provenance of the summary, which is used to identify the origin of the summary. + +That is, the first row specifies that values can flow from the elements of the qualifier stream into the first argument of the function provided to ``map``. The second row specifies that values can flow from the return value of the function to the elements of the stream returned from ``map``. + +Example: Add a ``neutral`` method +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This example shows how the Java query pack models the ``now`` method as being neutral with respect to flow. +A neutral model is used to define that there is no flow through a method. + +.. code-block:: java + + public static void taintflow() { + Instant t = Instant.now(); // There is no flow from now to t. + ... + } + +We need to add a tuple to the ``neutralModel``\(package, type, name, signature, kind, provenance) extensible predicate by updating a data extension file. + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: + - ["java.time", "Instant", "now", "()", "summary", "manual"] + + +Since we are adding a neutral model, we need to add tuples to the ``neutralModel`` extensible predicate. +The first four values identify the callable (in this case a method) to be modeled as a neutral, the fifth value is the kind, and the sixth value is the provenance (origin) of the neutral. + +- The first value ``java.time`` is the package name. +- The second value ``Instant`` is the class (type) name. +- The third value ``now`` is the method name. +- The fourth value ``()`` is the method input type signature. +- The fifth value ``summary`` is the kind of the neutral. +- The sixth value ``manual`` is the provenance of the neutral. diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst deleted file mode 100644 index cbd8d6c1fad..00000000000 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst +++ /dev/null @@ -1,437 +0,0 @@ -.. _customizing-library-models-for-java: - -:orphan: -:nosearch: - -Customizing Library Models for Java and Kotlin -============================================== - -.. include:: ../reusables/beta-note-customizing-library-models.rst - -.. include:: ../reusables/kotlin-beta-note.rst - -The Java/Kotlin analysis can be customized by adding library models (summaries, sinks and sources) in data extension files. -A model is a definition of a behavior of a library element, such as a method, that is used to improve the data flow analysis precision by identifying more results. -Most of the security related queries are taint tracking queries that try to find paths from a source of untrusted input to a sink that represents a vulnerability. Sources are the starting points of a taint tracking data flow analysis, and sinks are the end points of a taint tracking data flow analysis. - -Furthermore, the taint tracking queries also need to know how data can flow through elements that are not included in the source code. These are named summaries: they are models of elements that allow us to synthesize the elements flow behavior without having them in the source code. This is especially helpful when using a third party (or the standard) library. - -The models are defined using data extensions where each tuple constitutes a model. -A data extension file for Java is a YAML file in the form: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: - data: - - - - - - ... - -Data extensions contribute to the extensible predicates defined in the CodeQL library. For more information on how to define data extensions and extensible predicates as well as how to wire them up, see the :ref:`data-extensions` documentation. - -The CodeQL library for Java/Kotlin exposes the following extensible predicates: - -- **sourceModel**\(package, type, subtypes, name, signature, ext, output, kind, provenance). This is used for **source** models. -- **sinkModel**\(package, type, subtypes, name, signature, ext, input, kind, provenance). This is used for **sink** models. -- **summaryModel**\(package, type, subtypes, name, signature, ext, input, output, kind, provenance). This is used for **summary** models. -- **neutralModel**\(package, type, name, signature, kind, provenance). This is used for **neutral** models, which only have minor impact on the data flow analysis. - -The extensible predicates are populated using data extensions specified in YAML files. - -In the sections below, we will provide examples of how to add tuples to the different extensible predicates. -The extensible predicates are used to customize and improve the existing data flow queries, by providing sources, sinks, and flow through (summaries) for library elements. -The :ref:`reference-material` section will provide details on the *mini DSLs* that define models for each extensible predicate. - -Example: Taint sink in the **java.sql** package ------------------------------------------------- - -In this example we will show how to model the argument of the **execute** method as a SQL injection sink. -This is the **execute** method in the **Statement** class, which is located in the **java.sql** package. -Note that this sink is already added to the CodeQL Java/Kotlin analysis. - -.. code-block:: java - - public static void taintsink(Connection conn, String query) throws SQLException { - Statement stmt = conn.createStatement(); - stmt.execute(query); // The argument to this method is a SQL injection sink. - } - -We need to add a tuple to the **sinkModel**\(package, type, subtypes, name, signature, ext, input, kind, provenance) extensible predicate. To do this, add the following to a data extension file: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: sinkModel - data: - - ["java.sql", "Statement", True, "execute", "(String)", "", "Argument[0]", "sql", "manual"] - - -Since we are adding a new sink, we need to add a tuple to the **sinkModel** extensible predicate. -The first five values identify the callable (in this case a method) to be modeled as a sink. - -- The first value **java.sql** is the package name. -- The second value **Statement** is the name of the class (type) that contains the method. -- The third value **True** is a flag that indicates whether or not the sink also applies to all overrides of the method. -- The fourth value **execute** is the method name. -- The fifth value **(String)** is the method input type signature. - -The sixth value should be left empty and is out of scope for this documentation. -The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the sink. - -- The seventh value **Argument[0]** is the **access path** to the first argument passed to the method, which means that this is the location of the sink. -- The eighth value **sql** is the kind of the sink. The sink kind is used to define the queries where the sink is in scope. In this case - the SQL injection queries. -- The ninth value **manual** is the provenance of the sink, which is used to identify the origin of the sink. - -Example: Taint source from the **java.net** package ----------------------------------------------------- -In this example we show how to model the return value from the **getInputStream** method as a **remote** source. -This is the **getInputStream** method in the **Socket** class, which is located in the **java.net** package. -Note that this source is already added to the CodeQL Java/Kotlin analysis. - -.. code-block:: java - - public static void tainted(Socket socket) throws IOException { - InputStream stream = socket.getInputStream(); // The return value of this method is a remote source of taint. - ... - } - -We need to add a tuple to the **sourceModel**\(package, type, subtypes, name, signature, ext, output, kind, provenance) extensible predicate. To do this, add the following to a data extension file: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: sourceModel - data: - - ["java.net", "Socket", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"] - - -Since we are adding a new source, we need to add a tuple to the **sourceModel** extensible predicate. -The first five values identify the callable (in this case a method) to be modeled as a source. - -- The first value **java.net** is the package name. -- The second value **Socket** is the name of the class (type) that contains the source. -- The third value **False** is a flag that indicates whether or not the source also applies to all overrides of the method. -- The fourth value **getInputStream** is the method name. -- The fifth value **()** is the method input type signature. - -The sixth value should be left empty and is out of scope for this documentation. -The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the source. - -- The seventh value **ReturnValue** is the access path to the return of the method, which means that it is the return value that should be considered a source of tainted input. -- The eighth value **remote** is the kind of the source. The source kind is used to define the queries where the source is in scope. **remote** applies to many of the security related queries as it means a remote source of untrusted data. As an example the SQL injection query uses **remote** sources. -- The ninth value **manual** is the provenance of the source, which is used to identify the origin of the source. - -Example: Add flow through the **concat** method ------------------------------------------------- -In this example we show how to model flow through a method for a simple case. -This pattern covers many of the cases where we need to define flow through a method. -Note that the flow through the **concat** method is already added to the CodeQL Java/Kotlin analysis. - -.. code-block:: java - - public static void taintflow(String s1, String s2) { - String t = s1.concat(s2); // There is taint flow from s1 and s2 to t. - ... - } - -We need to add tuples to the **summaryModel**\(package, type, subtypes, name, signature, ext, input, output, kind, provenance) extensible predicate. To do this, add the following to a data extension file: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: summaryModel - data: - - ["java.lang", "String", False, "concat", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - -Reasoning: - -Since we are adding flow through a method, we need to add tuples to the **summaryModel** extensible predicate. -Each tuple defines flow from one argument to the return value. -The first row defines flow from the qualifier (**s1** in the example) to the return value (**t** in the example) and the second row defines flow from the first argument (**s2** in the example) to the return value (**t** in the example). - -The first five values identify the callable (in this case a method) to be modeled as a summary. -These are the same for both of the rows above as we are adding two summaries for the same method. - -- The first value **java.lang** is the package name. -- The second value **String** is the class (type) name. -- The third value **False** is a flag that indicates whether or not the summary also applies to all overrides of the method. -- The fourth value **concat** is the method name. -- The fifth value **(String)** is the method input type signature. - -The sixth value should be left empty and is out of scope for this documentation. -The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the summary. - -- The seventh value is the access path to the input (where data flows from). **Argument[this]** is the access path to the qualifier (**s1** in the example) and **Argument[0]** is the access path to the first argument (**s2** in the example). -- The eighth value **ReturnValue** is the access path to the output (where data flows to), in this case **ReturnValue**, which means that the input flows to the return value. -- The ninth value **taint** is the kind of the flow. **taint** means that taint is propagated through the call. -- The tenth value **manual** is the provenance of the summary, which is used to identify the origin of the summary. - -Example: Add flow through the **map** method ---------------------------------------------- -In this example, we will see a more complex example of modeling flow through a method. -This pattern shows how to model flow through higher order methods and collection types. -Note that the flow through the **map** method is already added to the CodeQL Java/Kotlin analysis. - -.. code-block:: java - - public static void taintflow(Stream s) { - Stream l = s.map(e -> e.concat("\n")); - ... - } - -To do this, add the following to a data extension file: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: summaryModel - data: - - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[this].Element", "Argument[0].Parameter[0]", "value", "manual"] - - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] - - -Since we are adding flow through a method, we need to add tuples to the **summaryModel** extensible predicate. -Each tuple defines part of the flow that comprises the total flow through the **map** method. -The first five values identify the callable (in this case a method) to be modeled as a summary. -These are the same for both of the rows above as we are adding two summaries for the same method. - -- The first value **java.util.stream** is the package name. -- The second value **Stream** is the class (type) name. -- The third value **True** is a flag that indicates whether or not the summary also applies to all overrides of the method. -- The fourth value **map** is the method name. -- The fifth value **Function** is the method input type signature. - -The sixth value should be left empty and is out of scope for this documentation. -The remaining values are used to define the **access path**, the **kind**, and the **provenance** (origin) of the summary definition. - -- The seventh value is the access path to the **input** (where data flows from). -- The eighth value is the access path to the **output** (where data flows to). - -For the first row: - -- The seventh value is **Argument[this].Element**, which is the access path to the elements of the qualifier (the elements of the stream **s** in the example). -- The eight value is **Argument[0].Parameter[0]**, which is the access path to the first parameter of the **Function** argument of **map** (the lambda parameter **e** in the example). - -For the second row: - -- The seventh value is **Argument[0].ReturnValue**, which is the access path to the return value of the **Function** argument of **map** (the return value of the lambda in the example). -- The eighth value is **ReturnValue.Element**, which is the access path to the elements of the return value of **map** (the elements of the stream **l** in the example). - -For the remaining values for both rows: - -- The ninth value **value** is the kind of the flow. **value** means that the value is preserved. -- The tenth value **manual** is the provenance of the summary, which is used to identify the origin of the summary. - -That is, the first row models that there is value flow from the elements of the qualifier stream into the first argument of the function provided to **map** and the second row models that there is value flow from the return value of the function to the elements of the stream returned from **map**. - -Example: Add a **neutral** method ----------------------------------- -In this example we will show how to model the **now** method as being neutral with respect to flow. -A neutral model is used to define that there is no flow through a method. -Note that the neutral model for the **now** method is already added to the CodeQL Java/Kotlin analysis. - -.. code-block:: java - - public static void taintflow() { - Instant t = Instant.now(); // There is no flow from now to t. - ... - } - -We need to add a tuple to the **neutralModel**\(package, type, name, signature, kind, provenance) extensible predicate. To do this, add the following to a data extension file: - -.. code-block:: yaml - - extensions: - - addsTo: - pack: codeql/java-all - extensible: neutralModel - data: - - ["java.time", "Instant", "now", "()", "summary", "manual"] - - -Since we are adding a neutral model, we need to add tuples to the **neutralModel** extensible predicate. -The first four values identify the callable (in this case a method) to be modeled as a neutral, the fifth value is the kind, and the sixth value is the provenance (origin) of the neutral. - -- The first value **java.time** is the package name. -- The second value **Instant** is the class (type) name. -- The third value **now** is the method name. -- The fourth value **()** is the method input type signature. -- The fifth value **summary** is the kind of the neutral. -- The sixth value **manual** is the provenance of the neutral. - -.. _reference-material: - -Reference material ------------------- - -The following sections provide reference material for extensible predicates. -This includes descriptions of each of the arguments (e.g. access paths, kinds and provenance). - -Extensible predicates ---------------------- - -Below is a description of the columns for each extensible predicate. -Sources, sinks, summaries and neutrals are commonly known as models. -The semantics of many of the columns of the extensible predicates are shared. - -The shared columns are: - -- **package**: Name of the package containing the element(s) to be modeled. -- **type**: Name of the type containing the element(s) to be modeled. -- **subtypes**: A boolean flag indicating whether the model should also apply to all overrides of the selected element(s). -- **name**: Name of the element (optional). If this is left blank, it means all elements matching the previous selection criteria. -- **signature**: Type signature of the selected element (optional). If this is left blank, it means all elements matching the previous selection criteria. -- **ext**: Specifies additional API-graph-like edges (mostly empty) and out of scope for this document. -- **provenance**: Provenance (origin) of the model definition. - -The columns **package**, **type**, **subtypes**, **name**, and **signature** are used to select the element(s) that the model applies to. - -The :ref:`access-paths` section describes how access paths are composed. -This is the most complicated part of the extensible predicates and the **mini DSL** for access paths is shared across all extensible predicates. - -sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Taint source. Most taint tracking queries will use all sources added to this extensible predicate regardless of their kind. - -- **output**: Access path to the source, where the possibly tainted data flows from. -- **kind**: Kind of the source. -- **provenance**: Provenance (origin) of the source definition. - -As most sources are used by all taint tracking queries there are only a few different source kinds. -The following source kinds are supported: - -- **remote**: A remote source of possibly tainted data. This is the most common kind for a source. Sources of this kind are used for almost all taint tracking queries. - -Below is an enumeration of the remaining source kinds, but they are out of scope for this documentation: - -- **contentprovider**, **android-external-storage-dir**. - -sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Taint sink. As opposed to source kinds, there are many different kinds of sinks as these tend to be more query specific. - -- **input**: Access path to the sink, where we want to check if tainted data can flow into. -- **kind**: Kind of the sink. - -The following sink kinds are supported: - -- **bean-validation**: A sink that can be used for insecure bean validation, such as in calls to **ConstraintValidatorContext.buildConstraintViolationWithTemplate**. -- **command-injection**: A sink that can be used to inject shell commands, such as in calls to **Runtime.exec**. -- **file-content-store**: A sink that can be used to control the contents of a file, such as in a **Files.write** call. -- **fragment-injection**: A sink that can be used for Android fragment injection, such as in a **FragmentTransaction.replace** call. -- **groovy-injection**: A sink that can be used for Groovy injection, such as in a **GroovyShell.evaluate** call. -- **hostname-verification**: A sink that can be used for unsafe hostname verification, such as in calls to **HttpsURLConnection.setHostnameVerifier**. -- **html-injection**: A sink that can be used for XSS via HTML injection, such as in a **ResponseStream.write** call. -- **information-leak**: A sink that can be used to leak information to an HTTP response, such as in calls to **HttpServletResponse.sendError**. -- **intent-redirection**: A sink that can be used for Android intent redirection, such as in a **Context.startActivity** call. -- **jexl-injection**: A sink that can be used for JEXL expression injection, such as in a **JexlExpression.evaluate** call. -- **jndi-injection**: A sink that can be used for JNDI injection, such as in a **Context.lookup** call. -- **js-injection**: A sink that can be used for XSS via JavaScript injection, such as in a **Webview.evaluateJavaScript** call. -- **ldap-injection**: A sink that can be used for LDAP injection, such as in a **DirContext.search** call. -- **log-injection**: A sink that can be used for log injection, such as in a **Logger.warn** call. -- **mvel-injection**: A sink that can be used for MVEL expression injection, such as in a **MVEL.eval** call. -- **ognl-injection**: A sink that can be used for OGNL injection, such as in an **Ognl.getValue** call. -- **path-injection**: A sink that can be used for path injection in a file system access, such as in calls to **new FileReader**. -- **pending-intents**: A sink that can be used to send an implicit and mutable `PendingIntent` to a third party, such as in an **Activity.setResult** call. -- **request-forgery**: A sink that controls the URL of a request, such as in an **HttpRequest.newBuilder** call. -- **response-splitting**: A sink that can be used for HTTP response splitting, such as in calls to **HttpServletResponse.setHeader**. -- **sql-injection**: A sink that can be used for SQL injection, such as in a **Statement.executeQuery** call. -- **template-injection**: A sink that can be used for server side template injection, such as in a **Velocity.evaluate** call. -- **trust-boundary-violation**: A sink that can be used to cross a trust boundary, such as in a **HttpSession.setAttribute** call. -- **url-redirection**: A sink that can be used to redirect the user to a malicious URL, such as in a **Response.temporaryRedirect** call. -- **xpath-injection**: A sink that can be used for XPath injection, such as in a **XPath.evaluate** call. -- **xslt-injection**: A sink that can be used for XSLT injection, such as in a **Transformer.transform** call. - -summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Flow through (summary). This extensible predicate is used to model flow through elements. - -- **input**: Access path to the input of the element (where data will flow from to the output). -- **output**: Access path to the output of the element (where data will flow to from the input). -- **kind**: Kind of the flow through. -- **provenance**: Provenance (origin) of the flow through. - -The following kinds are supported: - -- **taint**: This means the output is not necessarily equal to the input, but it was derived from the input in an unrestrictive way. An attacker who controls the input will have significant control over the output as well. -- **value**: This means that the output equals the input or a copy of the input such that all of its properties are preserved. - -neutralModel(package, type, name, signature, kind, provenance) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This extensible predicate is not typically needed externally, but included here for completeness. -It only has minor impact on the data flow analysis. -Manual neutrals are considered high confidence dispatch call targets and can reduce the number of dispatch call targets during data flow analysis (a performance optimization). - -- **kind**: Kind of the neutral. For neutrals the kind can be **summary**, **source**, or **sink** to indicate that the callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink). -- **provenance**: Provenance (origin) of the flow through. - -.. _access-paths: - -Access paths ------------- -The **input**, and **output** columns consist of a **.**-separated list of components, which is evaluated from left to right, with each step selecting a new set of values derived from the previous set of values. - -The following components are supported: - -- **Argument[**\ `n`\ **]** selects the argument at index `n` (zero-indexed). -- **Argument[**\ `this`\ **]** selects the qualifier (instance parameter). -- **Argument[**\ `n1..n2`\ **]** selects the arguments in the given range (both ends included). -- **Parameter[**\ `n`\ **]** selects the parameter at index `n` (zero-indexed). -- **Parameter[**\ `n1..n2`\ **]** selects the parameters in the given range (both ends included). -- **ReturnValue** selects the return value. -- **Field[**\ `name`\ **]** selects the field with the fully qualified name `name`. -- **SyntheticField[**\ `name`\ **]** selects the synthetic field with name `name`. -- **SyntheticGlobal[**\ `name`\ **]** selects the synthetic global with name `name`. -- **ArrayElement** selects the elements of an array. -- **Element** selects the elements of a collection-like container. -- **WithoutElement** selects a collection-like container without its elements. This is for input only. -- **WithElement** selects the elements of a collection-like container, but points to the container itself. This is for input only. -- **MapKey** selects the element keys of a map. -- **MapValue** selects the element values of a map. - -Provenance ----------- - -The **provenance** column is used to specify the provenance (origin) of the model definition and how the model was verified. -The following values are supported: - -- **manual**: The model was manually created and added to the extensible predicate. - -or values in the form **origin-verification**, where origin is one of: - -- **ai**: The model was generated by AI. -- **df**: The model was generated by the dataflow model generator. -- **tb**: The model was generated by the type based model generator. -- **hq**: The model was generated using a heuristic query. - -and verification is one of: - -- **manual**: The model was verified by a human. -- **generated**: The model was generated, but not verified by a human. - -The provenance is used to distinguish between models that are manually added (or verified) to the extensible predicate and models that are automatically generated. -Furthermore, it impacts the data flow analysis in the following way: - -- A **manual** model takes precedence over **generated** models. If a **manual** model exists for an element then all **generated** models are ignored. -- A **generated** model is ignored during analysis, if the source code of the element it is modeling is available. - -That is, generated models are less trusted than manual models and only used if neither source code nor a manual model is available. - - -.. include:: ../reusables/data-extensions.rst diff --git a/docs/codeql/codeql-language-guides/extensible-predicates.rst b/docs/codeql/codeql-language-guides/extensible-predicates.rst new file mode 100644 index 00000000000..2ef077fe056 --- /dev/null +++ b/docs/codeql/codeql-language-guides/extensible-predicates.rst @@ -0,0 +1,183 @@ +.. _extensible-predicates: + +:orphan: +:nosearch: + +Extensible predicates and their interaction with data extensions +================================================================ + +You can use data extensions to model the methods and callables that control dataflow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries. + +.. include:: ../reusables/beta-note-model-packs-java.rst + +About this article +------------------ + +This reference article describes the available inputs for the extensible predicates, including access paths, kinds, and provenance. + +Sources, sinks, summaries, and neutrals are commonly known as models. These models support several shared arguments and a few model-specific arguments. The arguments populate a series of columns for each extensible predicate. + +About extensible predicates +--------------------------- + +At a high level, there are two main components to using data extensions. The query writer defines one or more extensible predicates in their query libraries. CLI and code scanning users who want to augment these predicates supply one or more extension files whose data gets injected into the extensible predicate during evaluation. The extension files are either stored directly in the repository where the codebase to be analyzed is hosted, or downloaded as CodeQL model packs. + +This example of an extensible predicate for a source is taken from the core Java libraries https://github.com/github/codeql/blob/main/java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll#L8-L11 + +.. code-block:: ql + + extensible predicate sourceModel( + string package, string type, boolean subtypes, string name, + string signature, string ext, string output, string kind, + string provenance + ); + +An extensible predicate is a CodeQL predicate with the following restrictions: + +- It uses the ``extensible`` keyword. +- It has no body. +- All predicate parameters have primitive types. +- It is not in a module. + +Columns shared by all extensible predicates +------------------------------------------- + +The semantics of many of the columns of the extensible predicates are shared. The columns ``package``, ``type``, ``subtypes``, ``name``, and ``signature`` define which element(s) the model applies to. + +- ``package``: Name of the package containing the element(s) to be modeled. +- ``type``: Name of the type containing the element(s) to be modeled. +- ``subtypes``: A boolean flag indicating whether the model should also apply to all overrides of the selected element(s). +- ``name``: Name of the element (optional). If this is left blank, it means all elements matching the previous selection criteria. +- ``signature``: Type signature of the selected element (optional). If this is left blank, it means all elements matching the previous selection criteria. +- ``ext``: Specifies additional API-graph-like edges (mostly empty) and out of scope for this document. +- ``provenance``: Provenance (origin) of the model definition. For more information, see ":ref:`provenance`." + +The sematics for access paths are also common to all extensible predicates. For more information, see ":ref:`access-paths`." + +sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) +------------------------------------------------------------------------------------ + +Taint source. Most taint tracking queries will use all sources added to this extensible predicate regardless of their kind. + +- ``output``: Access path to the source, where the possibly tainted data flows from. +- ``kind``: Kind of the source. + +As most sources are used by all taint tracking queries there are only a few different source kinds. +The following source kinds are supported: + +- ``remote``: A remote source of possibly tainted data. This is the most common kind for a source. Sources of this kind are used for almost all taint tracking queries. +- ``contentprovider``, ``android-external-storage-dir``: These kinds are also supported but usage is advanced. + +sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) +--------------------------------------------------------------------------------- + +Taint sink. As opposed to source kinds, there are many different kinds of sinks as these tend to be more query specific. + +- ``input``: Access path to the sink, where we want to check if tainted data can flow into. +- ``kind``: Kind of the sink. + +The following sink kinds are supported: + +- ``bean-validation``: A sink that can be used for insecure bean validation, such as in calls to ``ConstraintValidatorContext.buildConstraintViolationWithTemplate``. +- ``command-injection``: A sink that can be used to inject shell commands, such as in calls to ``Runtime.exec``. +- ``file-content-store``: A sink that can be used to control the contents of a file, such as in a ``Files.write`` call. +- ``fragment-injection``: A sink that can be used for Android fragment injection, such as in a ``FragmentTransaction.replace`` call. +- ``groovy-injection``: A sink that can be used for Groovy injection, such as in a ``GroovyShell.evaluate`` call. +- ``hostname-verification``: A sink that can be used for unsafe hostname verification, such as in calls to ``HttpsURLConnection.setHostnameVerifier``. +- ``html-injection``: A sink that can be used for XSS via HTML injection, such as in a ``ResponseStream.write`` call. +- ``information-leak``: A sink that can be used to leak information to an HTTP response, such as in calls to ``HttpServletResponse.sendError``. +- ``intent-redirection``: A sink that can be used for Android intent redirection, such as in a ``Context.startActivity`` call. +- ``jexl-injection``: A sink that can be used for JEXL expression injection, such as in a ``JexlExpression.evaluate`` call. +- ``jndi-injection``: A sink that can be used for JNDI injection, such as in a ``Context.lookup`` call. +- ``js-injection``: A sink that can be used for XSS via JavaScript injection, such as in a ``Webview.evaluateJavaScript`` call. +- ``ldap-injection``: A sink that can be used for LDAP injection, such as in a ``DirContext.search`` call. +- ``log-injection``: A sink that can be used for log injection, such as in a ``Logger.warn`` call. +- ``mvel-injection``: A sink that can be used for MVEL expression injection, such as in a ``MVEL.eval`` call. +- ``ognl-injection``: A sink that can be used for OGNL injection, such as in an ``Ognl.getValue`` call. +- ``path-injection``: A sink that can be used for path injection in a file system access, such as in calls to ``new FileReader``. +- ``pending-intents``: A sink that can be used to send an implicit and mutable `PendingIntent` to a third party, such as in an ``Activity.setResult`` call. +- ``request-forgery``: A sink that controls the URL of a request, such as in an ``HttpRequest.newBuilder`` call. +- ``response-splitting``: A sink that can be used for HTTP response splitting, such as in calls to ``HttpServletResponse.setHeader``. +- ``sql-injection``: A sink that can be used for SQL injection, such as in a ``Statement.executeQuery`` call. +- ``template-injection``: A sink that can be used for server-side template injection, such as in a ``Velocity.evaluate`` call. +- ``trust-boundary-violation``: A sink that can be used to cross a trust boundary, such as in a ``HttpSession.setAttribute`` call. +- ``url-redirection``: A sink that can be used to redirect the user to a malicious URL, such as in a ``Response.temporaryRedirect`` call. +- ``xpath-injection``: A sink that can be used for XPath injection, such as in a ``XPath.evaluate`` call. +- ``xslt-injection``: A sink that can be used for XSLT injection, such as in a ``Transformer.transform`` call. + +summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) +-------------------------------------------------------------------------------------------- + +Flow through (summary). This extensible predicate is used to model flow through elements. + +- ``input``: Access path to the input of the element (where data will flow from to the output). +- ``output``: Access path to the output of the element (where data will flow to from the input). +- ``kind``: Kind of the flow through. + +The following kinds are supported: + +- ``taint``: This means the output is not necessarily equal to the input, but it was derived from the input in an unrestrictive way. An attacker who controls the input will have significant control over the output as well. +- ``value``: This means that the output equals the input or a copy of the input such that all of its properties are preserved. + +neutralModel(package, type, name, signature, kind, provenance) +-------------------------------------------------------------- + +This extensible predicate is not typically needed externally, but is included here for completeness. +It has limited impact on dataflow analysis. +Manual neutrals are considered high-confidence dispatch call targets and can reduce the number of dispatch call targets during dataflow analysis (a performance optimization). + +- ``kind``: Kind of the neutral. For neutrals the kind can be ``summary``, ``source``, or ``sink`` to indicate that the callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink). + +.. _access-paths: + +Access paths +------------ +The ``input``, and ``output`` columns consist of a ``.``-separated list of components, which is evaluated from left to right, with each step selecting a new set of values derived from the previous set of values. + +The following components are supported: + +- ``Argument[``\ `n`\ ``]`` selects the argument at index `n` (zero-indexed). +- ``Argument[``\ `this`\ ``]`` selects the qualifier (instance parameter). +- ``Argument[``\ `n1..n2`\ ``]`` selects the arguments in the given range (both ends included). +- ``Parameter[``\ `n`\ ``]`` selects the parameter at index `n` (zero-indexed). +- ``Parameter[``\ `n1..n2`\ ``]`` selects the parameters in the given range (both ends included). +- ``ReturnValue`` selects the return value. +- ``Field[``\ `name`\ ``]`` selects the field with the fully qualified name `name`. +- ``SyntheticField[``\ `name`\ ``]`` selects the synthetic field with name `name`. +- ``SyntheticGlobal[``\ `name`\ ``]`` selects the synthetic global with name `name`. +- ``ArrayElement`` selects the elements of an array. +- ``Element`` selects the elements of a collection-like container. +- ``WithoutElement`` selects a collection-like container without its elements. This is for input only. +- ``WithElement`` selects the elements of a collection-like container, but points to the container itself. This is for input only. +- ``MapKey`` selects the element keys of a map. +- ``MapValue`` selects the element values of a map. + +.. _provenance: + +Provenance +---------- + +The ``provenance`` column is used to specify the provenance (origin) of the model definition and how the model was verified. +The following values are supported. + +- ``manual``: The model was manually created and added to the extensible predicate. + +Values can also take the form ``ORIGIN-VERIFICATION``, where ``ORIGIN`` is one of: + +- ``ai``: The model was generated by artificial intelligence (AI). +- ``df``: The model was generated by the dataflow model generator. +- ``tb``: The model was generated by the type based model generator. +- ``hq``: The model was generated using a heuristic query. + +And ``VERIFICATION`` is one of: + +- ``manual``: The model was verified by a human. +- ``generated``: The model was generated, but not verified by a human. + +The provenance is used to distinguish between models that are manually added (or verified) to the extensible predicate and models that are automatically generated. +Furthermore, it impacts the dataflow analysis in the following way: + +- A ``manual`` model takes precedence over ``generated`` models. If a ``manual`` model exists for an element then all ``generated`` models are ignored. +- A ``generated`` model is ignored during analysis, if the source code of the element it is modeling is available. + +That is, generated models are less trusted than manual models and only used if neither source code nor a manual model is available. diff --git a/docs/codeql/codeql-overview/codeql-glossary.rst b/docs/codeql/codeql-overview/codeql-glossary.rst index 458651e3693..f86b5346e2c 100644 --- a/docs/codeql/codeql-overview/codeql-glossary.rst +++ b/docs/codeql/codeql-overview/codeql-glossary.rst @@ -34,6 +34,19 @@ A database (or CodeQL database) is a directory containing: - log files generated during database creation, query execution, and other operations. +.. _codeql-packs: + +CodeQL packs +------------ + +CodeQL packs are used to create, share, depend on, and run CodeQL queries, libraries, and models. You can publish your own CodeQL packs and download packs created by others. CodeQL query packs may contain queries, library files, query suites, and metadata. CodeQL library packs include one or more CodeQL libraries. CodeQL model packs include one or more data extension files that extend the core libraries by modeling additional libraries and frameworks (dependencies of your code base). + +.. _data-extensions: + +Data extensions +--------------- +When you want to model the sources and sinks of a custom dependency, you can create a CodeQL library (``.qll`` file) and write queries that use it, but it's usually much simpler to create a data extension file. If you model the sources and sinks in data extension, you can use this information to expand the standard queries to cover your custom dependencies. You don't need to write any new queries. + .. _dil: DIL diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png new file mode 100644 index 00000000000..b319918e891 Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode-expanded.png differ diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png new file mode 100644 index 00000000000..b2ecaaf8050 Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/model-application-mode.png differ diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png new file mode 100644 index 00000000000..2528ee9ed0b Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode-expanded.png differ diff --git a/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png new file mode 100644 index 00000000000..033a133b1ed Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/model-dependency-mode.png differ diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 7a61d87cf65..2cc2e2b6685 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -2052,6 +2052,10 @@ The following built-in predicates are members of type ``string``: +----------------------+-------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | ``trim`` | string | | The result is the receiver with all whitespace removed from the beginning and end of the string. | +----------------------+-------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``codePointAt`` | int | int | The result is the unicode code point at the index given by the argument. | ++----------------------+-------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| ``codePointCount`` | int | int, int | The result is the number of unicode code points in the receiver between the given indices. | ++----------------------+-------------+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Regular expressions are as defined by ``java.util.regex.Pattern`` in Java. For more information, see the `Java API Documentation `__. diff --git a/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst new file mode 100644 index 00000000000..161a837d71a --- /dev/null +++ b/docs/codeql/reusables/beta-note-model-pack-editor-vsc.rst @@ -0,0 +1,5 @@ +.. pull-quote:: + + Note + + The CodeQL model editor and CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL extension for Visual Studio Code. diff --git a/docs/codeql/reusables/beta-note-model-packs-java.rst b/docs/codeql/reusables/beta-note-model-packs-java.rst new file mode 100644 index 00000000000..049621a57f7 --- /dev/null +++ b/docs/codeql/reusables/beta-note-model-packs-java.rst @@ -0,0 +1,5 @@ +.. pull-quote:: + + Note + + CodeQL model packs are currently in beta and subject to change. During the beta, model packs are supported only by Java/Kotlin analysis. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. diff --git a/docs/codeql/reusables/beta-note-package-management.rst b/docs/codeql/reusables/beta-note-package-management.rst index 7697c9a47d9..51e1fd225e4 100644 --- a/docs/codeql/reusables/beta-note-package-management.rst +++ b/docs/codeql/reusables/beta-note-package-management.rst @@ -2,4 +2,4 @@ Note - The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. + The CodeQL package management functionality, including all types of CodeQL pack, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases. diff --git a/docs/codeql/reusables/cpp-new-dataflow-api-note.rst b/docs/codeql/reusables/cpp-new-dataflow-api-note.rst new file mode 100644 index 00000000000..a267ab20a02 --- /dev/null +++ b/docs/codeql/reusables/cpp-new-dataflow-api-note.rst @@ -0,0 +1,3 @@ +.. pull-quote:: Note + + The data flow library described here is available from CodeQL 2.12.5 onwards. With the release of CodeQL 2.13.0 the library uses the new modular API for data flow. For information on the previous version of the library, see :ref:`Analyzing data flow in C and C++ ` and for information about the new modular API and how to migrate any existing queries to the updated data flow library, see `New dataflow API for CodeQL query writing `__. \ No newline at end of file diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 4019f4fa360..135687e983c 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -16,7 +16,7 @@ .NET Core up to 3.1 .NET 5, .NET 6, .NET 7","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" - Go (aka Golang), "Go up to 1.20", "Go 1.11 or more recent", ``.go`` + Go (aka Golang), "Go up to 1.21", "Go 1.11 or more recent", ``.go`` Java,"Java 7 to 20 [4]_","javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [5]_",``.java`` diff --git a/docs/prepare-db-upgrade.md b/docs/prepare-db-upgrade.md index 8828e4acb4f..7b0a1c6fe48 100644 --- a/docs/prepare-db-upgrade.md +++ b/docs/prepare-db-upgrade.md @@ -142,3 +142,7 @@ cp ql/lib/.dbscheme ql/lib/upgrades/454f1e15151422355049dc4f1f0486a03bae ``` 4. Put a copy of the `.dbscheme` from `main` in that directory and create an `upgrade.properties` file that performs the downgrade (as described above). + +### Debugging your scripts + +Database upgrade/downgrade may fail for several reasons. To find out the exact issue it is recommended to rerun the `codeql test run` commands from above in a verbose mode, e.g. `codeql test run -vvvv ...`. diff --git a/go/Makefile b/go/Makefile index 4cacb3bfc21..24688cce942 100644 --- a/go/Makefile +++ b/go/Makefile @@ -32,7 +32,12 @@ autoformat: find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -w check-formatting: - test -z "$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l)" + @output=$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l 2>&1); \ + if [ -n "$$output" ]; then \ + echo "The following files need to be reformatted using gofmt or have compilation errors:"; \ + echo "$$output"; \ + fi; \ + test -z "$$output" ifeq ($(QHELP_OUT_DIR),) # If not otherwise specified, compile qhelp to markdown in place @@ -46,7 +51,7 @@ tools: $(addsuffix $(EXE),$(addprefix tools/bin/,$(BINARIES))) tools/tokenizer.j .PHONY: $(addsuffix $(EXE),$(addprefix tools/bin/,$(BINARIES))) $(addsuffix $(EXE),$(addprefix tools/bin/,$(BINARIES))): - go build -mod=vendor -o $@ ./extractor/cli/$(basename $(@F)) + go build -C extractor -mod=vendor -o ../$@ ./cli/$(basename $(@F)) tools-codeql: tools-$(CODEQL_PLATFORM) @@ -56,19 +61,19 @@ tools-linux64: $(addprefix tools/linux64/,$(BINARIES)) .PHONY: $(addprefix tools/linux64/,$(BINARIES)) $(addprefix tools/linux64/,$(BINARIES)): - GOOS=linux GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(@F) + GOOS=linux GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@ ./cli/$(@F) tools-osx64: $(addprefix tools/osx64/,$(BINARIES)) .PHONY: $(addprefix tools/osx64/,$(BINARIES)) $(addprefix tools/osx64/,$(BINARIES)): - GOOS=darwin GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(@F) + GOOS=darwin GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@ ./cli/$(@F) tools-win64: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))) .PHONY: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))) $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))): - env GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(@F)) + env GOOS=windows GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@ ./cli/$(basename $(@F)) .PHONY: extractor-common extractor extractor-full extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \ diff --git a/go/documentation/library-coverage/coverage.csv b/go/documentation/library-coverage/coverage.csv new file mode 100644 index 00000000000..43379c6ba34 --- /dev/null +++ b/go/documentation/library-coverage/coverage.csv @@ -0,0 +1,96 @@ +package,source,summary,source:remote,summary:taint,summary:value +,,2,,,2 +archive/tar,,5,,5, +archive/zip,,6,,6, +bufio,,17,,17, +bytes,,43,,43, +compress/bzip2,,1,,1, +compress/flate,,4,,4, +compress/gzip,,3,,3, +compress/lzw,,1,,1, +compress/zlib,,4,,4, +container/heap,,5,,5, +container/list,,20,,20, +container/ring,,5,,5, +context,,5,,5, +crypto,,1,,1, +crypto/cipher,,3,,3, +crypto/rsa,,2,,2, +crypto/tls,,3,,3, +crypto/x509,,1,,1, +database/sql,,7,,7, +database/sql/driver,,4,,4, +encoding,,4,,4, +encoding/ascii85,,2,,2, +encoding/asn1,,8,,8, +encoding/base32,,3,,3, +encoding/base64,,3,,3, +encoding/binary,,2,,2, +encoding/csv,,5,,5, +encoding/gob,,7,,7, +encoding/hex,,3,,3, +encoding/json,,14,,14, +encoding/pem,,3,,3, +encoding/xml,,23,,23, +errors,,3,,3, +expvar,,6,,6, +fmt,,5,,5, +github.com/astaxie/beego,,7,,7, +github.com/astaxie/beego/context,,1,,1, +github.com/astaxie/beego/utils,,13,,13, +github.com/beego/beego/core/utils,,13,,13, +github.com/beego/beego/server/web,,7,,7, +github.com/beego/beego/server/web/context,,1,,1, +github.com/couchbase/gocb,,18,,18, +github.com/couchbaselabs/gocb,,18,,18, +github.com/elazarl/goproxy,,2,,2, +github.com/evanphx/json-patch,,12,,12, +github.com/gin-gonic/gin,,2,,2, +github.com/go-pg/pg/$ANYVERSION/orm,,6,,6, +github.com/golang/protobuf/$ANYVERSION/proto,,4,,4, +github.com/json-iterator/go,,4,,4, +github.com/labstack/echo,,2,,2, +github.com/revel/revel,,10,,10, +github.com/robfig/revel,,10,,10, +github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail,,1,,1, +go.uber.org/zap,,11,,11, +golang.org/x/net/$ANYVERSION/html,,16,,16, +golang.org/x/net/context,,5,,5, +google.golang.org/protobuf/$ANYVERSION/internal/encoding/text,,1,,1, +google.golang.org/protobuf/$ANYVERSION/internal/impl,,2,,2, +google.golang.org/protobuf/$ANYVERSION/proto,,8,,8, +google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect,,1,,1, +gopkg.in/couchbase/gocb,,18,,18, +gopkg.in/macaron,,1,,1, +gopkg.in/yaml,,9,,9, +html,,2,,2, +html/template,,6,,6, +io,,19,,19, +io/fs,,12,,12, +io/ioutil,,2,,2, +k8s.io/api/core,,10,,10, +k8s.io/apimachinery/$ANYVERSION/pkg/runtime,,47,,47, +log,,3,,3, +mime,,5,,5, +mime/multipart,,8,,8, +mime/quotedprintable,,1,,1, +net,,20,,20, +net/http,8,22,8,22, +net/http/httputil,,10,,10, +net/mail,,6,,6, +net/textproto,,19,,19, +net/url,,23,,23, +os,,4,,4, +path,,5,,5, +path/filepath,,13,,13, +reflect,,37,,37, +regexp,,20,,20, +sort,,1,,1, +strconv,,9,,9, +strings,,34,,34, +sync,,10,,10, +sync/atomic,,24,,24, +syscall,,8,,8, +text/scanner,,3,,3, +text/tabwriter,,1,,1, +text/template,,6,,6, diff --git a/go/documentation/library-coverage/coverage.rst b/go/documentation/library-coverage/coverage.rst new file mode 100644 index 00000000000..e65665b5ef3 --- /dev/null +++ b/go/documentation/library-coverage/coverage.rst @@ -0,0 +1,12 @@ +Go framework & library support +================================ + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + + Framework / library,Package,Flow sources,Taint & value steps,Sinks (total) + Others,"````, ``archive/tar``, ``archive/zip``, ``bufio``, ``bytes``, ``compress/bzip2``, ``compress/flate``, ``compress/gzip``, ``compress/lzw``, ``compress/zlib``, ``container/heap``, ``container/list``, ``container/ring``, ``context``, ``crypto``, ``crypto/cipher``, ``crypto/rsa``, ``crypto/tls``, ``crypto/x509``, ``database/sql``, ``database/sql/driver``, ``encoding``, ``encoding/ascii85``, ``encoding/asn1``, ``encoding/base32``, ``encoding/base64``, ``encoding/binary``, ``encoding/csv``, ``encoding/gob``, ``encoding/hex``, ``encoding/json``, ``encoding/pem``, ``encoding/xml``, ``errors``, ``expvar``, ``fmt``, ``github.com/astaxie/beego``, ``github.com/astaxie/beego/context``, ``github.com/astaxie/beego/utils``, ``github.com/beego/beego/core/utils``, ``github.com/beego/beego/server/web``, ``github.com/beego/beego/server/web/context``, ``github.com/couchbase/gocb``, ``github.com/couchbaselabs/gocb``, ``github.com/elazarl/goproxy``, ``github.com/evanphx/json-patch``, ``github.com/gin-gonic/gin``, ``github.com/go-pg/pg/$ANYVERSION/orm``, ``github.com/golang/protobuf/$ANYVERSION/proto``, ``github.com/json-iterator/go``, ``github.com/labstack/echo``, ``github.com/revel/revel``, ``github.com/robfig/revel``, ``github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail``, ``go.uber.org/zap``, ``golang.org/x/net/$ANYVERSION/html``, ``golang.org/x/net/context``, ``google.golang.org/protobuf/$ANYVERSION/internal/encoding/text``, ``google.golang.org/protobuf/$ANYVERSION/internal/impl``, ``google.golang.org/protobuf/$ANYVERSION/proto``, ``google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect``, ``gopkg.in/couchbase/gocb``, ``gopkg.in/macaron``, ``gopkg.in/yaml``, ``html``, ``html/template``, ``io``, ``io/fs``, ``io/ioutil``, ``k8s.io/api/core``, ``k8s.io/apimachinery/$ANYVERSION/pkg/runtime``, ``log``, ``mime``, ``mime/multipart``, ``mime/quotedprintable``, ``net``, ``net/http``, ``net/http/httputil``, ``net/mail``, ``net/textproto``, ``net/url``, ``os``, ``path``, ``path/filepath``, ``reflect``, ``regexp``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/atomic``, ``syscall``, ``text/scanner``, ``text/tabwriter``, ``text/template``",8,826, + Totals,,8,826, + diff --git a/go/documentation/library-coverage/cwe-sink.csv b/go/documentation/library-coverage/cwe-sink.csv new file mode 100644 index 00000000000..2e9c942ba80 --- /dev/null +++ b/go/documentation/library-coverage/cwe-sink.csv @@ -0,0 +1 @@ +CWE,Sink identifier,Label diff --git a/go/documentation/library-coverage/frameworks.csv b/go/documentation/library-coverage/frameworks.csv new file mode 100644 index 00000000000..30e2f348f41 --- /dev/null +++ b/go/documentation/library-coverage/frameworks.csv @@ -0,0 +1 @@ +Framework name,URL,Package prefixes diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 0b1011db866..1523cdec8f2 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -61,11 +61,19 @@ var goVersion = "" // Returns the current Go version as returned by 'go version', e.g. go1.14.4 func getEnvGoVersion() string { if goVersion == "" { - gover, err := exec.Command("go", "version").CombinedOutput() + // Since Go 1.21, running 'go version' in a directory with a 'go.mod' file will attempt to + // download the version of Go specified in there. That may either fail or result in us just + // being told what's already in 'go.mod'. Setting 'GOTOOLCHAIN' to 'local' will force it + // to use the local Go toolchain instead. + cmd := exec.Command("go", "version") + cmd.Env = append(os.Environ(), "GOTOOLCHAIN=local") + out, err := cmd.CombinedOutput() + if err != nil { log.Fatalf("Unable to run the go command, is it installed?\nError: %s", err.Error()) } - goVersion = parseGoVersion(string(gover)) + + goVersion = parseGoVersion(string(out)) } return goVersion } @@ -367,10 +375,17 @@ func getDepMode(emitDiagnostics bool) (DependencyInstallerMode, string) { return GoGetNoModules, "." } +type GoVersionInfo struct { + // The version string, if any + Version string + // A value indicating whether a version string was found + Found bool +} + // Tries to open `go.mod` and read a go directive, returning the version and whether it was found. -func tryReadGoDirective(buildInfo BuildInfo) (string, bool) { +func tryReadGoDirective(buildInfo BuildInfo) GoVersionInfo { if buildInfo.DepMode == GoGetWithModules { - versionRe := regexp.MustCompile(`(?m)^go[ \t\r]+([0-9]+\.[0-9]+)$`) + versionRe := regexp.MustCompile(`(?m)^go[ \t\r]+([0-9]+\.[0-9]+(\.[0-9]+)?)$`) goMod, err := os.ReadFile(filepath.Join(buildInfo.BaseDir, "go.mod")) if err != nil { log.Println("Failed to read go.mod to check for missing Go version") @@ -378,12 +393,12 @@ func tryReadGoDirective(buildInfo BuildInfo) (string, bool) { matches := versionRe.FindSubmatch(goMod) if matches != nil { if len(matches) > 1 { - return string(matches[1]), true + return GoVersionInfo{string(matches[1]), true} } } } } - return "", false + return GoVersionInfo{"", false} } // Returns the appropriate ModMode for the current project @@ -771,13 +786,15 @@ func installDependenciesAndBuild() { os.Setenv("GO111MODULE", "auto") } - goModVersion, goModVersionFound := tryReadGoDirective(buildInfo) + goVersionInfo := tryReadGoDirective(buildInfo) - if goModVersionFound && semver.Compare("v"+goModVersion, getEnvGoSemVer()) > 0 { + // This diagnostic is not required if the system Go version is 1.21 or greater, since the + // Go tooling should install required Go versions as needed. + if semver.Compare(getEnvGoSemVer(), "v1.21.0") < 0 && goVersionInfo.Found && semver.Compare("v"+goVersionInfo.Version, getEnvGoSemVer()) > 0 { diagnostics.EmitNewerGoVersionNeeded() } - fixGoVendorIssues(&buildInfo, goModVersionFound) + fixGoVendorIssues(&buildInfo, goVersionInfo.Found) tryUpdateGoModAndGoSum(buildInfo) @@ -1092,7 +1109,8 @@ func isGoInstalled() bool { func identifyEnvironment() { var v versionInfo buildInfo := getBuildInfo(false) - v.goModVersion, v.goModVersionFound = tryReadGoDirective(buildInfo) + goVersionInfo := tryReadGoDirective(buildInfo) + v.goModVersion, v.goModVersionFound = goVersionInfo.Version, goVersionInfo.Found v.goEnvVersionFound = isGoInstalled() if v.goEnvVersionFound { diff --git a/go/extractor/go.mod b/go/extractor/go.mod new file mode 100644 index 00000000000..bd988f818d2 --- /dev/null +++ b/go/extractor/go.mod @@ -0,0 +1,10 @@ +module github.com/github/codeql-go/extractor + +go 1.21 + +require ( + golang.org/x/mod v0.13.0 + golang.org/x/tools v0.14.0 +) + +require golang.org/x/sys v0.13.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum new file mode 100644 index 00000000000..2f975f56f3b --- /dev/null +++ b/go/extractor/go.sum @@ -0,0 +1,8 @@ +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= diff --git a/go/vendor/golang.org/x/mod/LICENSE b/go/extractor/vendor/golang.org/x/mod/LICENSE similarity index 100% rename from go/vendor/golang.org/x/mod/LICENSE rename to go/extractor/vendor/golang.org/x/mod/LICENSE diff --git a/go/vendor/golang.org/x/mod/PATENTS b/go/extractor/vendor/golang.org/x/mod/PATENTS similarity index 100% rename from go/vendor/golang.org/x/mod/PATENTS rename to go/extractor/vendor/golang.org/x/mod/PATENTS diff --git a/go/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go b/go/extractor/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go similarity index 100% rename from go/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go rename to go/extractor/vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go diff --git a/go/vendor/golang.org/x/mod/modfile/print.go b/go/extractor/vendor/golang.org/x/mod/modfile/print.go similarity index 100% rename from go/vendor/golang.org/x/mod/modfile/print.go rename to go/extractor/vendor/golang.org/x/mod/modfile/print.go diff --git a/go/vendor/golang.org/x/mod/modfile/read.go b/go/extractor/vendor/golang.org/x/mod/modfile/read.go similarity index 100% rename from go/vendor/golang.org/x/mod/modfile/read.go rename to go/extractor/vendor/golang.org/x/mod/modfile/read.go diff --git a/go/vendor/golang.org/x/mod/modfile/rule.go b/go/extractor/vendor/golang.org/x/mod/modfile/rule.go similarity index 99% rename from go/vendor/golang.org/x/mod/modfile/rule.go rename to go/extractor/vendor/golang.org/x/mod/modfile/rule.go index 930b6c59bc9..e0869fa3868 100644 --- a/go/vendor/golang.org/x/mod/modfile/rule.go +++ b/go/extractor/vendor/golang.org/x/mod/modfile/rule.go @@ -367,7 +367,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a } } if !fixed { - errorf("invalid go version '%s': must match format 1.23", args[0]) + errorf("invalid go version '%s': must match format 1.23.0", args[0]) return } } @@ -384,7 +384,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a errorf("toolchain directive expects exactly one argument") return } else if strict && !ToolchainRE.MatchString(args[0]) { - errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0]) + errorf("invalid toolchain version '%s': must match format go1.23.0 or local", args[0]) return } f.Toolchain = &Toolchain{Syntax: line} diff --git a/go/vendor/golang.org/x/mod/modfile/work.go b/go/extractor/vendor/golang.org/x/mod/modfile/work.go similarity index 100% rename from go/vendor/golang.org/x/mod/modfile/work.go rename to go/extractor/vendor/golang.org/x/mod/modfile/work.go diff --git a/go/vendor/golang.org/x/mod/module/module.go b/go/extractor/vendor/golang.org/x/mod/module/module.go similarity index 100% rename from go/vendor/golang.org/x/mod/module/module.go rename to go/extractor/vendor/golang.org/x/mod/module/module.go diff --git a/go/vendor/golang.org/x/mod/module/pseudo.go b/go/extractor/vendor/golang.org/x/mod/module/pseudo.go similarity index 100% rename from go/vendor/golang.org/x/mod/module/pseudo.go rename to go/extractor/vendor/golang.org/x/mod/module/pseudo.go diff --git a/go/vendor/golang.org/x/mod/semver/semver.go b/go/extractor/vendor/golang.org/x/mod/semver/semver.go similarity index 100% rename from go/vendor/golang.org/x/mod/semver/semver.go rename to go/extractor/vendor/golang.org/x/mod/semver/semver.go diff --git a/go/vendor/golang.org/x/sys/LICENSE b/go/extractor/vendor/golang.org/x/sys/LICENSE similarity index 100% rename from go/vendor/golang.org/x/sys/LICENSE rename to go/extractor/vendor/golang.org/x/sys/LICENSE diff --git a/go/vendor/golang.org/x/sys/PATENTS b/go/extractor/vendor/golang.org/x/sys/PATENTS similarity index 100% rename from go/vendor/golang.org/x/sys/PATENTS rename to go/extractor/vendor/golang.org/x/sys/PATENTS diff --git a/go/vendor/golang.org/x/sys/execabs/execabs.go b/go/extractor/vendor/golang.org/x/sys/execabs/execabs.go similarity index 100% rename from go/vendor/golang.org/x/sys/execabs/execabs.go rename to go/extractor/vendor/golang.org/x/sys/execabs/execabs.go diff --git a/go/vendor/golang.org/x/sys/execabs/execabs_go118.go b/go/extractor/vendor/golang.org/x/sys/execabs/execabs_go118.go similarity index 100% rename from go/vendor/golang.org/x/sys/execabs/execabs_go118.go rename to go/extractor/vendor/golang.org/x/sys/execabs/execabs_go118.go diff --git a/go/vendor/golang.org/x/sys/execabs/execabs_go119.go b/go/extractor/vendor/golang.org/x/sys/execabs/execabs_go119.go similarity index 100% rename from go/vendor/golang.org/x/sys/execabs/execabs_go119.go rename to go/extractor/vendor/golang.org/x/sys/execabs/execabs_go119.go diff --git a/go/vendor/golang.org/x/tools/LICENSE b/go/extractor/vendor/golang.org/x/tools/LICENSE similarity index 100% rename from go/vendor/golang.org/x/tools/LICENSE rename to go/extractor/vendor/golang.org/x/tools/LICENSE diff --git a/go/vendor/golang.org/x/tools/PATENTS b/go/extractor/vendor/golang.org/x/tools/PATENTS similarity index 100% rename from go/vendor/golang.org/x/tools/PATENTS rename to go/extractor/vendor/golang.org/x/tools/PATENTS diff --git a/go/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go b/go/extractor/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go rename to go/extractor/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go diff --git a/go/vendor/golang.org/x/tools/go/gcexportdata/importer.go b/go/extractor/vendor/golang.org/x/tools/go/gcexportdata/importer.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/gcexportdata/importer.go rename to go/extractor/vendor/golang.org/x/tools/go/gcexportdata/importer.go diff --git a/go/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/go/extractor/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go rename to go/extractor/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go diff --git a/go/vendor/golang.org/x/tools/go/packages/doc.go b/go/extractor/vendor/golang.org/x/tools/go/packages/doc.go similarity index 99% rename from go/vendor/golang.org/x/tools/go/packages/doc.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/doc.go index da4ab89fe63..a7a8f73e3d1 100644 --- a/go/vendor/golang.org/x/tools/go/packages/doc.go +++ b/go/extractor/vendor/golang.org/x/tools/go/packages/doc.go @@ -35,7 +35,7 @@ The Package struct provides basic information about the package, including - Imports, a map from source import strings to the Packages they name; - Types, the type information for the package's exported symbols; - Syntax, the parsed syntax trees for the package's source code; and - - TypeInfo, the result of a complete type-check of the package syntax trees. + - TypesInfo, the result of a complete type-check of the package syntax trees. (See the documentation for type Package for the complete list of fields and more detailed descriptions.) diff --git a/go/vendor/golang.org/x/tools/go/packages/external.go b/go/extractor/vendor/golang.org/x/tools/go/packages/external.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/packages/external.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/external.go diff --git a/go/vendor/golang.org/x/tools/go/packages/golist.go b/go/extractor/vendor/golang.org/x/tools/go/packages/golist.go similarity index 99% rename from go/vendor/golang.org/x/tools/go/packages/golist.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/golist.go index b5de9cf9f21..1f1eade0ac8 100644 --- a/go/vendor/golang.org/x/tools/go/packages/golist.go +++ b/go/extractor/vendor/golang.org/x/tools/go/packages/golist.go @@ -9,7 +9,6 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "log" "os" "path" @@ -1109,7 +1108,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err if len(state.cfg.Overlay) == 0 { return "", func() {}, nil } - dir, err := ioutil.TempDir("", "gopackages-*") + dir, err := os.MkdirTemp("", "gopackages-*") if err != nil { return "", nil, err } @@ -1128,7 +1127,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err // Create a unique filename for the overlaid files, to avoid // creating nested directories. noSeparator := strings.Join(strings.Split(filepath.ToSlash(k), "/"), "") - f, err := ioutil.TempFile(dir, fmt.Sprintf("*-%s", noSeparator)) + f, err := os.CreateTemp(dir, fmt.Sprintf("*-%s", noSeparator)) if err != nil { return "", func() {}, err } @@ -1146,7 +1145,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err } // Write out the overlay file that contains the filepath mappings. filename = filepath.Join(dir, "overlay.json") - if err := ioutil.WriteFile(filename, b, 0665); err != nil { + if err := os.WriteFile(filename, b, 0665); err != nil { return "", func() {}, err } return filename, cleanup, nil diff --git a/go/vendor/golang.org/x/tools/go/packages/golist_overlay.go b/go/extractor/vendor/golang.org/x/tools/go/packages/golist_overlay.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/packages/golist_overlay.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/golist_overlay.go diff --git a/go/vendor/golang.org/x/tools/go/packages/loadmode_string.go b/go/extractor/vendor/golang.org/x/tools/go/packages/loadmode_string.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/packages/loadmode_string.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/loadmode_string.go diff --git a/go/vendor/golang.org/x/tools/go/packages/packages.go b/go/extractor/vendor/golang.org/x/tools/go/packages/packages.go similarity index 99% rename from go/vendor/golang.org/x/tools/go/packages/packages.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/packages.go index 124a6fe143b..ece0e7c603e 100644 --- a/go/vendor/golang.org/x/tools/go/packages/packages.go +++ b/go/extractor/vendor/golang.org/x/tools/go/packages/packages.go @@ -16,7 +16,6 @@ import ( "go/token" "go/types" "io" - "io/ioutil" "log" "os" "path/filepath" @@ -1127,7 +1126,7 @@ func (ld *loader) parseFile(filename string) (*ast.File, error) { var err error if src == nil { ioLimit <- true // wait - src, err = ioutil.ReadFile(filename) + src, err = os.ReadFile(filename) <-ioLimit // signal } if err != nil { diff --git a/go/vendor/golang.org/x/tools/go/packages/visit.go b/go/extractor/vendor/golang.org/x/tools/go/packages/visit.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/packages/visit.go rename to go/extractor/vendor/golang.org/x/tools/go/packages/visit.go diff --git a/go/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/go/extractor/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go similarity index 100% rename from go/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go rename to go/extractor/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go diff --git a/go/vendor/golang.org/x/tools/internal/event/core/event.go b/go/extractor/vendor/golang.org/x/tools/internal/event/core/event.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/core/event.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/core/event.go diff --git a/go/vendor/golang.org/x/tools/internal/event/core/export.go b/go/extractor/vendor/golang.org/x/tools/internal/event/core/export.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/core/export.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/core/export.go diff --git a/go/vendor/golang.org/x/tools/internal/event/core/fast.go b/go/extractor/vendor/golang.org/x/tools/internal/event/core/fast.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/core/fast.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/core/fast.go diff --git a/go/vendor/golang.org/x/tools/internal/event/doc.go b/go/extractor/vendor/golang.org/x/tools/internal/event/doc.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/doc.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/doc.go diff --git a/go/vendor/golang.org/x/tools/internal/event/event.go b/go/extractor/vendor/golang.org/x/tools/internal/event/event.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/event.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/event.go diff --git a/go/vendor/golang.org/x/tools/internal/event/keys/keys.go b/go/extractor/vendor/golang.org/x/tools/internal/event/keys/keys.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/keys/keys.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/keys/keys.go diff --git a/go/vendor/golang.org/x/tools/internal/event/keys/standard.go b/go/extractor/vendor/golang.org/x/tools/internal/event/keys/standard.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/keys/standard.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/keys/standard.go diff --git a/go/vendor/golang.org/x/tools/internal/event/label/label.go b/go/extractor/vendor/golang.org/x/tools/internal/event/label/label.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/label/label.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/label/label.go diff --git a/go/vendor/golang.org/x/tools/internal/event/tag/tag.go b/go/extractor/vendor/golang.org/x/tools/internal/event/tag/tag.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/event/tag/tag.go rename to go/extractor/vendor/golang.org/x/tools/internal/event/tag/tag.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/bimport.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/bimport.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/bimport.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/bimport.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go similarity index 99% rename from go/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go index b1223713b94..2d078ccb19c 100644 --- a/go/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go +++ b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go @@ -29,7 +29,6 @@ import ( "go/token" "go/types" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -221,7 +220,7 @@ func Import(packages map[string]*types.Package, path, srcDir string, lookup func switch hdr { case "$$B\n": var data []byte - data, err = ioutil.ReadAll(buf) + data, err = io.ReadAll(buf) if err != nil { break } diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/iexport.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/iexport.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/iexport.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/iimport.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/iimport.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/iimport.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/support_go117.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/support_go117.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/support_go117.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/support_go117.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/ureader_no.go diff --git a/go/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go b/go/extractor/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go rename to go/extractor/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go diff --git a/go/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/go/extractor/vendor/golang.org/x/tools/internal/gocommand/invoke.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gocommand/invoke.go rename to go/extractor/vendor/golang.org/x/tools/internal/gocommand/invoke.go diff --git a/go/vendor/golang.org/x/tools/internal/gocommand/vendor.go b/go/extractor/vendor/golang.org/x/tools/internal/gocommand/vendor.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gocommand/vendor.go rename to go/extractor/vendor/golang.org/x/tools/internal/gocommand/vendor.go diff --git a/go/vendor/golang.org/x/tools/internal/gocommand/version.go b/go/extractor/vendor/golang.org/x/tools/internal/gocommand/version.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/gocommand/version.go rename to go/extractor/vendor/golang.org/x/tools/internal/gocommand/version.go diff --git a/go/vendor/golang.org/x/tools/internal/packagesinternal/packages.go b/go/extractor/vendor/golang.org/x/tools/internal/packagesinternal/packages.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/packagesinternal/packages.go rename to go/extractor/vendor/golang.org/x/tools/internal/packagesinternal/packages.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/codes.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/codes.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/codes.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/codes.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/decoder.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/decoder.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/decoder.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/decoder.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/doc.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/doc.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/doc.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/doc.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/encoder.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/encoder.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/encoder.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/encoder.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/flags.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/flags.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/flags.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/flags.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/reloc.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/reloc.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/reloc.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/reloc.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/support.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/support.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/support.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/support.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/sync.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/sync.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/sync.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/sync.go diff --git a/go/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go b/go/extractor/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go rename to go/extractor/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go diff --git a/go/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go b/go/extractor/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go rename to go/extractor/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/common.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/common.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/common.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/common.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/coretype.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/coretype.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/coretype.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/coretype.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/enabled_go117.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/enabled_go117.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/enabled_go117.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/enabled_go117.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/enabled_go118.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/enabled_go118.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/enabled_go118.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/enabled_go118.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/normalize.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/normalize.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/normalize.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/normalize.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/termlist.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/termlist.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/termlist.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeparams_go117.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeparams_go118.go diff --git a/go/vendor/golang.org/x/tools/internal/typeparams/typeterm.go b/go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeterm.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typeparams/typeterm.go rename to go/extractor/vendor/golang.org/x/tools/internal/typeparams/typeterm.go diff --git a/go/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go b/go/extractor/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go rename to go/extractor/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go diff --git a/go/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go b/go/extractor/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go rename to go/extractor/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go diff --git a/go/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go b/go/extractor/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go rename to go/extractor/vendor/golang.org/x/tools/internal/typesinternal/objectpath.go diff --git a/go/vendor/golang.org/x/tools/internal/typesinternal/types.go b/go/extractor/vendor/golang.org/x/tools/internal/typesinternal/types.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typesinternal/types.go rename to go/extractor/vendor/golang.org/x/tools/internal/typesinternal/types.go diff --git a/go/vendor/golang.org/x/tools/internal/typesinternal/types_118.go b/go/extractor/vendor/golang.org/x/tools/internal/typesinternal/types_118.go similarity index 100% rename from go/vendor/golang.org/x/tools/internal/typesinternal/types_118.go rename to go/extractor/vendor/golang.org/x/tools/internal/typesinternal/types_118.go diff --git a/go/vendor/modules.txt b/go/extractor/vendor/modules.txt similarity index 88% rename from go/vendor/modules.txt rename to go/extractor/vendor/modules.txt index 77866bafb1e..c4069b86f18 100644 --- a/go/vendor/modules.txt +++ b/go/extractor/vendor/modules.txt @@ -1,13 +1,13 @@ -# golang.org/x/mod v0.12.0 -## explicit; go 1.17 +# golang.org/x/mod v0.13.0 +## explicit; go 1.18 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/modfile golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/sys v0.12.0 +# golang.org/x/sys v0.13.0 ## explicit; go 1.17 golang.org/x/sys/execabs -# golang.org/x/tools v0.13.0 +# golang.org/x/tools v0.14.0 ## explicit; go 1.18 golang.org/x/tools/go/gcexportdata golang.org/x/tools/go/internal/packagesdriver diff --git a/go/go.mod b/go/go.mod deleted file mode 100644 index 54e366af936..00000000000 --- a/go/go.mod +++ /dev/null @@ -1,10 +0,0 @@ -module github.com/github/codeql-go - -go 1.21 - -require ( - golang.org/x/mod v0.12.0 - golang.org/x/tools v0.13.0 -) - -require golang.org/x/sys v0.12.0 // indirect diff --git a/go/go.sum b/go/go.sum deleted file mode 100644 index 6b2ef799f66..00000000000 --- a/go/go.sum +++ /dev/null @@ -1,8 +0,0 @@ -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/diagnostics.expected index 1db1354f164..56d774b7037 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/diagnostics.expected @@ -12,17 +12,3 @@ "telemetry": true } } -{ - "markdownMessage": "The detected version of Go is lower than the version specified in `go.mod`. [Install a newer version](https://github.com/actions/setup-go#basic).", - "severity": "error", - "source": { - "extractorName": "go", - "id": "go/autobuilder/newer-go-version-needed", - "name": "Newer Go version needed" - }, - "visibility": { - "cliSummaryTable": true, - "statusPage": true, - "telemetry": true - } -} diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/test.py b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/test.py index 9f34f431b93..2f43492da41 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/test.py +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/test.py @@ -4,6 +4,6 @@ from create_database_utils import * from diagnostics_test_utils import * os.environ['LGTM_INDEX_IMPORT_PATH'] = "test" -run_codeql_database_create([], lang="go", source="work", db=None) +run_codeql_database_create([], lang="go", source="work", db=None, runFunction=runUnsuccessfully) check_diagnostics() diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/work/go.mod b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/work/go.mod index 14415aab0a7..b3be9331165 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/work/go.mod +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/newer-go-version-needed/work/go.mod @@ -1,3 +1,3 @@ -go 999.0 +go 1.999.0 module test diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index fb9e1f49e54..20567a56d40 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,27 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris). +* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default + +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. + +## 0.6.5 + +No user-facing changes. + +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md b/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md deleted file mode 100644 index 26751edf2fe..00000000000 --- a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added Numeric and Boolean types to SQL injection sanitzers. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md b/go/ql/lib/change-notes/released/0.6.4.md similarity index 54% rename from go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md rename to go/ql/lib/change-notes/released/0.6.4.md index 2f1f5037390..6c561f82177 100644 --- a/go/ql/lib/change-notes/2023-08-28-add-error-sanitizer-for-xss.md +++ b/go/ql/lib/change-notes/released/0.6.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. \ No newline at end of file +## 0.6.4 + +### Minor Analysis Improvements + +* Added [http.Error](https://pkg.go.dev/net/http#Error) to XSS sanitzers. diff --git a/go/ql/lib/change-notes/released/0.6.5.md b/go/ql/lib/change-notes/released/0.6.5.md new file mode 100644 index 00000000000..b2bc387588d --- /dev/null +++ b/go/ql/lib/change-notes/released/0.6.5.md @@ -0,0 +1,3 @@ +## 0.6.5 + +No user-facing changes. diff --git a/go/ql/lib/change-notes/released/0.7.0.md b/go/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 00000000000..6df2bd55237 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,5 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. diff --git a/go/ql/lib/change-notes/released/0.7.1.md b/go/ql/lib/change-notes/released/0.7.1.md new file mode 100644 index 00000000000..41ed0e297c1 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.1.md @@ -0,0 +1,7 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris). +* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b7dafe32c5d..e007a9aec3e 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.7.1 diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll index 8ade2f7f4ab..75039d2a00e 100644 --- a/go/ql/lib/go.qll +++ b/go/ql/lib/go.qll @@ -30,6 +30,7 @@ import semmle.go.dataflow.GlobalValueNumbering import semmle.go.dataflow.SSA import semmle.go.dataflow.TaintTracking import semmle.go.dataflow.TaintTracking2 +import semmle.go.frameworks.Afero import semmle.go.frameworks.Beego import semmle.go.frameworks.BeegoOrm import semmle.go.frameworks.Chi @@ -38,11 +39,14 @@ import semmle.go.frameworks.Echo import semmle.go.frameworks.ElazarlGoproxy import semmle.go.frameworks.Email import semmle.go.frameworks.Encoding +import semmle.go.frameworks.Fiber import semmle.go.frameworks.Gin import semmle.go.frameworks.Glog +import semmle.go.frameworks.GoKit import semmle.go.frameworks.GoMicro import semmle.go.frameworks.GoRestfulHttp import semmle.go.frameworks.Gqlgen +import semmle.go.frameworks.Iris import semmle.go.frameworks.K8sIoApimachineryPkgRuntime import semmle.go.frameworks.K8sIoApiCoreV1 import semmle.go.frameworks.K8sIoClientGo diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index d3765da2f89..ddc9956180c 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.4-dev +version: 0.7.2-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll index 73873850982..a79e1a6bb05 100644 --- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll @@ -82,14 +82,6 @@ private import internal.AccessPathSyntax private import FlowSummary private import codeql.mad.ModelValidation as SharedModelVal -/** - * A module importing the frameworks that provide external flow data, - * ensuring that they are visible to the taint tracking / data flow library. - */ -private module Frameworks { - private import semmle.go.frameworks.Stdlib -} - /** Holds if a source model exists for the given parameters. */ predicate sourceModel = Extensions::sourceModel/9; diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll index 506873d498c..d185f9f78f3 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll @@ -20,21 +20,3 @@ private predicate redirectCheckGuard(DataFlow::Node g, Expr e, boolean outcome) class RedirectCheckBarrier extends DataFlow::Node { RedirectCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `RedirectCheckBarrier` instead. - * - * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is - * considered a barrier guard for sanitizing untrusted URLs. - */ -deprecated class RedirectCheckBarrierGuard extends DataFlow::BarrierGuard, DataFlow::CallNode { - RedirectCheckBarrierGuard() { - this.getCalleeName().regexpMatch("(?i)(is_?)?(local_?url|valid_?redir(ect)?)(ur[li])?") - } - - override predicate checks(Expr e, boolean outcome) { - // `isLocalUrl(e)` is a barrier for `e` if it evaluates to `true` - this.getAnArgument().asExpr() = e and - outcome = true - } -} diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll index 795ffb11c44..8cdc3b2e1ac 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll @@ -31,16 +31,3 @@ class RegexpCheckBarrier extends DataFlow::Node { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `RegexpCheckBarrier` instead. - * - * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs. - * - * This is overapproximate: we do not attempt to reason about the correctness of the regexp. - */ -deprecated class RegexpCheck extends DataFlow::BarrierGuard { - RegexpCheck() { regexpFunctionChecksExpr(this, _, _) } - - override predicate checks(Expr e, boolean branch) { regexpFunctionChecksExpr(this, e, branch) } -} diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll index d84badee3d9..8abcfb327cc 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll @@ -31,32 +31,3 @@ private predicate urlCheck(DataFlow::Node g, Expr e, boolean outcome) { class UrlCheckBarrier extends DataFlow::Node { UrlCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `UrlCheckBarrier` instead. - * - * An equality check comparing a data-flow node against a constant string, considered as - * a barrier guard for sanitizing untrusted URLs. - * - * Additionally, a check comparing `url.Hostname()` against a constant string is also - * considered a barrier guard for `url`. - */ -deprecated class UrlCheck extends DataFlow::BarrierGuard, DataFlow::EqualityTestNode { - DataFlow::Node url; - - UrlCheck() { - exists(this.getAnOperand().getStringValue()) and - ( - url = this.getAnOperand() - or - exists(DataFlow::MethodCallNode mc | mc = this.getAnOperand() | - mc.getTarget().getName() = "Hostname" and - url = mc.getReceiver() - ) - ) - } - - override predicate checks(Expr e, boolean outcome) { - e = url.asExpr() and outcome = this.getPolarity() - } -} diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll index ba0728ff02e..5a76d8592a8 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll @@ -407,34 +407,6 @@ module BarrierGuard { } } -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * When using a data-flow or taint-flow configuration `cfg`, it is important - * that any classes extending BarrierGuard in scope which are not used in `cfg` - * are disjoint from any classes extending BarrierGuard in scope which are used - * in `cfg`. - */ -abstract deprecated class BarrierGuard extends Node { - /** Holds if this guard validates `e` upon evaluating to `branch`. */ - abstract predicate checks(Expr e, boolean branch); - - /** Gets a node guarded by this guard. */ - final Node getAGuardedNode() { - result = BarrierGuard::getABarrierNodeForGuard(this) - } -} - -deprecated private predicate barrierGuardChecks(Node g, Expr e, boolean branch) { - g.(BarrierGuard).checks(e, branch) -} - DataFlow::Node getUniqueOutputNode(FuncDecl fd, FunctionOutput outp) { result = unique(DataFlow::Node n | n = outp.getEntryNode(fd) | n) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 331ff1e41bc..77b9d867121 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -222,13 +222,6 @@ abstract class DefaultTaintSanitizer extends DataFlow::Node { } */ predicate defaultTaintSanitizer(DataFlow::Node node) { node instanceof DefaultTaintSanitizer } -/** - * DEPRECATED: Use `DefaultTaintSanitizer` instead. - * - * A sanitizer guard in all global taint flow configurations but not in local taint. - */ -abstract deprecated class DefaultTaintSanitizerGuard extends DataFlow::BarrierGuard { } - private predicate equalityTestGuard(DataFlow::Node g, Expr e, boolean outcome) { exists(DataFlow::EqualityTestNode eq, DataFlow::Node nonConstNode | eq = g and diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/go/ql/lib/semmle/go/frameworks/Afero.qll b/go/ql/lib/semmle/go/frameworks/Afero.qll new file mode 100644 index 00000000000..52d488bff09 --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Afero.qll @@ -0,0 +1,114 @@ +/** + * Provides classes for working with sinks and taint propagators + * from the `github.com/spf13/afero` package. + */ + +import go + +/** + * Provide File system access sinks of [afero](https://github.com/spf13/afero) framework + */ +module Afero { + /** + * Gets all versions of `github.com/spf13/afero` + */ + string aferoPackage() { result = package("github.com/spf13/afero", "") } + + /** + * The File system access sinks of [afero](https://github.com/spf13/afero) framework methods + */ + class AferoSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode { + AferoSystemAccess() { + exists(Method m | + m.hasQualifiedName(aferoPackage(), "HttpFs", + ["Create", "Open", "OpenFile", "Remove", "RemoveAll"]) and + this = m.getACall() + or + m.hasQualifiedName(aferoPackage(), "RegexpFs", + ["Create", "Open", "OpenFile", "Remove", "RemoveAll", "Mkdir", "MkdirAll"]) and + this = m.getACall() + or + m.hasQualifiedName(aferoPackage(), "ReadOnlyFs", + ["Create", "Open", "OpenFile", "ReadDir", "ReadlinkIfPossible", "Mkdir", "MkdirAll"]) and + this = m.getACall() + or + m.hasQualifiedName(aferoPackage(), "OsFs", + [ + "Create", "Open", "OpenFile", "ReadlinkIfPossible", "Remove", "RemoveAll", "Mkdir", + "MkdirAll" + ]) and + this = m.getACall() + or + m.hasQualifiedName(aferoPackage(), "MemMapFs", + ["Create", "Open", "OpenFile", "Remove", "RemoveAll", "Mkdir", "MkdirAll"]) and + this = m.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(0) } + } + + /** + * The File system access sinks of [afero](https://github.com/spf13/afero) framework utility functions + * + * Afero Type is basically is an wrapper around utility functions which make them like a method, look at [here](https://github.com/spf13/afero/blob/cf95922e71986c0116204b6eeb3b345a01ffd842/ioutil.go#L61) + * + * The Types that are not vulnerable: `afero.BasePathFs` and `afero.IOFS` + */ + class AferoUtilityFunctionSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode { + int pathArg; + + AferoUtilityFunctionSystemAccess() { + // utility functions + exists(Function f | + f.hasQualifiedName(aferoPackage(), + ["WriteReader", "SafeWriteReader", "WriteFile", "ReadFile", "ReadDir"]) and + this = f.getACall() and + pathArg = 1 and + not aferoSanitizer(this.getArgument(0)) + ) + or + exists(Method m | + m.hasQualifiedName(aferoPackage(), "Afero", + ["WriteReader", "SafeWriteReader", "WriteFile", "ReadFile", "ReadDir"]) and + this = m.getACall() and + pathArg = 0 and + not aferoSanitizer(this.getReceiver()) + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) } + } + + /** + * Holds if the Afero utility function has a first argument of a safe type like `NewBasePathFs`. + * + * e.g. + * ``` + * basePathFs := afero.NewBasePathFs(osFS, "tmp") + * afero.ReadFile(basePathFs, filepath) + * ``` + */ + predicate aferoSanitizer(DataFlow::Node n) { + exists(Function f | + f.hasQualifiedName(aferoPackage(), ["NewBasePathFs", "NewIOFS"]) and + TaintTracking::localTaint(f.getACall(), n) + ) + } + + /** + * Holds if there is a dataflow node from n1 to n2 when initializing the Afero instance + * + * A helper for `aferoSanitizer` for when the Afero instance is initialized with one of the safe FS types like IOFS + * + * e.g.`n2 := &afero.Afero{Fs: afero.NewBasePathFs(osFS, "./")}` n1 is `afero.NewBasePathFs(osFS, "./")` + */ + class AdditionalTaintStep extends TaintTracking::AdditionalTaintStep { + override predicate step(DataFlow::Node n1, DataFlow::Node n2) { + exists(StructLit st | st.getType().hasQualifiedName(aferoPackage(), "Afero") | + n1.asExpr() = st.getAnElement().(KeyValueExpr).getAChildExpr() and + n2.asExpr() = st + ) + } + } +} diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll index 0446cb2bbbf..6d31647c32f 100644 --- a/go/ql/lib/semmle/go/frameworks/Beego.qll +++ b/go/ql/lib/semmle/go/frameworks/Beego.qll @@ -278,21 +278,31 @@ module Beego { } } + /** + * The File system access sinks + */ private class FsOperations extends FileSystemAccess::Range, DataFlow::CallNode { + int pathArg; + FsOperations() { - this.getTarget().hasQualifiedName(packagePath(), "Walk") + this.getTarget().hasQualifiedName(packagePath(), "Walk") and pathArg = 1 or exists(Method m | this = m.getACall() | - m.hasQualifiedName(packagePath(), "FileSystem", "Open") or - m.hasQualifiedName(packagePath(), "Controller", "SaveToFile") + m.hasQualifiedName(packagePath(), "FileSystem", "Open") and pathArg = 0 + or + m.hasQualifiedName(packagePath(), "Controller", "SaveToFile") and pathArg = 1 + or + m.hasQualifiedName(contextPackagePath(), "BeegoOutput", "Download") and + pathArg = 0 + or + // SaveToFileWithBuffer only available in v2 + m.hasQualifiedName("github.com/beego/beego/v2/server/web", "Controller", + "SaveToFileWithBuffer") and + pathArg = 1 ) } - override DataFlow::Node getAPathArgument() { - this.getTarget().getName() = ["Walk", "SaveToFile"] and result = this.getArgument(1) - or - this.getTarget().getName() = "Open" and result = this.getArgument(0) - } + override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) } } private class RedirectMethods extends Http::Redirect::Range, DataFlow::CallNode { diff --git a/go/ql/lib/semmle/go/frameworks/Echo.qll b/go/ql/lib/semmle/go/frameworks/Echo.qll index 3575292a92a..13cfc25e891 100644 --- a/go/ql/lib/semmle/go/frameworks/Echo.qll +++ b/go/ql/lib/semmle/go/frameworks/Echo.qll @@ -98,4 +98,18 @@ private module Echo { override Http::ResponseWriter getResponseWriter() { none() } } + + /** + * The File system access sinks + */ + class FsOperations extends FileSystemAccess::Range, DataFlow::CallNode { + FsOperations() { + exists(Method m | + m.hasQualifiedName(packagePath(), "Context", ["Attachment", "File"]) and + this = m.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(0) } + } } diff --git a/go/ql/lib/semmle/go/frameworks/Fiber.qll b/go/ql/lib/semmle/go/frameworks/Fiber.qll new file mode 100644 index 00000000000..38dd2ca7df1 --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Fiber.qll @@ -0,0 +1,38 @@ +/** + * Provides classes for working the `github.com/gofiber/fiber` package. + */ + +import go + +private module Fiber { + /** Gets the package name `github.com/gofiber/fiber`. */ + string packagePath() { result = package("github.com/gofiber/fiber", "") } + + /** Gets the v2 module path `github.com/gofiber/fiber/v2` */ + string v2modulePath() { result = "github.com/gofiber/fiber/v2" } + + /** + * The File system access sinks + */ + class FsOperations extends FileSystemAccess::Range, DataFlow::CallNode { + int pathArg; + + FsOperations() { + exists(Method m | + ( + m.hasQualifiedName(packagePath(), "Ctx", ["SendFile", "Download"]) and + pathArg = 0 + or + m.hasQualifiedName(packagePath(), "Ctx", "SaveFile") and + pathArg = 1 + or + m.hasQualifiedName(v2modulePath(), "Ctx", "SaveFileToStorage") and + pathArg = 1 + ) and + this = m.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) } + } +} diff --git a/go/ql/lib/semmle/go/frameworks/Gin.qll b/go/ql/lib/semmle/go/frameworks/Gin.qll index 3ecda54c8e7..bdaf002e117 100644 --- a/go/ql/lib/semmle/go/frameworks/Gin.qll +++ b/go/ql/lib/semmle/go/frameworks/Gin.qll @@ -53,4 +53,26 @@ private module Gin { ) } } + + /** + * The File system access sinks + */ + class FsOperations extends FileSystemAccess::Range, DataFlow::CallNode { + int pathArg; + + FsOperations() { + exists(Method m | + ( + m.hasQualifiedName(packagePath(), "Context", ["File", "FileAttachment"]) and + pathArg = 0 + or + m.hasQualifiedName(packagePath(), "Context", "SaveUploadedFile") and + pathArg = 1 + ) and + this = m.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) } + } } diff --git a/go/ql/lib/semmle/go/frameworks/GoKit.qll b/go/ql/lib/semmle/go/frameworks/GoKit.qll index c501858997c..7150493f88a 100644 --- a/go/ql/lib/semmle/go/frameworks/GoKit.qll +++ b/go/ql/lib/semmle/go/frameworks/GoKit.qll @@ -1,8 +1,5 @@ /** * Provides classes for working with concepts relating to the [github.com/go-kit/kit](https://pkg.go.dev/github.com/go-kit/kit) package. - * - * Note that these models are not included by default; to include them, add `import semmle.go.frameworks.GoKit` to your query or to - * `Customizations.qll`. */ import go diff --git a/go/ql/lib/semmle/go/frameworks/Iris.qll b/go/ql/lib/semmle/go/frameworks/Iris.qll new file mode 100644 index 00000000000..bb965769d5c --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Iris.qll @@ -0,0 +1,49 @@ +/** + * Provides classes for working the `github.com/kataras/iris` package. + */ + +import go + +private module Iris { + /** Gets the v1 module path `github.com/kataras/iris`. */ + string v1modulePath() { result = "github.com/kataras/iris" } + + /** Gets the v12 module path `github.com/kataras/iris/v12` */ + string v12modulePath() { result = "github.com/kataras/iris/v12" } + + /** Gets the path for the context package of all versions of beego. */ + string contextPackagePath() { + result = v12contextPackagePath() + or + result = v1contextPackagePath() + } + + /** Gets the path for the context package of beego v12. */ + string v12contextPackagePath() { result = v12modulePath() + "/context" } + + /** Gets the path for the context package of beego v1. */ + string v1contextPackagePath() { result = v1modulePath() + "/server/web/context" } + + /** + * The File system access sinks + */ + class FsOperations extends FileSystemAccess::Range, DataFlow::CallNode { + int pathArg; + + FsOperations() { + exists(Method m | + ( + m.hasQualifiedName(contextPackagePath(), "Context", + ["SendFile", "ServeFile", "SendFileWithRate", "ServeFileWithRate", "UploadFormFiles"]) and + pathArg = 0 + or + m.hasQualifiedName(v12contextPackagePath(), "Context", "SaveFormFile") and + pathArg = 1 + ) and + this = m.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) } + } +} diff --git a/go/ql/lib/semmle/go/frameworks/Stdlib.qll b/go/ql/lib/semmle/go/frameworks/Stdlib.qll index d3066fecd62..259b03009d4 100644 --- a/go/ql/lib/semmle/go/frameworks/Stdlib.qll +++ b/go/ql/lib/semmle/go/frameworks/Stdlib.qll @@ -117,6 +117,9 @@ module IntegerParser { * input is 0 then it means the bit size of `int` and `uint`. */ FunctionInput getTargetBitSizeInput() { none() } + + /** Gets whether the function is for parsing signed or unsigned integers. */ + boolean isSigned() { none() } } } diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index b3f1d075c86..177d129cbc0 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -288,4 +288,18 @@ module NetHttp { override predicate guardedBy(DataFlow::Node check) { check = handlerReg.getArgument(0) } } + + /** + * The File system access sinks + */ + class HttpServeFile extends FileSystemAccess::Range, DataFlow::CallNode { + HttpServeFile() { + exists(Function f | + f.hasQualifiedName("net/http", "ServeFile") and + this = f.getACall() + ) + } + + override DataFlow::Node getAPathArgument() { result = this.getArgument(2) } + } } diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Strconv.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Strconv.qll index 34981f0af43..0f3d2f95cc7 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Strconv.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Strconv.qll @@ -11,6 +11,8 @@ module Strconv { Atoi() { this.hasQualifiedName("strconv", "Atoi") } override int getTargetBitSize() { result = 0 } + + override boolean isSigned() { result = true } } /** The `ParseInt` function. */ @@ -18,6 +20,8 @@ module Strconv { ParseInt() { this.hasQualifiedName("strconv", "ParseInt") } override FunctionInput getTargetBitSizeInput() { result.isParameter(2) } + + override boolean isSigned() { result = true } } /** The `ParseUint` function. */ @@ -25,6 +29,8 @@ module Strconv { ParseUint() { this.hasQualifiedName("strconv", "ParseUint") } override FunctionInput getTargetBitSizeInput() { result.isParameter(2) } + + override boolean isSigned() { result = false } } /** diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll index 64d4fb96baa..8d01d8b8163 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll @@ -25,10 +25,6 @@ module AllocationSizeOverflow { override predicate isSink(DataFlow::Node nd) { nd = Builtin::len().getACall().getArgument(0) } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } } @@ -81,10 +77,6 @@ module AllocationSizeOverflow { ) } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } } diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll index 7de78de31e6..13c76a9566a 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll @@ -24,13 +24,6 @@ module AllocationSizeOverflow { abstract DataFlow::Node getAllocationSize(); } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard node that prevents allocation-size overflow. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A sanitizer node that prevents allocation-size overflow. */ diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index 12bd1e51296..bde5a443503 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -35,10 +35,6 @@ module CommandInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { @@ -116,10 +112,6 @@ module CommandInjection { node instanceof Sanitizer or node = any(ArgumentArrayWithDoubleDash array).getASanitizedElement() } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module DoubleDashSanitizingConfig implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll index a8f8269a968..bab3fab0fc3 100644 --- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll @@ -29,13 +29,6 @@ module CommandInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for command-injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for command injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll index f4161beb45d..1aa9a428179 100644 --- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll +++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll @@ -14,14 +14,15 @@ float getMaxIntValue(int bitSize, boolean isSigned) { } /** - * Get the size of `int` or `uint` in `file`, or 0 if it is - * architecture-specific. + * Get the size of `int` or `uint` in `file`, or + * `architectureSpecificBitSize` if it is architecture-specific. */ -int getIntTypeBitSize(File file) { +bindingset[architectureSpecificBitSize] +int getIntTypeBitSize(File file, int architectureSpecificBitSize) { file.constrainsIntBitSize(result) or not file.constrainsIntBitSize(_) and - result = 0 + result = architectureSpecificBitSize } /** @@ -90,7 +91,7 @@ deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Confi ) and ( if apparentBitSize = 0 - then effectiveBitSize = getIntTypeBitSize(source.getFile()) + then effectiveBitSize = getIntTypeBitSize(source.getFile(), 0) else effectiveBitSize = apparentBitSize ) and // `effectiveBitSize` could be any value between 0 and 64, but we @@ -113,7 +114,7 @@ deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Confi bitSize = integerType.getSize() or not exists(integerType.getSize()) and - bitSize = getIntTypeBitSize(sink.getFile()) + bitSize = getIntTypeBitSize(sink.getFile(), 0) ) and if integerType instanceof SignedIntegerType then sinkIsSigned = true else sinkIsSigned = false ) and @@ -140,7 +141,7 @@ deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Confi if sinkBitSize != 0 then bitSize = sinkBitSize else bitSize = 32 | node = DataFlow::BarrierGuard::getABarrierNodeForGuard(g) and - g.isBoundFor(bitSize, sinkIsSigned) + if sinkIsSigned = true then g.isBoundFor(bitSize, 32) else g.isBoundFor(bitSize - 1, 32) ) or exists(int bitSize | @@ -150,49 +151,265 @@ deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Confi } } -/** Flow state for ConversionWithoutBoundsCheckConfig. */ -newtype IntegerConversionFlowState = - /** Keep track of info about the source and potential sinks. */ - TFlowstate(boolean sinkIsSigned, int sourceBitSize, int sinkBitSize) { - sinkIsSigned in [true, false] and - isIncorrectIntegerConversion(sourceBitSize, sinkBitSize) +private int validBitSize() { result = [7, 8, 15, 16, 31, 32, 63, 64] } + +private newtype TArchitectureBitSize = + TMk32Bit() or + TMk64Bit() or + TMkUnknown() + +private class ArchitectureBitSize extends TArchitectureBitSize { + /** Gets an integer for the architecture bit size, if known. */ + int toInt() { + this = TMk32Bit() and result = 32 + or + this = TMk64Bit() and result = 64 } -/** Gets the bit size of the source. */ -int getSourceBitSize(IntegerConversionFlowState state) { state = TFlowstate(_, result, _) } + /** Holds if the architecture bit size is unknown. */ + predicate isUnknown() { this = TMkUnknown() } + + /** Gets a textual representation of this element. */ + string toString() { + result = this.toInt() + "-bit" + or + this.isUnknown() and result = "unknown" + } +} + +private newtype TMaxValueState = + TMkMaxValueState(int bitSize, ArchitectureBitSize architectureBitSize) { + bitSize = validBitSize() + } + +/** Flow state for ConversionWithoutBoundsCheckConfig. */ +private class MaxValueState extends TMaxValueState { + /** + * Gets the smallest bitsize where the maximum value that could get to this + * point fits into an integer type whose maximum value is 2^(result) - 1. + * + * For example, if we know `1 << 12` can get to a particular program point, + * then the result would be 15, since a 16-bit signed integer can represent + * that value and that type has maximum value 2^15 -1. An unsigned 8-bit + * integer cannot represent that value as its maximum value is 2^8 - 1. + */ + int getBitSize() { this = TMkMaxValueState(result, _) } + + private ArchitectureBitSize architectureBitSize() { this = TMkMaxValueState(_, result) } + + /** Gets whether the architecture is 32 bit or 64 bit, if it is known. */ + int getArchitectureBitSize() { result = this.architectureBitSize().toInt() } + + /** Holds if the architecture is not known. */ + predicate architectureBitSizeUnknown() { this.architectureBitSize().isUnknown() } + + /** + * Gets the bitsize we should use for a sink. + * + * If the architecture bit size is known, then we should use that. Otherwise, + * we should use 32 bits, because that will find results that only exist on + * 32-bit architectures. + */ + int getSinkBitSize() { + if this = TMkMaxValueState(_, TMk64Bit()) then result = 64 else result = 32 + } + + /** Gets a textual representation of this element. */ + string toString() { + exists(string suffix | + suffix = " (on " + this.getArchitectureBitSize() + "-bit architecture)" + or + this.architectureBitSizeUnknown() and suffix = "" + | + result = "MaxValueState(max value <= 2^(" + this.getBitSize() + ")-1" + suffix + ) + } +} + +/** + * A node that blocks some flow states and transforms some others as they flow + * through it. + */ +abstract class BarrierFlowStateTransformer extends DataFlow::Node { + /** + * Holds if this should be a barrier for `flowstate`. + * + * This includes flow states which are transformed into other flow states. + */ + abstract predicate barrierFor(MaxValueState flowstate); + + /** + * Gets the flow state that `flowstate` is transformed into. + * + * Due to limitations of the implementation the transformation defined by this + * predicate must be idempotent, that is, for any input `x` it must be that: + * ``` + * transform(transform(x)) = transform(x) + * ``` + */ + abstract MaxValueState transform(MaxValueState flowstate); +} + +private predicate upperBoundCheckGuard(DataFlow::Node g, Expr e, boolean branch) { + g.(UpperBoundCheckGuard).checks(e, branch) +} + +/** An upper bound check that compares a variable to a constant value. */ +class UpperBoundCheckGuard extends DataFlow::RelationalComparisonNode { + UpperBoundCheckGuard() { + count(expr.getAnOperand().getExactValue()) = 1 and + expr.getAnOperand().getType().getUnderlyingType() instanceof IntegerType + } + + /** + * Holds if this upper bound check ensures the non-constant operand is less + * than or equal to `2^(bitsize) - 1`. In this case, the upper bound check + * is a barrier guard. `architectureBitSize` is used if the constant operand + * is `math.MaxInt` or `math.MaxUint`. + * + * Note that we have to use floats here because integers in CodeQL are + * represented by 32-bit signed integers, which cannot represent some of the + * integer values which we will encounter. + */ + predicate isBoundFor(int bitSize, int architectureBitSize) { + bitSize = validBitSize() and + architectureBitSize = [32, 64] and + exists(float bound, float strictnessOffset | + // For `x < c` the bound is `c-1`. For `x >= c` we will be an upper bound + // on the `branch` argument of `checks` is false, which is equivalent to + // `x < c`. + if expr instanceof LssExpr or expr instanceof GeqExpr + then strictnessOffset = 1 + else strictnessOffset = 0 + | + exists(DeclaredConstant maxint, DeclaredConstant maxuint | + maxint.hasQualifiedName("math", "MaxInt") and maxuint.hasQualifiedName("math", "MaxUint") + | + if expr.getAnOperand() = maxint.getAReference() + then bound = getMaxIntValue(architectureBitSize, true) + else + if expr.getAnOperand() = maxuint.getAReference() + then bound = getMaxIntValue(architectureBitSize, false) + else bound = expr.getAnOperand().getExactValue().toFloat() + ) and + bound - strictnessOffset < 2.pow(bitSize) - 1 + ) + } + + /** Holds if this guard validates `e` upon evaluating to `branch`. */ + predicate checks(Expr e, boolean branch) { + this.leq(branch, DataFlow::exprNode(e), _, _) and + not e.isConst() + } +} + +/** + * A node that is safely guarded by an `UpperBoundCheckGuard`. + * + * When this guarantees that a variable in the non-constant operand is less + * than some value this may be a barrier guard which should block some flow + * states and transform some others as they flow through. + * + * For example, in the following code: + * ```go + * if parsed <= math.MaxInt16 { + * _ = uint16(parsed) + * } + * ``` + * `parsed < math.MaxInt16` is an `UpperBoundCheckGuard` and `uint16(parsed)` + * is an `UpperBoundCheck` that would be a barrier for flow states with bit + * size greater than 15 and would transform them to a flow state with bit size + * 15 and the same architecture bit size. + * + * However, in the following code: + * ```go + * parsed, _ := strconv.ParseUint(input, 10, 32) + * if parsed < 5 { + * _ = uint16(parsed) + * } + * ``` + * `parsed < 5` is an `UpperBoundCheckGuard` and `uint16(parsed)` is a barrier + * for all flow states and would not transform any flow states, thus + * effectively blocking them. + */ +class UpperBoundCheck extends BarrierFlowStateTransformer { + UpperBoundCheckGuard g; + + UpperBoundCheck() { + this = DataFlow::BarrierGuard::getABarrierNodeForGuard(g) + } + + override predicate barrierFor(MaxValueState flowstate) { + g.isBoundFor(flowstate.getBitSize(), flowstate.getSinkBitSize()) + } + + override MaxValueState transform(MaxValueState state) { + this.barrierFor(state) and + result.getBitSize() = + max(int bitsize | + bitsize = validBitSize() and + bitsize < state.getBitSize() and + not g.isBoundFor(bitsize, state.getSinkBitSize()) + ) and + ( + result.getArchitectureBitSize() = state.getArchitectureBitSize() + or + state.architectureBitSizeUnknown() and result.architectureBitSizeUnknown() + ) + } +} + +/** + * Holds if `source` is the result of a call to `strconv.Atoi`, + * `strconv.ParseInt`, or `strconv.ParseUint`, `bitSize` is the `bitSize` + * argument to that call (or 0 for `strconv.Atoi`) and hence must be between 0 + * and 64, and `isSigned` is true for `strconv.Atoi`, true for + * `strconv.ParseInt` and false for `strconv.ParseUint`. + */ +predicate isSourceWithBitSize(DataFlow::Node source, int bitSize, boolean isSigned) { + exists(DataFlow::CallNode c, IntegerParser::Range ip, int apparentBitSize | + c = ip.getACall() and + source = c.getResult(0) and + ( + apparentBitSize = ip.getTargetBitSize() + or + // If we are reading a variable, check if it is + // `strconv.IntSize`, and use 0 if it is. + exists(DataFlow::Node rawBitSize | + rawBitSize = ip.getTargetBitSizeInput().getNode(c) and + if rawBitSize = any(Strconv::IntSize intSize).getARead() + then apparentBitSize = 0 + else apparentBitSize = rawBitSize.getIntValue() + ) + ) and + // Note that `bitSize` is not necessarily the bit-size of an integer type. + // It can be any integer between 0 and 64. + bitSize = replaceZeroWith(apparentBitSize, getIntTypeBitSize(source.getFile(), 0)) and + isSigned = ip.isSigned() + ) +} private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConfigSig { - class FlowState = IntegerConversionFlowState; + class FlowState = MaxValueState; predicate isSource(DataFlow::Node source, FlowState state) { - exists( - DataFlow::CallNode c, IntegerParser::Range ip, int apparentBitSize, int effectiveBitSize - | - c.getTarget() = ip and source = c.getResult(0) - | - ( - apparentBitSize = ip.getTargetBitSize() - or - // If we are reading a variable, check if it is - // `strconv.IntSize`, and use 0 if it is. - exists(DataFlow::Node rawBitSize | rawBitSize = ip.getTargetBitSizeInput().getNode(c) | - if rawBitSize = any(Strconv::IntSize intSize).getARead() - then apparentBitSize = 0 - else apparentBitSize = rawBitSize.getIntValue() + exists(int effectiveBitSize, boolean sourceIsSigned | + isSourceWithBitSize(source, effectiveBitSize, sourceIsSigned) and + if effectiveBitSize = 0 + then + exists(int b | b = [32, 64] | + state.getBitSize() = adjustBitSize(0, sourceIsSigned, b) and + state.getArchitectureBitSize() = b ) - ) and - ( - if apparentBitSize = 0 - then effectiveBitSize = getIntTypeBitSize(source.getFile()) - else effectiveBitSize = apparentBitSize - ) and - // `effectiveBitSize` could be any value between 0 and 64, but we - // can round it up to the nearest size of an integer type without - // changing behavior. - exists(int sourceBitSize | - sourceBitSize = min(int b | b in [0, 8, 16, 32, 64] and b >= effectiveBitSize) - | - state = TFlowstate(_, sourceBitSize, _) + else ( + state.architectureBitSizeUnknown() and + state.getBitSize() = + min(int bitsize | + bitsize = validBitSize() and + // The `bitSizeForZero` argument will not be used because on this + // branch `effectiveBitSize != 0`. + adjustBitSize(effectiveBitSize, sourceIsSigned, 64) <= bitsize + ) ) ) } @@ -203,18 +420,24 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf * not also in a right-shift expression. We allow this case because it is * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on. */ - additional predicate isSinkWithBitSize( - DataFlow::TypeCastNode sink, boolean sinkIsSigned, int bitSize - ) { + additional predicate isSink2(DataFlow::TypeCastNode sink, FlowState state) { sink.asExpr() instanceof ConversionExpr and - exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType | + exists(int architectureBitSize, IntegerType integerType, int sinkBitsize, boolean sinkIsSigned | + architectureBitSize = getIntTypeBitSize(sink.getFile(), state.getSinkBitSize()) and + not (state.getArchitectureBitSize() = 32 and architectureBitSize = 64) and + sink.getResultType().getUnderlyingType() = integerType and ( - bitSize = integerType.getSize() + sinkBitsize = integerType.getSize() or not exists(integerType.getSize()) and - bitSize = getIntTypeBitSize(sink.getFile()) + sinkBitsize = 0 ) and - if integerType instanceof SignedIntegerType then sinkIsSigned = true else sinkIsSigned = false + ( + if integerType instanceof SignedIntegerType + then sinkIsSigned = true + else sinkIsSigned = false + ) and + adjustBitSize(sinkBitsize, sinkIsSigned, architectureBitSize) < state.getBitSize() ) and not exists(ShrExpr shrExpr | shrExpr.getLeftOperand().getGlobalValueNumber() = @@ -229,31 +452,24 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf // can sanitize the result of the conversion to prevent flow on to further sinks // without needing to use `isSanitizerOut`, which doesn't work with flow states // (and therefore the legacy `TaintTracking::Configuration` class). - exists(boolean sinkIsSigned, int sinkBitSize | - state = TFlowstate(sinkIsSigned, _, sinkBitSize) - | - isSinkWithBitSize(sink.getASuccessor(), sinkIsSigned, sinkBitSize) - ) + isSink2(sink.getASuccessor(), state) } predicate isBarrier(DataFlow::Node node, FlowState state) { - exists(boolean sinkIsSigned, int sourceBitSize, int sinkBitSize | - state = TFlowstate(sinkIsSigned, sourceBitSize, sinkBitSize) - | - // To catch flows that only happen on 32-bit architectures we - // consider an architecture-dependent sink bit size to be 32. - exists(UpperBoundCheckGuard g, int bitSize | - if sinkBitSize != 0 then bitSize = sinkBitSize else bitSize = 32 - | - node = DataFlow::BarrierGuard::getABarrierNodeForGuard(g) and - g.isBoundFor(bitSize, sinkIsSigned) - ) - or - exists(int bitSize | - isIncorrectIntegerConversion(sourceBitSize, bitSize) and - isSinkWithBitSize(node, sinkIsSigned, bitSize) - ) - ) + // Safely guarded by a barrier guard. + exists(BarrierFlowStateTransformer bfst | node = bfst and bfst.barrierFor(state)) + or + // When there is a flow from a source to a sink, do not allow the flow to + // continue to a further sink. + isSink2(node, state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + // Create additional flow steps for `BarrierFlowStateTransformer`s + state2 = node2.(BarrierFlowStateTransformer).transform(state1) and + DataFlow::simpleLocalFlowStep(node1, node2) } } @@ -263,57 +479,8 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf */ module Flow = TaintTracking::GlobalWithState; -private predicate upperBoundCheckGuard(DataFlow::Node g, Expr e, boolean branch) { - g.(UpperBoundCheckGuard).checks(e, branch) -} - -/** An upper bound check that compares a variable to a constant value. */ -class UpperBoundCheckGuard extends DataFlow::RelationalComparisonNode { - UpperBoundCheckGuard() { - count(expr.getAnOperand().getExactValue()) = 1 and - expr.getAnOperand().getType().getUnderlyingType() instanceof IntegerType - } - - /** - * Gets the constant value which this upper bound check ensures the - * other value is less than or equal to. - */ - predicate isBoundFor(int bitSize, boolean isSigned) { - bitSize = [8, 16, 32] and - exists(float bound, float strictnessOffset | - // For `x < c` the bound is `c-1`. For `x >= c` we will be an upper bound - // on the `branch` argument of `checks` is false, which is equivalent to - // `x < c`. - if expr instanceof LssExpr or expr instanceof GeqExpr - then strictnessOffset = 1 - else strictnessOffset = 0 - | - ( - bound = expr.getAnOperand().getExactValue().toFloat() - or - exists(DeclaredConstant maxint | maxint.hasQualifiedName("math", "MaxInt") | - expr.getAnOperand() = maxint.getAReference() and - bound = getMaxIntValue(32, true) - ) - or - exists(DeclaredConstant maxuint | maxuint.hasQualifiedName("math", "MaxUint") | - expr.getAnOperand() = maxuint.getAReference() and - bound = getMaxIntValue(32, false) - ) - ) and - bound - strictnessOffset <= getMaxIntValue(bitSize, isSigned) - ) - } - - /** Holds if this guard validates `e` upon evaluating to `branch`. */ - predicate checks(Expr e, boolean branch) { - this.leq(branch, DataFlow::exprNode(e), _, _) and - not e.isConst() - } -} - /** Gets a string describing the size of the integer parsed. */ -string describeBitSize(int bitSize, int intTypeBitSize) { +deprecated string describeBitSize(int bitSize, int intTypeBitSize) { intTypeBitSize in [0, 32, 64] and if bitSize != 0 then bitSize in [8, 16, 32, 64] and result = "a " + bitSize + "-bit integer" @@ -325,3 +492,40 @@ string describeBitSize(int bitSize, int intTypeBitSize) { "a number with architecture-dependent bit-width, which is constrained to be " + intTypeBitSize + "-bit by build constraints," } + +/** Gets a string describing the size of the integer parsed. */ +string describeBitSize2(DataFlow::Node source) { + exists(int sourceBitSize, int intTypeBitSize, boolean isSigned, string signedString | + isSourceWithBitSize(source, sourceBitSize, isSigned) and + intTypeBitSize = getIntTypeBitSize(source.getFile(), 0) + | + (if isSigned = true then signedString = "a signed " else signedString = "an unsigned ") and + if sourceBitSize != 0 + then result = signedString + sourceBitSize + "-bit integer" + else + if intTypeBitSize = 0 + then result = "an integer with architecture-dependent bit size" + else + result = + "a number with architecture-dependent bit-width, which is constrained to be " + + intTypeBitSize + "-bit by build constraints," + ) +} + +/** + * The integer type with bit size `bitSize` and signedness `isSigned` has + * maximum value `2^result - 1`. + */ +bindingset[bitSize, bitSizeForZero] +private int adjustBitSize(int bitSize, boolean isSigned, int bitSizeForZero) { + exists(int effectiveBitSize | effectiveBitSize = replaceZeroWith(bitSize, bitSizeForZero) | + isSigned = true and result = effectiveBitSize - 1 + or + isSigned = false and result = effectiveBitSize + ) +} + +bindingset[inputBitSize, replacementForZero] +private int replaceZeroWith(int inputBitSize, int replacementForZero) { + if inputBitSize = 0 then result = replacementForZero else result = inputBitSize +} diff --git a/go/ql/lib/semmle/go/security/LogInjection.qll b/go/ql/lib/semmle/go/security/LogInjection.qll index 854076d40e7..cb454716a8f 100644 --- a/go/ql/lib/semmle/go/security/LogInjection.qll +++ b/go/ql/lib/semmle/go/security/LogInjection.qll @@ -27,10 +27,6 @@ module LogInjection { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** Config for reasoning about log injection vulnerabilities. */ diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index cb7a4da5b88..0a6885db530 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -25,13 +25,6 @@ module LogInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for log injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for log injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll index b5f3691a8d0..a2cddc031ee 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll @@ -60,10 +60,6 @@ module OpenUrlRedirect { or hostnameSanitizingPrefixEdge(node, _) } - - deprecated override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - guard instanceof BarrierGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index c6fdefd4a2b..5683b7715f8 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -31,13 +31,6 @@ module OpenUrlRedirect { */ abstract class Barrier extends DataFlow::Node { } - /** - * DEPRECATED: Use `Barrier` instead. - * - * A barrier guard for unvalidated URL redirect vulnerabilities. - */ - abstract deprecated class BarrierGuard extends DataFlow::BarrierGuard { } - /** * An additional taint propagation step specific to this query. */ diff --git a/go/ql/lib/semmle/go/security/ReflectedXss.qll b/go/ql/lib/semmle/go/security/ReflectedXss.qll index 3e7e19b9920..a605d78633d 100644 --- a/go/ql/lib/semmle/go/security/ReflectedXss.qll +++ b/go/ql/lib/semmle/go/security/ReflectedXss.qll @@ -32,10 +32,6 @@ module ReflectedXss { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll index bdc2bd0cf1b..71c25d889fa 100644 --- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll +++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll @@ -19,25 +19,9 @@ module ReflectedXss { /** A sanitizer for reflected XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for reflected XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A shared XSS sanitizer as a sanitizer for reflected XSS. */ private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { } - /** A shared XSS sanitizer guard as a sanitizer guard for reflected XSS. */ - deprecated private class SharedXssSanitizerGuard extends SanitizerGuard { - SharedXss::SanitizerGuard self; - - SharedXssSanitizerGuard() { this = self } - - override predicate checks(Expr e, boolean b) { self.checks(e, b) } - } - /** * A third-party controllable input, considered as a flow source for reflected XSS. */ diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index a7c5c457c6c..5f7139a1b44 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -44,10 +44,6 @@ module RequestForgery { super.isSanitizerOut(node) or node instanceof SanitizerEdge } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - super.isSanitizerGuard(guard) or guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index 26aff199a5c..27a54253372 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -32,13 +32,6 @@ module RequestForgery { /** An outgoing sanitizer edge for request forgery vulnerabilities. */ abstract class SanitizerEdge extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for request forgery vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A third-party controllable input, considered as a flow source for request forgery. */ diff --git a/go/ql/lib/semmle/go/security/SqlInjection.qll b/go/ql/lib/semmle/go/security/SqlInjection.qll index 002eea2e990..366a05cf3df 100644 --- a/go/ql/lib/semmle/go/security/SqlInjection.qll +++ b/go/ql/lib/semmle/go/security/SqlInjection.qll @@ -33,10 +33,6 @@ module SqlInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll index 7cd99ab5508..dcdb9fe5fde 100644 --- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll @@ -25,13 +25,6 @@ module SqlInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for SQL-injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for SQL injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/StoredCommand.qll b/go/ql/lib/semmle/go/security/StoredCommand.qll index 5c8443ee620..4c21a292371 100644 --- a/go/ql/lib/semmle/go/security/StoredCommand.qll +++ b/go/ql/lib/semmle/go/security/StoredCommand.qll @@ -36,10 +36,6 @@ module StoredCommand { super.isSanitizer(node) or node instanceof CommandInjection::Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof CommandInjection::SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/StoredXss.qll b/go/ql/lib/semmle/go/security/StoredXss.qll index ba2b4d4c085..37e4b048910 100644 --- a/go/ql/lib/semmle/go/security/StoredXss.qll +++ b/go/ql/lib/semmle/go/security/StoredXss.qll @@ -32,10 +32,6 @@ module StoredXss { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll index 7d468df2607..1216844f994 100644 --- a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll +++ b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll @@ -16,25 +16,9 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for stored XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A shared XSS sanitizer as a sanitizer for stored XSS. */ private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { } - /** A shared XSS sanitizer guard as a sanitizer guard for stored XSS. */ - deprecated private class SharedXssSanitizerGuard extends SanitizerGuard { - SharedXss::SanitizerGuard self; - - SharedXssSanitizerGuard() { this = self } - - override predicate checks(Expr e, boolean b) { self.checks(e, b) } - } - /** A database query result, considered as a flow source for stored XSS. */ private class DatabaseQueryAsSource extends Source { DatabaseQueryAsSource() { this = any(SQL::Query q).getAResult() } diff --git a/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll b/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll index 60328f89a55..9833fec33e4 100644 --- a/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll +++ b/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll @@ -39,13 +39,6 @@ module StringBreak { Quote getQuote() { any() } } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for unsafe-quoting vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** Holds if `l` contains a `quote` (either single or double). */ private predicate containsQuote(StringOps::ConcatenationLeaf l, Quote quote) { quote = l.getStringValue().regexpFind("['\"]", _, _) diff --git a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll index 0b4c41276d7..42edd470da2 100644 --- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll +++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll @@ -43,23 +43,6 @@ module TaintedPath { } } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for path-traversal vulnerabilities, as a `DataFlow::BarrierGuard`. - * - * Use this class if you want all `TaintedPath::SanitizerGuard`s as a `DataFlow::BarrierGuard`, - * e.g. to use directly in a `DataFlow::Configuration::isSanitizerGuard` method. If you want to - * provide a new instance of a tainted path sanitizer, extend `TaintedPath::SanitizerGuard` instead. - */ - deprecated class SanitizerGuardAsBarrierGuard extends DataFlow::BarrierGuard { - SanitizerGuard guardImpl; - - SanitizerGuardAsBarrierGuard() { this = guardImpl } - - override predicate checks(Expr e, boolean branch) { guardImpl.checks(e, branch) } - } - /** A source of untrusted data, considered as a taint source for path traversal. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll index 354bc70b8c9..2b969ffc4d9 100644 --- a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll +++ b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll @@ -29,10 +29,6 @@ module UnsafeUnzipSymlink { super.isSanitizer(node) or node instanceof EvalSymlinksInvalidator } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof EvalSymlinksInvalidatorGuard - } } // Archive header field symlinks resolved @@ -77,10 +73,6 @@ module UnsafeUnzipSymlink { super.isSanitizer(node) or node instanceof SymlinkSanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SymlinkSanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll index 228f8ecdfc0..3fe37583331 100644 --- a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll +++ b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll @@ -36,16 +36,6 @@ module UnsafeUnzipSymlink { */ abstract class EvalSymlinksInvalidator extends DataFlow::Node { } - /** - * DEPRECATED: Use `EvalSymlinksInvalidator` instead. - * - * A sanitizer guard that prevents reaching an `EvalSymlinksSink`. - * - * This is called an invalidator instead of a sanitizer because reaching a EvalSymlinksSink - * is a good thing from a security perspective. - */ - abstract deprecated class EvalSymlinksInvalidatorGuard extends DataFlow::BarrierGuard { } - /** * A sanitizer for an unsafe symbolic-link unzip vulnerability. * @@ -55,17 +45,6 @@ module UnsafeUnzipSymlink { */ abstract class SymlinkSanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `SymlinkSanitizer` instead. - * - * A sanitizer guard for an unsafe symbolic-link unzip vulnerability. - * - * Extend this to mark a particular path as safe for use in an `os.Symlink` or similar call. - * To exclude a source from the query entirely if it reaches a particular node, extend - * `EvalSymlinksSink` instead. - */ - abstract deprecated class SymlinkSanitizerGuard extends DataFlow::BarrierGuard { } - /** A file name from a zip or tar entry, as a source for unsafe unzipping of symlinks. */ class FileNameSource extends FilenameWithSymlinks, DataFlow::FieldReadNode { FileNameSource() { diff --git a/go/ql/lib/semmle/go/security/XPathInjection.qll b/go/ql/lib/semmle/go/security/XPathInjection.qll index 51e0c90dc89..2e374dfbf24 100644 --- a/go/ql/lib/semmle/go/security/XPathInjection.qll +++ b/go/ql/lib/semmle/go/security/XPathInjection.qll @@ -29,10 +29,6 @@ module XPathInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll index 3e9484506e0..27d0badd68e 100644 --- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll @@ -24,13 +24,6 @@ module XPathInjection { */ abstract class Sanitizer extends DataFlow::ExprNode { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for untrusted user input used in an XPath expression. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, used in an XPath expression. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll index 3310c7a420d..4bd2665eda9 100644 --- a/go/ql/lib/semmle/go/security/Xss.qll +++ b/go/ql/lib/semmle/go/security/Xss.qll @@ -34,13 +34,6 @@ module SharedXss { /** A sanitizer for XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * An expression that is sent as part of an HTTP response body, considered as an * XSS sink. diff --git a/go/ql/lib/semmle/go/security/ZipSlip.qll b/go/ql/lib/semmle/go/security/ZipSlip.qll index bbdc964e529..4a7ba231f0f 100644 --- a/go/ql/lib/semmle/go/security/ZipSlip.qll +++ b/go/ql/lib/semmle/go/security/ZipSlip.qll @@ -27,10 +27,6 @@ module ZipSlip { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll index 276aae4c4db..980c601582e 100644 --- a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll +++ b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll @@ -27,13 +27,6 @@ module ZipSlip { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for zip-slip vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A tar file header, as a source for zip slip. */ diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index cfe3163c6e9..7ceadcda745 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,21 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results. + +## 0.7.0 + +No user-facing changes. + +## 0.6.5 + +No user-facing changes. + +## 0.6.4 + +No user-facing changes. + ## 0.6.3 No user-facing changes. diff --git a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql index dd34af8e48b..4497ffe7c4a 100644 --- a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql +++ b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql @@ -24,7 +24,6 @@ where call.getResult(0) = source.getNode() and sinkConverted = sink.getNode().getASuccessor() select sinkConverted, source, sink, - "Incorrect conversion of " + - describeBitSize(getSourceBitSize(sink.getState()), getIntTypeBitSize(source.getNode().getFile())) - + " from $@ to a lower bit size type " + sinkConverted.getType().getUnderlyingType().getName() + + "Incorrect conversion of " + describeBitSize2(source.getNode()) + + " from $@ to a lower bit size type " + sinkConverted.getType().getUnderlyingType().getName() + " without an upper bound check.", source, call.getTarget().getQualifiedName() diff --git a/go/ql/src/change-notes/released/0.6.4.md b/go/ql/src/change-notes/released/0.6.4.md new file mode 100644 index 00000000000..7e98b0159fc --- /dev/null +++ b/go/ql/src/change-notes/released/0.6.4.md @@ -0,0 +1,3 @@ +## 0.6.4 + +No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.6.5.md b/go/ql/src/change-notes/released/0.6.5.md new file mode 100644 index 00000000000..b2bc387588d --- /dev/null +++ b/go/ql/src/change-notes/released/0.6.5.md @@ -0,0 +1,3 @@ +## 0.6.5 + +No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.7.0.md b/go/ql/src/change-notes/released/0.7.0.md new file mode 100644 index 00000000000..80d3864a0f9 --- /dev/null +++ b/go/ql/src/change-notes/released/0.7.0.md @@ -0,0 +1,3 @@ +## 0.7.0 + +No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.7.1.md b/go/ql/src/change-notes/released/0.7.1.md new file mode 100644 index 00000000000..d88d1ee5510 --- /dev/null +++ b/go/ql/src/change-notes/released/0.7.1.md @@ -0,0 +1,5 @@ +## 0.7.1 + +### Minor Analysis Improvements + +* The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b7dafe32c5d..e007a9aec3e 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.7.1 diff --git a/go/ql/src/experimental/CWE-203/timingBad.go b/go/ql/src/experimental/CWE-203/timingBad.go index 7bb25c4ec64..c7c88d2b7fe 100644 --- a/go/ql/src/experimental/CWE-203/timingBad.go +++ b/go/ql/src/experimental/CWE-203/timingBad.go @@ -1,4 +1,11 @@ -func bad(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, error) { +package main + +import ( + "fmt" + "net/http" +) + +func bad(w http.ResponseWriter, req *http.Request, secret []byte) (interface{}, error) { secretHeader := "X-Secret" @@ -8,4 +15,4 @@ func bad(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) } return nil, nil -} \ No newline at end of file +} diff --git a/go/ql/src/experimental/CWE-203/timingGood.go b/go/ql/src/experimental/CWE-203/timingGood.go index 7de6eca3f8a..ab369badfe7 100644 --- a/go/ql/src/experimental/CWE-203/timingGood.go +++ b/go/ql/src/experimental/CWE-203/timingGood.go @@ -1,4 +1,12 @@ -func good(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, error) { +package main + +import ( + "crypto/subtle" + "fmt" + "net/http" +) + +func good(w http.ResponseWriter, req *http.Request, secret []byte) (interface{}, error) { secretHeader := "X-Secret" @@ -7,4 +15,4 @@ func good(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) } return nil, nil -} \ No newline at end of file +} diff --git a/go/ql/src/experimental/CWE-321-V2/ExampleBad.go b/go/ql/src/experimental/CWE-321-V2/ExampleBad.go new file mode 100644 index 00000000000..900853b2f2e --- /dev/null +++ b/go/ql/src/experimental/CWE-321-V2/ExampleBad.go @@ -0,0 +1,28 @@ +package main + +import ( + "fmt" + "log" + + "github.com/go-jose/go-jose/v3/jwt" +) + +var JwtKey = []byte("AllYourBase") + +func main() { + // BAD: usage of a harcoded Key + verifyJWT(JWTFromUser) +} + +func LoadJwtKey(token *jwt.Token) (interface{}, error) { + return JwtKey, nil +} +func verifyJWT(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, err := jwt.ParseWithClaims(signedToken, &CustomerInfo{}, LoadJwtKey) + if claims, ok := DecodedToken.Claims.(*CustomerInfo); ok && DecodedToken.Valid { + fmt.Printf("NAME:%v ,ID:%v\n", claims.Name, claims.ID) + } else { + log.Fatal(err) + } +} diff --git a/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.qhelp b/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.qhelp new file mode 100644 index 00000000000..de4affc139e --- /dev/null +++ b/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.qhelp @@ -0,0 +1,41 @@ + + + +

+ A JSON Web Token (JWT) is used for authenticating and managing users in an application. +

+

+ Using a hard-coded secret key for parsing JWT tokens in open source projects + can leave the application using the token vulnerable to authentication bypasses. +

+ +

+ A JWT token is safe for enforcing authentication and access control as long as it can't be forged by a malicious actor. However, when a project exposes this secret publicly, these seemingly unforgeable tokens can now be easily forged. + Since the authentication as well as access control is typically enforced through these JWT tokens, an attacker armed with the secret can create a valid authentication token for any user and may even gain access to other privileged parts of the application. +

+ + + + +

+ Generating a cryptographically secure secret key during application initialization and using this generated key for future JWT parsing requests can prevent this vulnerability. +

+ + + + +

+ The following code uses a hard-coded string as a secret for parsing user provided JWTs. In this case, an attacker can very easily forge a token by using the hard-coded secret. +

+ + + + + +
  • + CVE-2022-0664: + Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. +
    • +     + +     \ No newline at end of file diff --git a/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql b/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql new file mode 100644 index 00000000000..39cc2ca9917 --- /dev/null +++ b/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql @@ -0,0 +1,59 @@ +/** + * @name Decoding JWT with hardcoded key + * @description Decoding JWT Secret with a Constant value lead to authentication or authorization bypass + * @kind path-problem + * @problem.severity error + * @id go/parse-jwt-with-hardcoded-key + * @tags security + * experimental + * external/cwe/cwe-321 + */ + +import go +import experimental.frameworks.JWT + +module JwtParseWithConstantKeyConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr() instanceof StringLit } + + predicate isSink(DataFlow::Node sink) { + // first part is the JWT Parsing Functions that get a func type as an argument + // Find a node that has flow to a key Function argument + // then find the first result node of this Function which is the secret key + exists(FuncDef fd, DataFlow::Node n, DataFlow::ResultNode rn | + fd = n.asExpr() + or + n = fd.(FuncDecl).getFunction().getARead() + | + GolangJwtKeyFunc::flow(n, _) and + sink = rn and + rn.getRoot() = fd and + rn.getIndex() = 0 + ) + or + // second part is the JWT Parsing Functions that get a string or byte as an argument + sink = any(JwtParse jp).getKeyArg() + } +} + +module GolangJwtKeyFuncConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source = any(Function f).getARead() + or + source.asExpr() = any(FuncDef fd) + } + + predicate isSink(DataFlow::Node sink) { + sink = any(JwtParseWithKeyFunction parseJwt).getKeyFuncArg() + } +} + +module JwtParseWithConstantKey = TaintTracking::Global; + +module GolangJwtKeyFunc = TaintTracking::Global; + +import JwtParseWithConstantKey::PathGraph + +from JwtParseWithConstantKey::PathNode source, JwtParseWithConstantKey::PathNode sink +where JwtParseWithConstantKey::flowPath(source, sink) +select sink.getNode(), source, sink, "This $@.", source.getNode(), + "Constant Key is used as JWT Secret key" diff --git a/go/ql/src/experimental/CWE-347/Example.go b/go/ql/src/experimental/CWE-347/Example.go new file mode 100644 index 00000000000..ee59d836439 --- /dev/null +++ b/go/ql/src/experimental/CWE-347/Example.go @@ -0,0 +1,39 @@ +package main + +import ( + "fmt" + "log" + + "github.com/golang-jwt/jwt/v5" +) + +func main() { + // BAD: only decode jwt without verification + notVerifyJWT(token) + + // GOOD: decode with verification or verify plus decode + notVerifyJWT(token) + VerifyJWT(token) +} + +func notVerifyJWT(signedToken string) { + fmt.Println("only decoding JWT") + DecodedToken, _, err := jwt.NewParser().ParseUnverified(signedToken, &CustomerInfo{}) + if claims, ok := DecodedToken.Claims.(*CustomerInfo); ok { + fmt.Printf("DecodedToken:%v\n", claims) + } else { + log.Fatal("error", err) + } +} +func LoadJwtKey(token *jwt.Token) (interface{}, error) { + return ARandomJwtKey, nil +} +func verifyJWT(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, err := jwt.ParseWithClaims(signedToken, &CustomerInfo{}, LoadJwtKey) + if claims, ok := DecodedToken.Claims.(*CustomerInfo); ok && DecodedToken.Valid { + fmt.Printf("NAME:%v ,ID:%v\n", claims.Name, claims.ID) + } else { + log.Fatal(err) + } +} diff --git a/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.qhelp b/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.qhelp new file mode 100644 index 00000000000..cb1edb2f659 --- /dev/null +++ b/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.qhelp @@ -0,0 +1,34 @@ + + + +

    + A JSON Web Token (JWT) is used for authenticating and managing users in an application. +

    +

    + Only Decoding JWTs without checking if they have a valid signature or not can lead to security vulnerabilities. +

    + +     + + +

    + Don't use methods that only decode JWT, Instead use methods that verify the signature of JWT. +

    + +     + + +

    + In the following code you can see an Example from a popular Library. +

    + + + +     + +
  • + JWT audience claim is not verified +
    • +     + +     \ No newline at end of file diff --git a/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.ql b/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.ql new file mode 100644 index 00000000000..182685efa97 --- /dev/null +++ b/go/ql/src/experimental/CWE-347/ParseJWTWithoutVerification.ql @@ -0,0 +1,57 @@ +/** + * @name Use of JWT Methods that only decode user provided Token + * @description Using JWT methods without verification can cause to authorization or authentication bypass + * @kind path-problem + * @problem.severity error + * @id go/parse-jwt-without-verification + * @tags security + * experimental + * external/cwe/cwe-321 + */ + +import go +import experimental.frameworks.JWT + +module WithValidationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource } + + predicate isSink(DataFlow::Node sink) { + sink = any(JwtParse jwtParse).getTokenArg() or + sink = any(JwtParseWithKeyFunction jwtParseWithKeyFunction).getTokenArg() + } + + predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + golangJwtIsAdditionalFlowStep(nodeFrom, nodeTo) + or + goJoseIsAdditionalFlowStep(nodeFrom, nodeTo) + } +} + +module NoValidationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + source instanceof UntrustedFlowSource and + not WithValidation::flow(source, _) + } + + predicate isSink(DataFlow::Node sink) { + sink = any(JwtUnverifiedParse parseUnverified).getTokenArg() + } + + predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + golangJwtIsAdditionalFlowStep(nodeFrom, nodeTo) + or + goJoseIsAdditionalFlowStep(nodeFrom, nodeTo) + } +} + +module WithValidation = TaintTracking::Global; + +module NoValidation = TaintTracking::Global; + +import NoValidation::PathGraph + +from NoValidation::PathNode source, NoValidation::PathNode sink +where NoValidation::flowPath(source, sink) +select sink.getNode(), source, sink, + "This JWT is parsed without verification and received from $@.", source.getNode(), + "this user-controlled source" diff --git a/go/ql/src/experimental/CWE-74/DsnBad.go b/go/ql/src/experimental/CWE-74/DsnBad.go index f0b2e3c4592..a0b0120ec38 100644 --- a/go/ql/src/experimental/CWE-74/DsnBad.go +++ b/go/ql/src/experimental/CWE-74/DsnBad.go @@ -1,3 +1,10 @@ +package main + +import ( + "database/sql" + "fmt" + "os" +) func bad() interface{} { name := os.Args[1:] diff --git a/go/ql/src/experimental/CWE-74/DsnGood.go b/go/ql/src/experimental/CWE-74/DsnGood.go index 0922d3ea1ff..48a860d07e8 100644 --- a/go/ql/src/experimental/CWE-74/DsnGood.go +++ b/go/ql/src/experimental/CWE-74/DsnGood.go @@ -1,3 +1,13 @@ +package main + +import ( + "database/sql" + "errors" + "fmt" + "os" + "regexp" +) + func good() (interface{}, error) { name := os.Args[1] hasBadChar, _ := regexp.MatchString(".*[?].*", name) diff --git a/go/ql/src/experimental/frameworks/JWT.qll b/go/ql/src/experimental/frameworks/JWT.qll new file mode 100644 index 00000000000..ceb7ffc9409 --- /dev/null +++ b/go/ql/src/experimental/frameworks/JWT.qll @@ -0,0 +1,265 @@ +import go + +/** + * A abstract class which responsible for parsing a JWT token. + */ +abstract class JwtParseBase extends Function { + /** + * Gets argument number that responsible for JWT + * + * `-1` means the receiver is a argument node that responsible for JWT. + * In this case, we must declare some additional taint steps. + */ + abstract int getTokenArgNum(); + + /** + * Gets Argument as DataFlow node that responsible for JWT + */ + DataFlow::Node getTokenArg() { + this.getTokenArgNum() != -1 and result = this.getACall().getArgument(this.getTokenArgNum()) + or + this.getTokenArgNum() = -1 and result = this.getACall().getReceiver() + } +} + +/** + * A abstract class which responsible for parsing a JWT token which the key parameter is a function type. + * + * Extends this class for Jwt parsing methods that accepts a function type as key. + */ +abstract class JwtParseWithKeyFunction extends JwtParseBase { + /** + * Gets argument number that responsible for a function returning the secret key + */ + abstract int getKeyFuncArgNum(); + + /** + * Gets Argument as DataFlow node that responsible for a function returning the secret key + */ + DataFlow::Node getKeyFuncArg() { result = this.getACall().getArgument(this.getKeyFuncArgNum()) } +} + +/** + * A abstract class which responsible for parsing a JWT token which the key parameter can be a string or byte type. + * + * Extends this class for Jwt parsing methods that accepts a non-function type as key. + */ +abstract class JwtParse extends JwtParseBase { + /** + * Gets argument number that responsible for secret key + */ + abstract int getKeyArgNum(); + + /** + * Gets Argument as DataFlow node that responsible for secret key + */ + DataFlow::Node getKeyArg() { result = this.getACall().getArgument(this.getKeyArgNum()) } +} + +/** + * A abstract class which responsible for parsing a JWT without verifying it + * + * Extends this class for Jwt parsing methods that don't verify JWT signature + */ +abstract class JwtUnverifiedParse extends JwtParseBase { } + +/** + * Gets `github.com/golang-jwt/jwt` and `github.com/dgrijalva/jwt-go`(previous name of `golang-jwt`) JWT packages + */ +string golangJwtPackage() { + result = package(["github.com/golang-jwt/jwt", "github.com/dgrijalva/jwt-go"], "") +} + +/** + * A class that contains the following function and method: + * + * func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) + * + * func Parse(tokenString string, keyFunc Keyfunc) + */ +class GolangJwtParse extends JwtParseWithKeyFunction { + GolangJwtParse() { + exists(Function f | f.hasQualifiedName(golangJwtPackage(), "Parse") | this = f) + or + exists(Method f | f.hasQualifiedName(golangJwtPackage(), "Parser", "Parse") | this = f) + } + + override int getKeyFuncArgNum() { result = 1 } + + override int getTokenArgNum() { result = 0 } +} + +/** + * A class that contains the following function and method: + * + * func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) + * + * func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) + */ +class GolangJwtParseWithClaims extends JwtParseWithKeyFunction { + GolangJwtParseWithClaims() { + exists(Function f | f.hasQualifiedName(golangJwtPackage(), "ParseWithClaims") | this = f) + or + exists(Method f | f.hasQualifiedName(golangJwtPackage(), "Parser", "ParseWithClaims") | + this = f + ) + } + + override int getKeyFuncArgNum() { result = 2 } + + override int getTokenArgNum() { result = 0 } +} + +/** + * A class that contains the following method: + * + * func (p *Parser) ParseUnverified(tokenString string, claims Claims) + */ +class GolangJwtParseUnverified extends JwtUnverifiedParse { + GolangJwtParseUnverified() { + exists(Method f | f.hasQualifiedName(golangJwtPackage(), "Parser", "ParseUnverified") | + this = f + ) + } + + override int getTokenArgNum() { result = 0 } +} + +/** + * Gets `github.com/golang-jwt/jwt` and `github.com/dgrijalva/jwt-go`(previous name of `golang-jwt`) JWT packages + */ +string golangJwtRequestPackage() { + result = package(["github.com/golang-jwt/jwt", "github.com/dgrijalva/jwt-go"], "request") +} + +/** + * A class that contains the following function: + * + * func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc, options ...ParseFromRequestOption) + */ +class GolangJwtParseFromRequest extends JwtParseWithKeyFunction { + GolangJwtParseFromRequest() { + exists(Function f | f.hasQualifiedName(golangJwtRequestPackage(), "ParseFromRequest") | + this = f + ) + } + + override int getKeyFuncArgNum() { result = 2 } + + override int getTokenArgNum() { result = 0 } +} + +/** + * A class that contains the following function: + * + * func ParseFromRequestWithClaims(req *http.Request, extractor Extractor, claims jwt.Claims, keyFunc jwt.Keyfunc) + */ +class GolangJwtParseFromRequestWithClaims extends JwtParseWithKeyFunction { + GolangJwtParseFromRequestWithClaims() { + exists(Function f | + f.hasQualifiedName(golangJwtRequestPackage(), "ParseFromRequestWithClaims") + | + this = f + ) + } + + override int getKeyFuncArgNum() { result = 3 } + + override int getTokenArgNum() { result = 0 } +} + +/** + * Gets `gopkg.in/square/go-jose` and `github.com/go-jose/go-jose` jwt package + */ +string goJoseJwtPackage() { + result = package(["gopkg.in/square/go-jose", "github.com/go-jose/go-jose"], "jwt") +} + +/** + * A class that contains the following method: + * + * func (t *JSONWebToken) Claims(key interface{}, dest ...interface{}) + */ +class GoJoseParseWithClaims extends JwtParse { + GoJoseParseWithClaims() { + exists(Method f | f.hasQualifiedName(goJoseJwtPackage(), "JSONWebToken", "Claims") | this = f) + } + + override int getKeyArgNum() { result = 0 } + + override int getTokenArgNum() { result = -1 } +} + +/** + * A class that contains the following method: + * + * func (t *JSONWebToken) UnsafeClaimsWithoutVerification(dest ...interface{}) + */ +class GoJoseUnsafeClaims extends JwtUnverifiedParse { + GoJoseUnsafeClaims() { + exists(Method f | + f.hasQualifiedName(goJoseJwtPackage(), "JSONWebToken", "UnsafeClaimsWithoutVerification") + | + this = f + ) + } + + override int getTokenArgNum() { result = -1 } +} + +/** + * Holds for general additional steps related to parsing the secret keys in `golang-jwt/jwt`,`dgrijalva/jwt-go` packages + */ +predicate golangJwtIsAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + exists(Function f, DataFlow::CallNode call | + ( + f.hasQualifiedName(package("github.com/golang-jwt/jwt", ""), + [ + "ParseECPrivateKeyFromPEM", "ParseECPublicKeyFromPEM", "ParseEdPrivateKeyFromPEM", + "ParseEdPublicKeyFromPEM", "ParseRSAPrivateKeyFromPEM", "ParseRSAPublicKeyFromPEM", + "RegisterSigningMethod" + ]) or + f.hasQualifiedName(package("github.com/dgrijalva/jwt-go", ""), + [ + "ParseECPrivateKeyFromPEM", "ParseECPublicKeyFromPEM", "ParseRSAPrivateKeyFromPEM", + "ParseRSAPrivateKeyFromPEMWithPassword", "ParseRSAPublicKeyFromPEM" + ]) + ) and + call = f.getACall() and + nodeFrom = call.getArgument(0) and + nodeTo = call.getResult(0) + or + ( + f instanceof GolangJwtParse + or + f instanceof GolangJwtParseWithClaims + ) and + call = f.getACall() and + nodeFrom = call.getArgument(0) and + nodeTo = call.getResult(0) + ) +} + +/** + * Holds for general additioanl steps related to parsing the secret keys in `go-jose` package + */ +predicate goJoseIsAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + exists(Function f, DataFlow::CallNode call | + f.hasQualifiedName(goJoseJwtPackage(), ["ParseEncrypted", "ParseSigned"]) and + call = f.getACall() and + nodeFrom = call.getArgument(0) and + nodeTo = call.getResult(0) + ) + or + exists(Method m, DataFlow::CallNode call | + m.hasQualifiedName(goJoseJwtPackage(), "NestedJSONWebToken", "ParseSignedAndEncrypted") and + call = m.getACall() and + nodeFrom = call.getArgument(0) and + nodeTo = call.getResult(0) + or + m.hasQualifiedName(goJoseJwtPackage(), "NestedJSONWebToken", "Decrypt") and + call = m.getACall() and + nodeFrom = call.getReceiver() and + nodeTo = call.getResult(0) + ) +} diff --git a/go/ql/src/meta/frameworks/Coverage.ql b/go/ql/src/meta/frameworks/Coverage.ql new file mode 100644 index 00000000000..40b01e624a0 --- /dev/null +++ b/go/ql/src/meta/frameworks/Coverage.ql @@ -0,0 +1,14 @@ +/** + * @name Framework coverage + * @description The number of API endpoints covered by MaD models sorted by + * package and source-, sink-, and summary-kind. + * @kind table + * @id go/meta/framework-coverage + */ + +import go +import semmle.go.dataflow.ExternalFlow + +from string package, int pkgs, string kind, string part, int n +where modelCoverage(package, pkgs, kind, part, n) +select package, pkgs, kind, part, n diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index a625c40a9c8..99573ffaa5d 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.4-dev +version: 0.7.2-dev groups: - go - queries diff --git a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected new file mode 100644 index 00000000000..6d1d1693ab7 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected @@ -0,0 +1,16 @@ +edges +| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | +| go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | +| golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | +| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | +nodes +| go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion | +| go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" | +| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey | +| golang-jwt-v5.go:19:15:19:35 | type conversion | semmle.label | type conversion | +| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" | +| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 | +subpaths +#select +| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:24:32:24:37 | JwtKey | This $@. | go-jose.v3.go:13:21:13:33 | "AllYourBase" | Constant Key is used as JWT Secret key | +| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | This $@. | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | Constant Key is used as JWT Secret key | diff --git a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref new file mode 100644 index 00000000000..e6cee546420 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref @@ -0,0 +1 @@ +experimental/CWE-321-V2/HardCodedKeys.ql \ No newline at end of file diff --git a/go/ql/test/experimental/CWE-321-V2/go-jose.v3.go b/go/ql/test/experimental/CWE-321-V2/go-jose.v3.go new file mode 100644 index 00000000000..e25624bb680 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/go-jose.v3.go @@ -0,0 +1,28 @@ +package jwt + +//go:generate depstubber -vendor github.com/go-jose/go-jose/v3/jwt JSONWebToken ParseSigned + +import ( + "fmt" + "net/http" + + "github.com/go-jose/go-jose/v3/jwt" +) + +// NOT OK +var JwtKey = []byte("AllYourBase") + +func main2(r *http.Request) { + signedToken := r.URL.Query().Get("signedToken") + verifyJWT(signedToken) +} + +func verifyJWT(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, _ := jwt.ParseSigned(signedToken) + out := CustomerInfo{} + if err := DecodedToken.Claims(JwtKey, &out); err != nil { + panic(err) + } + fmt.Printf("%v\n", out) +} diff --git a/go/ql/test/experimental/CWE-321-V2/go.mod b/go/ql/test/experimental/CWE-321-V2/go.mod new file mode 100644 index 00000000000..1f1dec543c2 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/go.mod @@ -0,0 +1,37 @@ +module main + +go 1.21 + +require ( + github.com/gin-gonic/gin v1.9.1 + github.com/go-jose/go-jose/v3 v3.0.0 + github.com/golang-jwt/jwt/v5 v5.0.0 +) + +require ( + github.com/bytedance/sonic v1.9.1 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/gin-contrib/sse v0.1.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/leodido/go-urn v1.2.4 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.11 // indirect + golang.org/x/arch v0.3.0 // indirect + golang.org/x/net v0.10.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect + google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + github.com/google/go-cmp v0.5.9 // indirect + golang.org/x/crypto v0.12.0 // indirect +) diff --git a/go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go b/go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go new file mode 100644 index 00000000000..71917160bda --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go @@ -0,0 +1,38 @@ +package jwt + +//go:generate depstubber -vendor github.com/golang-jwt/jwt/v5 RegisteredClaims,Parser,Token Parse,ParseWithClaims + +import ( + "fmt" + "github.com/golang-jwt/jwt/v5" + "log" + "net/http" +) + +type CustomerInfo struct { + Name string + ID int + jwt.RegisteredClaims +} + +// BAD constant key +var JwtKey1 = []byte("AllYourBase") + +func main1(r *http.Request) { + signedToken := r.URL.Query().Get("signedToken") + verifyJWT_golangjwt(signedToken) +} + +func LoadJwtKey(token *jwt.Token) (interface{}, error) { + return JwtKey1, nil +} + +func verifyJWT_golangjwt(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, err := jwt.ParseWithClaims(signedToken, &CustomerInfo{}, LoadJwtKey) + if claims, ok := DecodedToken.Claims.(*CustomerInfo); ok && DecodedToken.Valid { + fmt.Printf("NAME:%v ,ID:%v\n", claims.Name, claims.ID) + } else { + log.Fatal(err) + } +} diff --git a/go/ql/test/experimental/CWE-321-V2/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go b/go/ql/test/experimental/CWE-321-V2/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go new file mode 100644 index 00000000000..a160226c423 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go @@ -0,0 +1,24 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/go-jose/go-jose/v3/jwt, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/go-jose/go-jose/v3/jwt (exports: JSONWebToken; functions: ParseSigned) + +// Package jwt is a stub of github.com/go-jose/go-jose/v3/jwt, generated by depstubber. +package jwt + +type JSONWebToken struct { + Headers []interface{} +} + +func (_ *JSONWebToken) Claims(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *JSONWebToken) UnsafeClaimsWithoutVerification(_ ...interface{}) error { + return nil +} + +func ParseSigned(_ string) (*JSONWebToken, error) { + return nil, nil +} diff --git a/go/ql/test/experimental/CWE-321-V2/vendor/github.com/golang-jwt/jwt/v5/stub.go b/go/ql/test/experimental/CWE-321-V2/vendor/github.com/golang-jwt/jwt/v5/stub.go new file mode 100644 index 00000000000..7588530ba3e --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/vendor/github.com/golang-jwt/jwt/v5/stub.go @@ -0,0 +1,306 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/golang-jwt/jwt/v5, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/golang-jwt/jwt/v5 (exports: RegisteredClaims,Parser,Token; functions: Parse,ParseWithClaims) + +// Package jwt is a stub of github.com/golang-jwt/jwt/v5, generated by depstubber. +package jwt + +import ( + time "time" +) + +type ClaimStrings []string + +func (_ ClaimStrings) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *ClaimStrings) UnmarshalJSON(_ []byte) error { + return nil +} + +type Claims interface { + GetAudience() (ClaimStrings, error) + GetExpirationTime() (*NumericDate, error) + GetIssuedAt() (*NumericDate, error) + GetIssuer() (string, error) + GetNotBefore() (*NumericDate, error) + GetSubject() (string, error) +} + +type Keyfunc func(*Token) (interface{}, error) + +type NumericDate struct { + Time time.Time +} + +func (_ NumericDate) Add(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) AddDate(_ int, _ int, _ int) time.Time { + return time.Time{} +} + +func (_ NumericDate) After(_ time.Time) bool { + return false +} + +func (_ NumericDate) AppendFormat(_ []byte, _ string) []byte { + return nil +} + +func (_ NumericDate) Before(_ time.Time) bool { + return false +} + +func (_ NumericDate) Clock() (int, int, int) { + return 0, 0, 0 +} + +func (_ NumericDate) Compare(_ time.Time) int { + return 0 +} + +func (_ NumericDate) Date() (int, time.Month, int) { + return 0, 0, 0 +} + +func (_ NumericDate) Day() int { + return 0 +} + +func (_ NumericDate) Equal(_ time.Time) bool { + return false +} + +func (_ NumericDate) Format(_ string) string { + return "" +} + +func (_ NumericDate) GoString() string { + return "" +} + +func (_ NumericDate) GobEncode() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) Hour() int { + return 0 +} + +func (_ NumericDate) ISOWeek() (int, int) { + return 0, 0 +} + +func (_ NumericDate) In(_ *time.Location) time.Time { + return time.Time{} +} + +func (_ NumericDate) IsDST() bool { + return false +} + +func (_ NumericDate) IsZero() bool { + return false +} + +func (_ NumericDate) Local() time.Time { + return time.Time{} +} + +func (_ NumericDate) Location() *time.Location { + return nil +} + +func (_ NumericDate) MarshalBinary() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) MarshalText() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) Minute() int { + return 0 +} + +func (_ NumericDate) Month() time.Month { + return 0 +} + +func (_ NumericDate) Nanosecond() int { + return 0 +} + +func (_ NumericDate) Round(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) Second() int { + return 0 +} + +func (_ NumericDate) String() string { + return "" +} + +func (_ NumericDate) Sub(_ time.Time) time.Duration { + return 0 +} + +func (_ NumericDate) Truncate(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) UTC() time.Time { + return time.Time{} +} + +func (_ NumericDate) Unix() int64 { + return 0 +} + +func (_ NumericDate) UnixMicro() int64 { + return 0 +} + +func (_ NumericDate) UnixMilli() int64 { + return 0 +} + +func (_ NumericDate) UnixNano() int64 { + return 0 +} + +func (_ NumericDate) Weekday() time.Weekday { + return 0 +} + +func (_ NumericDate) Year() int { + return 0 +} + +func (_ NumericDate) YearDay() int { + return 0 +} + +func (_ NumericDate) Zone() (string, int) { + return "", 0 +} + +func (_ NumericDate) ZoneBounds() (time.Time, time.Time) { + return time.Time{}, time.Time{} +} + +func (_ *NumericDate) GobDecode(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalBinary(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalJSON(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalText(_ []byte) error { + return nil +} + +func Parse(_ string, _ Keyfunc, _ ...ParserOption) (*Token, error) { + return nil, nil +} + +func ParseWithClaims(_ string, _ Claims, _ Keyfunc, _ ...ParserOption) (*Token, error) { + return nil, nil +} + +type Parser struct{} + +func (_ *Parser) DecodeSegment(_ string) ([]byte, error) { + return nil, nil +} + +func (_ *Parser) Parse(_ string, _ Keyfunc) (*Token, error) { + return nil, nil +} + +func (_ *Parser) ParseUnverified(_ string, _ Claims) (*Token, []string, error) { + return nil, nil, nil +} + +func (_ *Parser) ParseWithClaims(_ string, _ Claims, _ Keyfunc) (*Token, error) { + return nil, nil +} + +type ParserOption func(*Parser) + +type RegisteredClaims struct { + Issuer string + Subject string + Audience ClaimStrings + ExpiresAt *NumericDate + NotBefore *NumericDate + IssuedAt *NumericDate + ID string +} + +func (_ RegisteredClaims) GetAudience() (ClaimStrings, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetExpirationTime() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetIssuedAt() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetIssuer() (string, error) { + return "", nil +} + +func (_ RegisteredClaims) GetNotBefore() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetSubject() (string, error) { + return "", nil +} + +type SigningMethod interface { + Alg() string + Sign(_ string, _ interface{}) ([]byte, error) + Verify(_ string, _ []byte, _ interface{}) error +} + +type Token struct { + Raw string + Method SigningMethod + Header map[string]interface{} + Claims Claims + Signature []byte + Valid bool +} + +func (_ *Token) EncodeSegment(_ []byte) string { + return "" +} + +func (_ *Token) SignedString(_ interface{}) (string, error) { + return "", nil +} + +func (_ *Token) SigningString() (string, error) { + return "", nil +} diff --git a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt new file mode 100644 index 00000000000..01144bc9249 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt @@ -0,0 +1,84 @@ +# github.com/gin-gonic/gin v1.9.1 +## explicit +github.com/gin-gonic/gin +# github.com/go-jose/go-jose/v3 v3.0.0 +## explicit +github.com/go-jose/go-jose/v3 +# github.com/golang-jwt/jwt/v5 v5.0.0 +## explicit +github.com/golang-jwt/jwt/v5 +# github.com/bytedance/sonic v1.9.1 +## explicit +github.com/bytedance/sonic +# github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 +## explicit +github.com/chenzhuoyu/base64x +# github.com/gabriel-vasile/mimetype v1.4.2 +## explicit +github.com/gabriel-vasile/mimetype +# github.com/gin-contrib/sse v0.1.0 +## explicit +github.com/gin-contrib/sse +# github.com/go-playground/locales v0.14.1 +## explicit +github.com/go-playground/locales +# github.com/go-playground/universal-translator v0.18.1 +## explicit +github.com/go-playground/universal-translator +# github.com/go-playground/validator/v10 v10.14.0 +## explicit +github.com/go-playground/validator/v10 +# github.com/goccy/go-json v0.10.2 +## explicit +github.com/goccy/go-json +# github.com/json-iterator/go v1.1.12 +## explicit +github.com/json-iterator/go +# github.com/klauspost/cpuid/v2 v2.2.4 +## explicit +github.com/klauspost/cpuid/v2 +# github.com/leodido/go-urn v1.2.4 +## explicit +github.com/leodido/go-urn +# github.com/mattn/go-isatty v0.0.19 +## explicit +github.com/mattn/go-isatty +# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +## explicit +github.com/modern-go/concurrent +# github.com/modern-go/reflect2 v1.0.2 +## explicit +github.com/modern-go/reflect2 +# github.com/pelletier/go-toml/v2 v2.0.8 +## explicit +github.com/pelletier/go-toml/v2 +# github.com/twitchyliquid64/golang-asm v0.15.1 +## explicit +github.com/twitchyliquid64/golang-asm +# github.com/ugorji/go/codec v1.2.11 +## explicit +github.com/ugorji/go/codec +# golang.org/x/arch v0.3.0 +## explicit +golang.org/x/arch +# golang.org/x/net v0.10.0 +## explicit +golang.org/x/net +# golang.org/x/sys v0.11.0 +## explicit +golang.org/x/sys +# golang.org/x/text v0.12.0 +## explicit +golang.org/x/text +# google.golang.org/protobuf v1.30.0 +## explicit +google.golang.org/protobuf +# gopkg.in/yaml.v3 v3.0.1 +## explicit +gopkg.in/yaml.v3 +# github.com/google/go-cmp v0.5.9 +## explicit +github.com/google/go-cmp +# golang.org/x/crypto v0.12.0 +## explicit +golang.org/x/crypto diff --git a/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.expected b/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.expected new file mode 100644 index 00000000000..7162ed5802f --- /dev/null +++ b/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.expected @@ -0,0 +1,32 @@ +edges +| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | +| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | +| go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | +| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | +| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | +| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | +| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | +| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | +| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | +| golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | +| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | +| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | +nodes +| go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL | +| go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query | +| go-jose.v3.go:25:16:25:47 | call to Get | semmle.label | call to Get | +| go-jose.v3.go:26:15:26:25 | signedToken | semmle.label | signedToken | +| go-jose.v3.go:29:19:29:29 | definition of signedToken | semmle.label | definition of signedToken | +| go-jose.v3.go:31:2:31:48 | ... := ...[0] | semmle.label | ... := ...[0] | +| go-jose.v3.go:31:37:31:47 | signedToken | semmle.label | signedToken | +| go-jose.v3.go:33:12:33:23 | DecodedToken | semmle.label | DecodedToken | +| golang-jwt-v5.go:28:16:28:20 | selection of URL | semmle.label | selection of URL | +| golang-jwt-v5.go:28:16:28:28 | call to Query | semmle.label | call to Query | +| golang-jwt-v5.go:28:16:28:47 | call to Get | semmle.label | call to Get | +| golang-jwt-v5.go:29:25:29:35 | signedToken | semmle.label | signedToken | +| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | semmle.label | definition of signedToken | +| golang-jwt-v5.go:34:58:34:68 | signedToken | semmle.label | signedToken | +subpaths +#select +| go-jose.v3.go:33:12:33:23 | DecodedToken | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:33:12:33:23 | DecodedToken | This JWT is parsed without verification and received from $@. | go-jose.v3.go:25:16:25:20 | selection of URL | this user-controlled source | +| golang-jwt-v5.go:34:58:34:68 | signedToken | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:34:58:34:68 | signedToken | This JWT is parsed without verification and received from $@. | golang-jwt-v5.go:28:16:28:20 | selection of URL | this user-controlled source | diff --git a/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.qlref b/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.qlref new file mode 100644 index 00000000000..a4326ff97e6 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/ParseJWTWithoutVerification.qlref @@ -0,0 +1 @@ +experimental/CWE-347/ParseJWTWithoutVerification.ql \ No newline at end of file diff --git a/go/ql/test/experimental/CWE-347/go-jose.v3.go b/go/ql/test/experimental/CWE-347/go-jose.v3.go new file mode 100644 index 00000000000..3e55ced31f6 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/go-jose.v3.go @@ -0,0 +1,46 @@ +package jwt + +//go:generate depstubber -vendor github.com/go-jose/go-jose/v3/jwt JSONWebToken ParseSigned + +import ( + "fmt" + "github.com/go-jose/go-jose/v3/jwt" + "net/http" +) + +type CustomerInfo struct { + Name string + ID int +} + +var JwtKey = []byte("AllYourBase") + +func jose(r *http.Request) { + signedToken := r.URL.Query().Get("signedToken") + // OK: first decode and then verify + notVerifyJWT(signedToken) + verifyJWT(signedToken) + + // NOT OK: no verification + signedToken = r.URL.Query().Get("signedToken") + notVerifyJWT(signedToken) +} + +func notVerifyJWT(signedToken string) { + fmt.Println("only decoding JWT") + DecodedToken, _ := jwt.ParseSigned(signedToken) + out := CustomerInfo{} + if err := DecodedToken.UnsafeClaimsWithoutVerification(&out); err != nil { + panic(err) + } + fmt.Printf("%v\n", out) +} +func verifyJWT(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, _ := jwt.ParseSigned(signedToken) + out := CustomerInfo{} + if err := DecodedToken.Claims(JwtKey, &out); err != nil { + panic(err) + } + fmt.Printf("%v\n", out) +} diff --git a/go/ql/test/experimental/CWE-347/go.mod b/go/ql/test/experimental/CWE-347/go.mod new file mode 100644 index 00000000000..84e592efcf3 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/go.mod @@ -0,0 +1,37 @@ +module main + +go 1.18 + +require ( + github.com/gin-gonic/gin v1.9.1 + github.com/go-jose/go-jose/v3 v3.0.0 + github.com/golang-jwt/jwt/v5 v5.0.0 +) + +require ( + github.com/bytedance/sonic v1.9.1 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/gin-contrib/sse v0.1.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/leodido/go-urn v1.2.4 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.11 // indirect + golang.org/x/arch v0.3.0 // indirect + golang.org/x/net v0.10.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect + google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + github.com/google/go-cmp v0.5.9 // indirect + golang.org/x/crypto v0.12.0 // indirect +) diff --git a/go/ql/test/experimental/CWE-347/golang-jwt-v5.go b/go/ql/test/experimental/CWE-347/golang-jwt-v5.go new file mode 100644 index 00000000000..e37265f03c0 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/golang-jwt-v5.go @@ -0,0 +1,54 @@ +package jwt + +//go:generate depstubber -vendor github.com/golang-jwt/jwt/v5 RegisteredClaims,Parser,Token ParseWithClaims,NewParser + +import ( + "fmt" + "github.com/golang-jwt/jwt/v5" + "log" + "net/http" +) + +type CustomerInfo1 struct { + Name string + ID int + jwt.RegisteredClaims +} + +// BAD constant key +var JwtKey1 = []byte("AllYourBase") + +func golangjwt(r *http.Request) { + signedToken := r.URL.Query().Get("signedToken") + // OK: first decode and then verify + notVerifyJWT_golangjwt(signedToken) + verifyJWT_golangjwt(signedToken) + + // NOT OK: only unverified parse + signedToken = r.URL.Query().Get("signedToken") + notVerifyJWT_golangjwt(signedToken) +} + +func notVerifyJWT_golangjwt(signedToken string) { + fmt.Println("only decoding JWT") + DecodedToken, _, err := jwt.NewParser().ParseUnverified(signedToken, &CustomerInfo1{}) + if claims, ok := DecodedToken.Claims.(*CustomerInfo1); ok { + fmt.Printf("DecodedToken:%v\n", claims) + } else { + log.Fatal("error", err) + } +} + +func LoadJwtKey(token *jwt.Token) (interface{}, error) { + return JwtKey, nil +} + +func verifyJWT_golangjwt(signedToken string) { + fmt.Println("verifying JWT") + DecodedToken, err := jwt.ParseWithClaims(signedToken, &CustomerInfo1{}, LoadJwtKey) + if claims, ok := DecodedToken.Claims.(*CustomerInfo1); ok && DecodedToken.Valid { + fmt.Printf("NAME:%v ,ID:%v\n", claims.Name, claims.ID) + } else { + log.Fatal(err) + } +} diff --git a/go/ql/test/experimental/CWE-347/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go b/go/ql/test/experimental/CWE-347/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go new file mode 100644 index 00000000000..a160226c423 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/vendor/github.com/go-jose/go-jose/v3/jwt/stub.go @@ -0,0 +1,24 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/go-jose/go-jose/v3/jwt, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/go-jose/go-jose/v3/jwt (exports: JSONWebToken; functions: ParseSigned) + +// Package jwt is a stub of github.com/go-jose/go-jose/v3/jwt, generated by depstubber. +package jwt + +type JSONWebToken struct { + Headers []interface{} +} + +func (_ *JSONWebToken) Claims(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *JSONWebToken) UnsafeClaimsWithoutVerification(_ ...interface{}) error { + return nil +} + +func ParseSigned(_ string) (*JSONWebToken, error) { + return nil, nil +} diff --git a/go/ql/test/experimental/CWE-347/vendor/github.com/golang-jwt/jwt/v5/stub.go b/go/ql/test/experimental/CWE-347/vendor/github.com/golang-jwt/jwt/v5/stub.go new file mode 100644 index 00000000000..6e4c4f327af --- /dev/null +++ b/go/ql/test/experimental/CWE-347/vendor/github.com/golang-jwt/jwt/v5/stub.go @@ -0,0 +1,306 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/golang-jwt/jwt/v5, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/golang-jwt/jwt/v5 (exports: RegisteredClaims,Parser,Token; functions: ParseWithClaims,NewParser) + +// Package jwt is a stub of github.com/golang-jwt/jwt/v5, generated by depstubber. +package jwt + +import ( + time "time" +) + +type ClaimStrings []string + +func (_ ClaimStrings) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *ClaimStrings) UnmarshalJSON(_ []byte) error { + return nil +} + +type Claims interface { + GetAudience() (ClaimStrings, error) + GetExpirationTime() (*NumericDate, error) + GetIssuedAt() (*NumericDate, error) + GetIssuer() (string, error) + GetNotBefore() (*NumericDate, error) + GetSubject() (string, error) +} + +type Keyfunc func(*Token) (interface{}, error) + +func NewParser(_ ...ParserOption) *Parser { + return nil +} + +type NumericDate struct { + Time time.Time +} + +func (_ NumericDate) Add(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) AddDate(_ int, _ int, _ int) time.Time { + return time.Time{} +} + +func (_ NumericDate) After(_ time.Time) bool { + return false +} + +func (_ NumericDate) AppendFormat(_ []byte, _ string) []byte { + return nil +} + +func (_ NumericDate) Before(_ time.Time) bool { + return false +} + +func (_ NumericDate) Clock() (int, int, int) { + return 0, 0, 0 +} + +func (_ NumericDate) Compare(_ time.Time) int { + return 0 +} + +func (_ NumericDate) Date() (int, time.Month, int) { + return 0, 0, 0 +} + +func (_ NumericDate) Day() int { + return 0 +} + +func (_ NumericDate) Equal(_ time.Time) bool { + return false +} + +func (_ NumericDate) Format(_ string) string { + return "" +} + +func (_ NumericDate) GoString() string { + return "" +} + +func (_ NumericDate) GobEncode() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) Hour() int { + return 0 +} + +func (_ NumericDate) ISOWeek() (int, int) { + return 0, 0 +} + +func (_ NumericDate) In(_ *time.Location) time.Time { + return time.Time{} +} + +func (_ NumericDate) IsDST() bool { + return false +} + +func (_ NumericDate) IsZero() bool { + return false +} + +func (_ NumericDate) Local() time.Time { + return time.Time{} +} + +func (_ NumericDate) Location() *time.Location { + return nil +} + +func (_ NumericDate) MarshalBinary() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) MarshalText() ([]byte, error) { + return nil, nil +} + +func (_ NumericDate) Minute() int { + return 0 +} + +func (_ NumericDate) Month() time.Month { + return 0 +} + +func (_ NumericDate) Nanosecond() int { + return 0 +} + +func (_ NumericDate) Round(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) Second() int { + return 0 +} + +func (_ NumericDate) String() string { + return "" +} + +func (_ NumericDate) Sub(_ time.Time) time.Duration { + return 0 +} + +func (_ NumericDate) Truncate(_ time.Duration) time.Time { + return time.Time{} +} + +func (_ NumericDate) UTC() time.Time { + return time.Time{} +} + +func (_ NumericDate) Unix() int64 { + return 0 +} + +func (_ NumericDate) UnixMicro() int64 { + return 0 +} + +func (_ NumericDate) UnixMilli() int64 { + return 0 +} + +func (_ NumericDate) UnixNano() int64 { + return 0 +} + +func (_ NumericDate) Weekday() time.Weekday { + return 0 +} + +func (_ NumericDate) Year() int { + return 0 +} + +func (_ NumericDate) YearDay() int { + return 0 +} + +func (_ NumericDate) Zone() (string, int) { + return "", 0 +} + +func (_ NumericDate) ZoneBounds() (time.Time, time.Time) { + return time.Time{}, time.Time{} +} + +func (_ *NumericDate) GobDecode(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalBinary(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalJSON(_ []byte) error { + return nil +} + +func (_ *NumericDate) UnmarshalText(_ []byte) error { + return nil +} + +func ParseWithClaims(_ string, _ Claims, _ Keyfunc, _ ...ParserOption) (*Token, error) { + return nil, nil +} + +type Parser struct{} + +func (_ *Parser) DecodeSegment(_ string) ([]byte, error) { + return nil, nil +} + +func (_ *Parser) Parse(_ string, _ Keyfunc) (*Token, error) { + return nil, nil +} + +func (_ *Parser) ParseUnverified(_ string, _ Claims) (*Token, []string, error) { + return nil, nil, nil +} + +func (_ *Parser) ParseWithClaims(_ string, _ Claims, _ Keyfunc) (*Token, error) { + return nil, nil +} + +type ParserOption func(*Parser) + +type RegisteredClaims struct { + Issuer string + Subject string + Audience ClaimStrings + ExpiresAt *NumericDate + NotBefore *NumericDate + IssuedAt *NumericDate + ID string +} + +func (_ RegisteredClaims) GetAudience() (ClaimStrings, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetExpirationTime() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetIssuedAt() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetIssuer() (string, error) { + return "", nil +} + +func (_ RegisteredClaims) GetNotBefore() (*NumericDate, error) { + return nil, nil +} + +func (_ RegisteredClaims) GetSubject() (string, error) { + return "", nil +} + +type SigningMethod interface { + Alg() string + Sign(_ string, _ interface{}) ([]byte, error) + Verify(_ string, _ []byte, _ interface{}) error +} + +type Token struct { + Raw string + Method SigningMethod + Header map[string]interface{} + Claims Claims + Signature []byte + Valid bool +} + +func (_ *Token) EncodeSegment(_ []byte) string { + return "" +} + +func (_ *Token) SignedString(_ interface{}) (string, error) { + return "", nil +} + +func (_ *Token) SigningString() (string, error) { + return "", nil +} diff --git a/go/ql/test/experimental/CWE-347/vendor/modules.txt b/go/ql/test/experimental/CWE-347/vendor/modules.txt new file mode 100644 index 00000000000..01144bc9249 --- /dev/null +++ b/go/ql/test/experimental/CWE-347/vendor/modules.txt @@ -0,0 +1,84 @@ +# github.com/gin-gonic/gin v1.9.1 +## explicit +github.com/gin-gonic/gin +# github.com/go-jose/go-jose/v3 v3.0.0 +## explicit +github.com/go-jose/go-jose/v3 +# github.com/golang-jwt/jwt/v5 v5.0.0 +## explicit +github.com/golang-jwt/jwt/v5 +# github.com/bytedance/sonic v1.9.1 +## explicit +github.com/bytedance/sonic +# github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 +## explicit +github.com/chenzhuoyu/base64x +# github.com/gabriel-vasile/mimetype v1.4.2 +## explicit +github.com/gabriel-vasile/mimetype +# github.com/gin-contrib/sse v0.1.0 +## explicit +github.com/gin-contrib/sse +# github.com/go-playground/locales v0.14.1 +## explicit +github.com/go-playground/locales +# github.com/go-playground/universal-translator v0.18.1 +## explicit +github.com/go-playground/universal-translator +# github.com/go-playground/validator/v10 v10.14.0 +## explicit +github.com/go-playground/validator/v10 +# github.com/goccy/go-json v0.10.2 +## explicit +github.com/goccy/go-json +# github.com/json-iterator/go v1.1.12 +## explicit +github.com/json-iterator/go +# github.com/klauspost/cpuid/v2 v2.2.4 +## explicit +github.com/klauspost/cpuid/v2 +# github.com/leodido/go-urn v1.2.4 +## explicit +github.com/leodido/go-urn +# github.com/mattn/go-isatty v0.0.19 +## explicit +github.com/mattn/go-isatty +# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +## explicit +github.com/modern-go/concurrent +# github.com/modern-go/reflect2 v1.0.2 +## explicit +github.com/modern-go/reflect2 +# github.com/pelletier/go-toml/v2 v2.0.8 +## explicit +github.com/pelletier/go-toml/v2 +# github.com/twitchyliquid64/golang-asm v0.15.1 +## explicit +github.com/twitchyliquid64/golang-asm +# github.com/ugorji/go/codec v1.2.11 +## explicit +github.com/ugorji/go/codec +# golang.org/x/arch v0.3.0 +## explicit +golang.org/x/arch +# golang.org/x/net v0.10.0 +## explicit +golang.org/x/net +# golang.org/x/sys v0.11.0 +## explicit +golang.org/x/sys +# golang.org/x/text v0.12.0 +## explicit +golang.org/x/text +# google.golang.org/protobuf v1.30.0 +## explicit +google.golang.org/protobuf +# gopkg.in/yaml.v3 v3.0.1 +## explicit +gopkg.in/yaml.v3 +# github.com/google/go-cmp v0.5.9 +## explicit +github.com/google/go-cmp +# golang.org/x/crypto v0.12.0 +## explicit +golang.org/x/crypto diff --git a/go/ql/test/go.mod b/go/ql/test/go.mod new file mode 100644 index 00000000000..2420613ecee --- /dev/null +++ b/go/ql/test/go.mod @@ -0,0 +1,4 @@ +module github.com/github/codeql-go/ql/test + +go 1.21 + diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.expected b/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.expected new file mode 100644 index 00000000000..8ec8033d086 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.expected @@ -0,0 +1,2 @@ +testFailures +failures diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.ql b/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.ql new file mode 100644 index 00000000000..0d65f9e22b0 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.ql @@ -0,0 +1,34 @@ +import go +import TestUtilities.InlineExpectationsTest + +module FileSystemAccessTest implements TestSig { + string getARelevantTag() { result = ["FileSystemAccess", "succ", "pred"] } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(FileSystemAccess fsa | + fsa.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), + location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and + element = fsa.getAPathArgument().toString() and + value = fsa.getAPathArgument().toString() and + tag = "FileSystemAccess" + ) + or + exists(DataFlow::Node succ, DataFlow::Node pred | + any(Afero::AdditionalTaintStep adts).step(pred, succ) + | + succ.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), + location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and + element = succ.toString() and + value = succ.asExpr().(StructLit).getType().getName() and + tag = "succ" + or + pred.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), + location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and + element = pred.toString() and + value = pred.toString() and + tag = "pred" + ) + } +} + +import MakeTest diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/Afero/go.mod new file mode 100644 index 00000000000..b51412fd20c --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/go.mod @@ -0,0 +1,93 @@ +module aferno + +go 1.20 + +require ( + github.com/beego/beego/v2 v2.1.1 + github.com/gin-gonic/gin v1.9.1 + github.com/gofiber/fiber/v2 v2.48.0 + github.com/kataras/iris/v12 v12.2.5 + github.com/labstack/echo/v4 v4.11.1 + github.com/spf13/afero v1.9.5 + github.com/valyala/fasthttp v1.48.0 +) + +require ( + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 // indirect + github.com/CloudyKit/jet/v6 v6.2.0 // indirect + github.com/Joker/jade v1.1.3 // indirect + github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 // indirect + github.com/andybalholm/brotli v1.0.5 // indirect + github.com/aymerick/douceur v0.2.0 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/bytedance/sonic v1.9.1 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/fatih/structs v1.1.0 // indirect + github.com/flosch/pongo2/v4 v4.0.2 // indirect + github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/gin-contrib/sse v0.1.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.14.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/snappy v0.0.4 // indirect + github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/gorilla/css v1.0.0 // indirect + github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/iris-contrib/schema v0.0.6 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/kataras/blocks v0.0.7 // indirect + github.com/kataras/golog v0.1.9 // indirect + github.com/kataras/pio v0.0.12 // indirect + github.com/kataras/sitemap v0.0.6 // indirect + github.com/kataras/tunnel v0.0.4 // indirect + github.com/klauspost/compress v1.16.7 // indirect + github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/labstack/gommon v0.4.0 // indirect + github.com/leodido/go-urn v1.2.4 // indirect + github.com/mailgun/raymond/v2 v2.0.48 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/microcosm-cc/bluemonday v1.0.25 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.16.0 // indirect + github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/common v0.42.0 // indirect + github.com/prometheus/procfs v0.10.1 // indirect + github.com/rivo/uniseg v0.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/schollz/closestmatch v2.1.0+incompatible // indirect + github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect + github.com/sirupsen/logrus v1.8.1 // indirect + github.com/tdewolff/minify/v2 v2.12.8 // indirect + github.com/tdewolff/parse/v2 v2.6.7 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.11 // indirect + github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/valyala/fasttemplate v1.2.2 // indirect + github.com/valyala/tcplisten v1.0.0 // indirect + github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + github.com/yosssi/ace v0.0.5 // indirect + golang.org/x/arch v0.3.0 // indirect + golang.org/x/crypto v0.12.0 // indirect + golang.org/x/net v0.14.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect + golang.org/x/time v0.3.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Afero/test.go new file mode 100644 index 00000000000..edfc960b59f --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/test.go @@ -0,0 +1,80 @@ +package main + +//go:generate depstubber -vendor github.com/spf13/afero Afero,RegexpFs,HttpFs,ReadOnlyFs,MemMapFs,OsFs,BasePathFs WriteReader,SafeWriteReader,WriteFile,ReadFile,ReadDir,NewOsFs,NewRegexpFs,NewReadOnlyFs,NewCacheOnReadFs,,NewHttpFs,NewBasePathFs,NewIOFS + +import ( + "fmt" + "net/http" + "os" + "regexp" + + "github.com/spf13/afero" +) + +func main() { + return +} + +func Afero(writer http.ResponseWriter, request *http.Request) { + filepath := request.URL.Query()["filepath"][0] + //osFS := afero.NewMemMapFs() + // OR + osFS := afero.NewOsFs() + fmt.Println(osFS.MkdirAll(filepath, 0755)) // $ FileSystemAccess=filepath + fmt.Println(afero.WriteFile(osFS, filepath, []byte("this is me a !"), 0755)) // $ FileSystemAccess=filepath + content, _ := afero.ReadFile(osFS, filepath) // $ FileSystemAccess=filepath + fmt.Println(string(content)) + fmt.Println(osFS.Open(filepath)) // $ FileSystemAccess=filepath + // NOT OK + fmt.Println(afero.SafeWriteReader(osFS, filepath, os.Stdout)) // $ FileSystemAccess=filepath + fmt.Println(afero.WriteReader(osFS, filepath, os.Stdout)) // $ FileSystemAccess=filepath + + // RegexpFs ==> NOT OK + fmt.Println("RegexpFs:") + regex, _ := regexp.Compile(".*") + regexpFs := afero.NewRegexpFs(osFS, regex) + fmt.Println(afero.ReadFile(regexpFs, filepath)) // $ FileSystemAccess=filepath + + // ReadOnlyFS ==> NOT OK + fmt.Println("ReadOnlyFS:") + readOnlyFS := afero.NewReadOnlyFs(osFS) + fmt.Println(afero.ReadFile(readOnlyFS, filepath)) // $ FileSystemAccess=filepath + + // CacheOnReadFs ==> NOT OK + fmt.Println("CacheOnReadFs:") + cacheOnReadFs := afero.NewCacheOnReadFs(osFS, osFS, 10) + fmt.Println(afero.ReadFile(cacheOnReadFs, filepath)) // $ FileSystemAccess=filepath + + // HttpFS ==> NOT OK + fmt.Println("HttpFS:") + httpFs := afero.NewHttpFs(osFS) + httpFile, _ := httpFs.Open(filepath) // $ FileSystemAccess=filepath + tmpbytes := make([]byte, 30) + fmt.Println(httpFile.Read(tmpbytes)) + fmt.Println(string(tmpbytes)) + + // osFS ==> NOT OK + fmt.Println("Afero:") + afs := &afero.Afero{Fs: osFS} // $ succ=Afero pred=osFS + afs0 := afero.Afero{Fs: osFS} // $ succ=Afero pred=osFS + afs = &afs0 + fmt.Println(afs.ReadFile(filepath)) // $ FileSystemAccess=filepath + + // BasePathFs ==> OK + fmt.Println("Afero:") + newBasePathFs := afero.NewBasePathFs(osFS, "tmp") + basePathFs0 := &afero.Afero{Fs: newBasePathFs} // $ succ=Afero pred=newBasePathFs + fmt.Println(basePathFs0.ReadFile(filepath)) + + // IOFS ==> OK + fmt.Println("IOFS:") + ioFS := afero.NewIOFS(osFS) + fmt.Println(ioFS.ReadFile(filepath)) + fmt.Println(ioFS.Open(filepath)) + + // BasePathFs ==> OK + fmt.Println("BasePathFs:") + basePathFs := afero.NewBasePathFs(osFS, "tmp") + fmt.Println(afero.ReadFile(basePathFs, filepath)) + afero.ReadFile(basePathFs, filepath) +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/github.com/spf13/afero/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/github.com/spf13/afero/stub.go new file mode 100644 index 00000000000..247b2e51dd2 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/github.com/spf13/afero/stub.go @@ -0,0 +1,663 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/spf13/afero, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/spf13/afero (exports: Afero,RegexpFs,HttpFs,ReadOnlyFs,MemMapFs,OsFs,BasePathFs; functions: WriteReader,SafeWriteReader,WriteFile,ReadFile,ReadDir,NewOsFs,NewRegexpFs,NewReadOnlyFs,NewCacheOnReadFs,NewHttpFs,NewBasePathFs,NewIOFS) + +// Package afero is a stub of github.com/spf13/afero, generated by depstubber. +package afero + +import ( + io "io" + fs "io/fs" + http "net/http" + filepath "path/filepath" + regexp "regexp" + time "time" +) + +type Afero struct { + Fs Fs +} + +func (_ Afero) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ Afero) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ Afero) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ Afero) Create(_ string) (File, error) { + return nil, nil +} + +func (_ Afero) DirExists(_ string) (bool, error) { + return false, nil +} + +func (_ Afero) Exists(_ string) (bool, error) { + return false, nil +} + +func (_ Afero) FileContainsAnyBytes(_ string, _ [][]byte) (bool, error) { + return false, nil +} + +func (_ Afero) FileContainsBytes(_ string, _ []byte) (bool, error) { + return false, nil +} + +func (_ Afero) GetTempDir(_ string) string { + return "" +} + +func (_ Afero) IsDir(_ string) (bool, error) { + return false, nil +} + +func (_ Afero) IsEmpty(_ string) (bool, error) { + return false, nil +} + +func (_ Afero) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ Afero) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ Afero) Name() string { + return "" +} + +func (_ Afero) Open(_ string) (File, error) { + return nil, nil +} + +func (_ Afero) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ Afero) ReadDir(_ string) ([]fs.FileInfo, error) { + return nil, nil +} + +func (_ Afero) ReadFile(_ string) ([]byte, error) { + return nil, nil +} + +func (_ Afero) Remove(_ string) error { + return nil +} + +func (_ Afero) RemoveAll(_ string) error { + return nil +} + +func (_ Afero) Rename(_ string, _ string) error { + return nil +} + +func (_ Afero) SafeWriteReader(_ string, _ io.Reader) error { + return nil +} + +func (_ Afero) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func (_ Afero) TempDir(_ string, _ string) (string, error) { + return "", nil +} + +func (_ Afero) TempFile(_ string, _ string) (File, error) { + return nil, nil +} + +func (_ Afero) Walk(_ string, _ filepath.WalkFunc) error { + return nil +} + +func (_ Afero) WriteFile(_ string, _ []byte, _ fs.FileMode) error { + return nil +} + +func (_ Afero) WriteReader(_ string, _ io.Reader) error { + return nil +} + +type BasePathFs struct{} + +func (_ *BasePathFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *BasePathFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ *BasePathFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ *BasePathFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ *BasePathFs) LstatIfPossible(_ string) (fs.FileInfo, bool, error) { + return nil, false, nil +} + +func (_ *BasePathFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *BasePathFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *BasePathFs) Name() string { + return "" +} + +func (_ *BasePathFs) Open(_ string) (File, error) { + return nil, nil +} + +func (_ *BasePathFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ *BasePathFs) ReadlinkIfPossible(_ string) (string, error) { + return "", nil +} + +func (_ *BasePathFs) RealPath(_ string) (string, error) { + return "", nil +} + +func (_ *BasePathFs) Remove(_ string) error { + return nil +} + +func (_ *BasePathFs) RemoveAll(_ string) error { + return nil +} + +func (_ *BasePathFs) Rename(_ string, _ string) error { + return nil +} + +func (_ *BasePathFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func (_ *BasePathFs) SymlinkIfPossible(_ string, _ string) error { + return nil +} + +type File interface { + Close() error + Name() string + Read(_ []byte) (int, error) + ReadAt(_ []byte, _ int64) (int, error) + Readdir(_ int) ([]fs.FileInfo, error) + Readdirnames(_ int) ([]string, error) + Seek(_ int64, _ int) (int64, error) + Stat() (fs.FileInfo, error) + Sync() error + Truncate(_ int64) error + Write(_ []byte) (int, error) + WriteAt(_ []byte, _ int64) (int, error) + WriteString(_ string) (int, error) +} + +type Fs interface { + Chmod(_ string, _ fs.FileMode) error + Chown(_ string, _ int, _ int) error + Chtimes(_ string, _ time.Time, _ time.Time) error + Create(_ string) (File, error) + Mkdir(_ string, _ fs.FileMode) error + MkdirAll(_ string, _ fs.FileMode) error + Name() string + Open(_ string) (File, error) + OpenFile(_ string, _ int, _ fs.FileMode) (File, error) + Remove(_ string) error + RemoveAll(_ string) error + Rename(_ string, _ string) error + Stat(_ string) (fs.FileInfo, error) +} + +type HttpFs struct{} + +func (_ HttpFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ HttpFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ HttpFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ HttpFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ HttpFs) Dir(_ string) interface{} { + return nil +} + +func (_ HttpFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ HttpFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ HttpFs) Name() string { + return "" +} + +func (_ HttpFs) Open(_ string) (http.File, error) { + return nil, nil +} + +func (_ HttpFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ HttpFs) Remove(_ string) error { + return nil +} + +func (_ HttpFs) RemoveAll(_ string) error { + return nil +} + +func (_ HttpFs) Rename(_ string, _ string) error { + return nil +} + +func (_ HttpFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +type IOFS struct { + Fs Fs +} + +func (_ IOFS) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ IOFS) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ IOFS) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ IOFS) Create(_ string) (File, error) { + return nil, nil +} + +func (_ IOFS) Glob(_ string) ([]string, error) { + return nil, nil +} + +func (_ IOFS) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ IOFS) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ IOFS) Name() string { + return "" +} + +func (_ IOFS) Open(_ string) (fs.File, error) { + return nil, nil +} + +func (_ IOFS) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ IOFS) ReadDir(_ string) ([]fs.DirEntry, error) { + return nil, nil +} + +func (_ IOFS) ReadFile(_ string) ([]byte, error) { + return nil, nil +} + +func (_ IOFS) Remove(_ string) error { + return nil +} + +func (_ IOFS) RemoveAll(_ string) error { + return nil +} + +func (_ IOFS) Rename(_ string, _ string) error { + return nil +} + +func (_ IOFS) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func (_ IOFS) Sub(_ string) (fs.FS, error) { + return nil, nil +} + +type MemMapFs struct{} + +func (_ *MemMapFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *MemMapFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ *MemMapFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ *MemMapFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ *MemMapFs) List() {} + +func (_ *MemMapFs) LstatIfPossible(_ string) (fs.FileInfo, bool, error) { + return nil, false, nil +} + +func (_ *MemMapFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *MemMapFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *MemMapFs) Name() string { + return "" +} + +func (_ *MemMapFs) Open(_ string) (File, error) { + return nil, nil +} + +func (_ *MemMapFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ *MemMapFs) Remove(_ string) error { + return nil +} + +func (_ *MemMapFs) RemoveAll(_ string) error { + return nil +} + +func (_ *MemMapFs) Rename(_ string, _ string) error { + return nil +} + +func (_ *MemMapFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func NewBasePathFs(_ Fs, _ string) Fs { + return nil +} + +func NewCacheOnReadFs(_ Fs, _ Fs, _ time.Duration) Fs { + return nil +} + +func NewHttpFs(_ Fs) *HttpFs { + return nil +} + +func NewIOFS(_ Fs) IOFS { + return IOFS{} +} + +func NewOsFs() Fs { + return nil +} + +func NewReadOnlyFs(_ Fs) Fs { + return nil +} + +func NewRegexpFs(_ Fs, _ *regexp.Regexp) Fs { + return nil +} + +type OsFs struct{} + +func (_ OsFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ OsFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ OsFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ OsFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ OsFs) LstatIfPossible(_ string) (fs.FileInfo, bool, error) { + return nil, false, nil +} + +func (_ OsFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ OsFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ OsFs) Name() string { + return "" +} + +func (_ OsFs) Open(_ string) (File, error) { + return nil, nil +} + +func (_ OsFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ OsFs) ReadlinkIfPossible(_ string) (string, error) { + return "", nil +} + +func (_ OsFs) Remove(_ string) error { + return nil +} + +func (_ OsFs) RemoveAll(_ string) error { + return nil +} + +func (_ OsFs) Rename(_ string, _ string) error { + return nil +} + +func (_ OsFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func (_ OsFs) SymlinkIfPossible(_ string, _ string) error { + return nil +} + +func ReadDir(_ Fs, _ string) ([]fs.FileInfo, error) { + return nil, nil +} + +func ReadFile(_ Fs, _ string) ([]byte, error) { + return nil, nil +} + +type ReadOnlyFs struct{} + +func (_ *ReadOnlyFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *ReadOnlyFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ *ReadOnlyFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ *ReadOnlyFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ *ReadOnlyFs) LstatIfPossible(_ string) (fs.FileInfo, bool, error) { + return nil, false, nil +} + +func (_ *ReadOnlyFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *ReadOnlyFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *ReadOnlyFs) Name() string { + return "" +} + +func (_ *ReadOnlyFs) Open(_ string) (File, error) { + return nil, nil +} + +func (_ *ReadOnlyFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ *ReadOnlyFs) ReadDir(_ string) ([]fs.FileInfo, error) { + return nil, nil +} + +func (_ *ReadOnlyFs) ReadlinkIfPossible(_ string) (string, error) { + return "", nil +} + +func (_ *ReadOnlyFs) Remove(_ string) error { + return nil +} + +func (_ *ReadOnlyFs) RemoveAll(_ string) error { + return nil +} + +func (_ *ReadOnlyFs) Rename(_ string, _ string) error { + return nil +} + +func (_ *ReadOnlyFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func (_ *ReadOnlyFs) SymlinkIfPossible(_ string, _ string) error { + return nil +} + +type RegexpFs struct{} + +func (_ *RegexpFs) Chmod(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *RegexpFs) Chown(_ string, _ int, _ int) error { + return nil +} + +func (_ *RegexpFs) Chtimes(_ string, _ time.Time, _ time.Time) error { + return nil +} + +func (_ *RegexpFs) Create(_ string) (File, error) { + return nil, nil +} + +func (_ *RegexpFs) Mkdir(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *RegexpFs) MkdirAll(_ string, _ fs.FileMode) error { + return nil +} + +func (_ *RegexpFs) Name() string { + return "" +} + +func (_ *RegexpFs) Open(_ string) (File, error) { + return nil, nil +} + +func (_ *RegexpFs) OpenFile(_ string, _ int, _ fs.FileMode) (File, error) { + return nil, nil +} + +func (_ *RegexpFs) Remove(_ string) error { + return nil +} + +func (_ *RegexpFs) RemoveAll(_ string) error { + return nil +} + +func (_ *RegexpFs) Rename(_ string, _ string) error { + return nil +} + +func (_ *RegexpFs) Stat(_ string) (fs.FileInfo, error) { + return nil, nil +} + +func SafeWriteReader(_ Fs, _ string, _ io.Reader) error { + return nil +} + +func WriteFile(_ Fs, _ string, _ []byte, _ fs.FileMode) error { + return nil +} + +func WriteReader(_ Fs, _ string, _ io.Reader) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/modules.txt new file mode 100644 index 00000000000..aef6f91e4f0 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/vendor/modules.txt @@ -0,0 +1,252 @@ +# github.com/beego/beego/v2 v2.1.1 +## explicit +github.com/beego/beego/v2 +# github.com/gin-gonic/gin v1.9.1 +## explicit +github.com/gin-gonic/gin +# github.com/gofiber/fiber/v2 v2.48.0 +## explicit +github.com/gofiber/fiber/v2 +# github.com/kataras/iris/v12 v12.2.5 +## explicit +github.com/kataras/iris/v12 +# github.com/labstack/echo/v4 v4.11.1 +## explicit +github.com/labstack/echo/v4 +# github.com/spf13/afero v1.9.5 +## explicit +github.com/spf13/afero +# github.com/valyala/fasthttp v1.48.0 +## explicit +github.com/valyala/fasthttp +# github.com/BurntSushi/toml v1.3.2 +## explicit +github.com/BurntSushi/toml +# github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 +## explicit +github.com/CloudyKit/fastprinter +# github.com/CloudyKit/jet/v6 v6.2.0 +## explicit +github.com/CloudyKit/jet/v6 +# github.com/Joker/jade v1.1.3 +## explicit +github.com/Joker/jade +# github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 +## explicit +github.com/Shopify/goreferrer +# github.com/andybalholm/brotli v1.0.5 +## explicit +github.com/andybalholm/brotli +# github.com/aymerick/douceur v0.2.0 +## explicit +github.com/aymerick/douceur +# github.com/beorn7/perks v1.0.1 +## explicit +github.com/beorn7/perks +# github.com/bytedance/sonic v1.9.1 +## explicit +github.com/bytedance/sonic +# github.com/cespare/xxhash/v2 v2.2.0 +## explicit +github.com/cespare/xxhash/v2 +# github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 +## explicit +github.com/chenzhuoyu/base64x +# github.com/fatih/structs v1.1.0 +## explicit +github.com/fatih/structs +# github.com/flosch/pongo2/v4 v4.0.2 +## explicit +github.com/flosch/pongo2/v4 +# github.com/gabriel-vasile/mimetype v1.4.2 +## explicit +github.com/gabriel-vasile/mimetype +# github.com/gin-contrib/sse v0.1.0 +## explicit +github.com/gin-contrib/sse +# github.com/go-playground/locales v0.14.1 +## explicit +github.com/go-playground/locales +# github.com/go-playground/universal-translator v0.18.1 +## explicit +github.com/go-playground/universal-translator +# github.com/go-playground/validator/v10 v10.14.0 +## explicit +github.com/go-playground/validator/v10 +# github.com/goccy/go-json v0.10.2 +## explicit +github.com/goccy/go-json +# github.com/golang/protobuf v1.5.3 +## explicit +github.com/golang/protobuf +# github.com/golang/snappy v0.0.4 +## explicit +github.com/golang/snappy +# github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 +## explicit +github.com/gomarkdown/markdown +# github.com/google/uuid v1.3.0 +## explicit +github.com/google/uuid +# github.com/gorilla/css v1.0.0 +## explicit +github.com/gorilla/css +# github.com/hashicorp/golang-lru v0.5.4 +## explicit +github.com/hashicorp/golang-lru +# github.com/iris-contrib/schema v0.0.6 +## explicit +github.com/iris-contrib/schema +# github.com/josharian/intern v1.0.0 +## explicit +github.com/josharian/intern +# github.com/json-iterator/go v1.1.12 +## explicit +github.com/json-iterator/go +# github.com/kataras/blocks v0.0.7 +## explicit +github.com/kataras/blocks +# github.com/kataras/golog v0.1.9 +## explicit +github.com/kataras/golog +# github.com/kataras/pio v0.0.12 +## explicit +github.com/kataras/pio +# github.com/kataras/sitemap v0.0.6 +## explicit +github.com/kataras/sitemap +# github.com/kataras/tunnel v0.0.4 +## explicit +github.com/kataras/tunnel +# github.com/klauspost/compress v1.16.7 +## explicit +github.com/klauspost/compress +# github.com/klauspost/cpuid/v2 v2.2.4 +## explicit +github.com/klauspost/cpuid/v2 +# github.com/labstack/gommon v0.4.0 +## explicit +github.com/labstack/gommon +# github.com/leodido/go-urn v1.2.4 +## explicit +github.com/leodido/go-urn +# github.com/mailgun/raymond/v2 v2.0.48 +## explicit +github.com/mailgun/raymond/v2 +# github.com/mailru/easyjson v0.7.7 +## explicit +github.com/mailru/easyjson +# github.com/mattn/go-colorable v0.1.13 +## explicit +github.com/mattn/go-colorable +# github.com/mattn/go-isatty v0.0.19 +## explicit +github.com/mattn/go-isatty +# github.com/mattn/go-runewidth v0.0.14 +## explicit +github.com/mattn/go-runewidth +# github.com/matttproud/golang_protobuf_extensions v1.0.4 +## explicit +github.com/matttproud/golang_protobuf_extensions +# github.com/microcosm-cc/bluemonday v1.0.25 +## explicit +github.com/microcosm-cc/bluemonday +# github.com/mitchellh/mapstructure v1.5.0 +## explicit +github.com/mitchellh/mapstructure +# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +## explicit +github.com/modern-go/concurrent +# github.com/modern-go/reflect2 v1.0.2 +## explicit +github.com/modern-go/reflect2 +# github.com/pelletier/go-toml/v2 v2.0.8 +## explicit +github.com/pelletier/go-toml/v2 +# github.com/pkg/errors v0.9.1 +## explicit +github.com/pkg/errors +# github.com/prometheus/client_golang v1.16.0 +## explicit +github.com/prometheus/client_golang +# github.com/prometheus/client_model v0.3.0 +## explicit +github.com/prometheus/client_model +# github.com/prometheus/common v0.42.0 +## explicit +github.com/prometheus/common +# github.com/prometheus/procfs v0.10.1 +## explicit +github.com/prometheus/procfs +# github.com/rivo/uniseg v0.2.0 +## explicit +github.com/rivo/uniseg +# github.com/russross/blackfriday/v2 v2.1.0 +## explicit +github.com/russross/blackfriday/v2 +# github.com/schollz/closestmatch v2.1.0+incompatible +## explicit +github.com/schollz/closestmatch +# github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 +## explicit +github.com/shiena/ansicolor +# github.com/sirupsen/logrus v1.8.1 +## explicit +github.com/sirupsen/logrus +# github.com/tdewolff/minify/v2 v2.12.8 +## explicit +github.com/tdewolff/minify/v2 +# github.com/tdewolff/parse/v2 v2.6.7 +## explicit +github.com/tdewolff/parse/v2 +# github.com/twitchyliquid64/golang-asm v0.15.1 +## explicit +github.com/twitchyliquid64/golang-asm +# github.com/ugorji/go/codec v1.2.11 +## explicit +github.com/ugorji/go/codec +# github.com/valyala/bytebufferpool v1.0.0 +## explicit +github.com/valyala/bytebufferpool +# github.com/valyala/fasttemplate v1.2.2 +## explicit +github.com/valyala/fasttemplate +# github.com/valyala/tcplisten v1.0.0 +## explicit +github.com/valyala/tcplisten +# github.com/vmihailenco/msgpack/v5 v5.3.5 +## explicit +github.com/vmihailenco/msgpack/v5 +# github.com/vmihailenco/tagparser/v2 v2.0.0 +## explicit +github.com/vmihailenco/tagparser/v2 +# github.com/yosssi/ace v0.0.5 +## explicit +github.com/yosssi/ace +# golang.org/x/arch v0.3.0 +## explicit +golang.org/x/arch +# golang.org/x/crypto v0.12.0 +## explicit +golang.org/x/crypto +# golang.org/x/net v0.14.0 +## explicit +golang.org/x/net +# golang.org/x/sys v0.11.0 +## explicit +golang.org/x/sys +# golang.org/x/text v0.12.0 +## explicit +golang.org/x/text +# golang.org/x/time v0.3.0 +## explicit +golang.org/x/time +# google.golang.org/protobuf v1.31.0 +## explicit +google.golang.org/protobuf +# gopkg.in/ini.v1 v1.67.0 +## explicit +gopkg.in/ini.v1 +# gopkg.in/yaml.v3 v3.0.1 +## explicit +gopkg.in/yaml.v3 diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 11e51609b05..6fd71942356 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -1,72 +1,72 @@ edges nodes -| test.go:148:14:148:21 | password | semmle.label | password | -| test.go:149:17:149:24 | password | semmle.label | password | -| test.go:150:14:150:21 | password | semmle.label | password | -| test.go:151:18:151:25 | password | semmle.label | password | -| test.go:152:14:152:21 | password | semmle.label | password | -| test.go:153:13:153:20 | password | semmle.label | password | -| test.go:154:22:154:29 | password | semmle.label | password | -| test.go:155:15:155:22 | password | semmle.label | password | +| test.go:154:14:154:21 | password | semmle.label | password | +| test.go:155:17:155:24 | password | semmle.label | password | | test.go:156:14:156:21 | password | semmle.label | password | -| test.go:157:13:157:20 | password | semmle.label | password | -| test.go:158:16:158:23 | password | semmle.label | password | +| test.go:157:18:157:25 | password | semmle.label | password | +| test.go:158:14:158:21 | password | semmle.label | password | | test.go:159:13:159:20 | password | semmle.label | password | -| test.go:160:16:160:23 | password | semmle.label | password | -| test.go:161:13:161:20 | password | semmle.label | password | -| test.go:162:17:162:24 | password | semmle.label | password | +| test.go:160:22:160:29 | password | semmle.label | password | +| test.go:161:15:161:22 | password | semmle.label | password | +| test.go:162:14:162:21 | password | semmle.label | password | | test.go:163:13:163:20 | password | semmle.label | password | -| test.go:164:12:164:19 | password | semmle.label | password | -| test.go:165:21:165:28 | password | semmle.label | password | -| test.go:166:14:166:21 | password | semmle.label | password | +| test.go:164:16:164:23 | password | semmle.label | password | +| test.go:165:13:165:20 | password | semmle.label | password | +| test.go:166:16:166:23 | password | semmle.label | password | | test.go:167:13:167:20 | password | semmle.label | password | -| test.go:168:12:168:19 | password | semmle.label | password | -| test.go:169:15:169:22 | password | semmle.label | password | -| test.go:170:15:170:22 | password | semmle.label | password | -| test.go:171:18:171:25 | password | semmle.label | password | -| test.go:172:15:172:22 | password | semmle.label | password | -| test.go:173:19:173:26 | password | semmle.label | password | -| test.go:174:15:174:22 | password | semmle.label | password | -| test.go:175:14:175:21 | password | semmle.label | password | -| test.go:176:23:176:30 | password | semmle.label | password | -| test.go:177:16:177:23 | password | semmle.label | password | +| test.go:168:17:168:24 | password | semmle.label | password | +| test.go:169:13:169:20 | password | semmle.label | password | +| test.go:170:12:170:19 | password | semmle.label | password | +| test.go:171:21:171:28 | password | semmle.label | password | +| test.go:172:14:172:21 | password | semmle.label | password | +| test.go:173:13:173:20 | password | semmle.label | password | +| test.go:174:12:174:19 | password | semmle.label | password | +| test.go:175:15:175:22 | password | semmle.label | password | +| test.go:176:15:176:22 | password | semmle.label | password | +| test.go:177:18:177:25 | password | semmle.label | password | | test.go:178:15:178:22 | password | semmle.label | password | -| test.go:179:14:179:21 | password | semmle.label | password | -| test.go:180:17:180:24 | password | semmle.label | password | -| test.go:181:16:181:23 | password | semmle.label | password | +| test.go:179:19:179:26 | password | semmle.label | password | +| test.go:180:15:180:22 | password | semmle.label | password | +| test.go:181:14:181:21 | password | semmle.label | password | +| test.go:182:23:182:30 | password | semmle.label | password | +| test.go:183:16:183:23 | password | semmle.label | password | +| test.go:184:15:184:22 | password | semmle.label | password | +| test.go:185:14:185:21 | password | semmle.label | password | +| test.go:186:17:186:24 | password | semmle.label | password | +| test.go:187:16:187:23 | password | semmle.label | password | subpaths #select -| test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | $@ flows to a logging call. | test.go:148:14:148:21 | password | Sensitive data returned by an access to password | -| test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | $@ flows to a logging call. | test.go:149:17:149:24 | password | Sensitive data returned by an access to password | -| test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | $@ flows to a logging call. | test.go:150:14:150:21 | password | Sensitive data returned by an access to password | -| test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | $@ flows to a logging call. | test.go:151:18:151:25 | password | Sensitive data returned by an access to password | -| test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | $@ flows to a logging call. | test.go:152:14:152:21 | password | Sensitive data returned by an access to password | -| test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | $@ flows to a logging call. | test.go:153:13:153:20 | password | Sensitive data returned by an access to password | -| test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | $@ flows to a logging call. | test.go:154:22:154:29 | password | Sensitive data returned by an access to password | -| test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | $@ flows to a logging call. | test.go:155:15:155:22 | password | Sensitive data returned by an access to password | +| test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:154:14:154:21 | password | Sensitive data returned by an access to password | +| test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:155:17:155:24 | password | Sensitive data returned by an access to password | | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password | -| test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | $@ flows to a logging call. | test.go:157:13:157:20 | password | Sensitive data returned by an access to password | -| test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | $@ flows to a logging call. | test.go:158:16:158:23 | password | Sensitive data returned by an access to password | +| test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:157:18:157:25 | password | Sensitive data returned by an access to password | +| test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:158:14:158:21 | password | Sensitive data returned by an access to password | | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password | -| test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | $@ flows to a logging call. | test.go:160:16:160:23 | password | Sensitive data returned by an access to password | -| test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | $@ flows to a logging call. | test.go:161:13:161:20 | password | Sensitive data returned by an access to password | -| test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | $@ flows to a logging call. | test.go:162:17:162:24 | password | Sensitive data returned by an access to password | +| test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:160:22:160:29 | password | Sensitive data returned by an access to password | +| test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:161:15:161:22 | password | Sensitive data returned by an access to password | +| test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:162:14:162:21 | password | Sensitive data returned by an access to password | | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password | -| test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | $@ flows to a logging call. | test.go:164:12:164:19 | password | Sensitive data returned by an access to password | -| test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | $@ flows to a logging call. | test.go:165:21:165:28 | password | Sensitive data returned by an access to password | -| test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | $@ flows to a logging call. | test.go:166:14:166:21 | password | Sensitive data returned by an access to password | +| test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:164:16:164:23 | password | Sensitive data returned by an access to password | +| test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:165:13:165:20 | password | Sensitive data returned by an access to password | +| test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:166:16:166:23 | password | Sensitive data returned by an access to password | | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password | -| test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | $@ flows to a logging call. | test.go:168:12:168:19 | password | Sensitive data returned by an access to password | -| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ flows to a logging call. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password | -| test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | $@ flows to a logging call. | test.go:170:15:170:22 | password | Sensitive data returned by an access to password | -| test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | $@ flows to a logging call. | test.go:171:18:171:25 | password | Sensitive data returned by an access to password | -| test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | $@ flows to a logging call. | test.go:172:15:172:22 | password | Sensitive data returned by an access to password | -| test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | $@ flows to a logging call. | test.go:173:19:173:26 | password | Sensitive data returned by an access to password | -| test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | $@ flows to a logging call. | test.go:174:15:174:22 | password | Sensitive data returned by an access to password | -| test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | $@ flows to a logging call. | test.go:175:14:175:21 | password | Sensitive data returned by an access to password | -| test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | $@ flows to a logging call. | test.go:176:23:176:30 | password | Sensitive data returned by an access to password | -| test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | $@ flows to a logging call. | test.go:177:16:177:23 | password | Sensitive data returned by an access to password | +| test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:168:17:168:24 | password | Sensitive data returned by an access to password | +| test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:169:13:169:20 | password | Sensitive data returned by an access to password | +| test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:170:12:170:19 | password | Sensitive data returned by an access to password | +| test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:171:21:171:28 | password | Sensitive data returned by an access to password | +| test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:172:14:172:21 | password | Sensitive data returned by an access to password | +| test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:173:13:173:20 | password | Sensitive data returned by an access to password | +| test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:174:12:174:19 | password | Sensitive data returned by an access to password | +| test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:175:15:175:22 | password | Sensitive data returned by an access to password | +| test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:176:15:176:22 | password | Sensitive data returned by an access to password | +| test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:177:18:177:25 | password | Sensitive data returned by an access to password | | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password | -| test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | $@ flows to a logging call. | test.go:179:14:179:21 | password | Sensitive data returned by an access to password | -| test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | $@ flows to a logging call. | test.go:180:17:180:24 | password | Sensitive data returned by an access to password | -| test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | $@ flows to a logging call. | test.go:181:16:181:23 | password | Sensitive data returned by an access to password | +| test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:179:19:179:26 | password | Sensitive data returned by an access to password | +| test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:180:15:180:22 | password | Sensitive data returned by an access to password | +| test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:181:14:181:21 | password | Sensitive data returned by an access to password | +| test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:182:23:182:30 | password | Sensitive data returned by an access to password | +| test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:183:16:183:23 | password | Sensitive data returned by an access to password | +| test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:184:15:184:22 | password | Sensitive data returned by an access to password | +| test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:185:14:185:21 | password | Sensitive data returned by an access to password | +| test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:186:17:186:24 | password | Sensitive data returned by an access to password | +| test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:187:16:187:23 | password | Sensitive data returned by an access to password | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected index 34e534ba81c..c624f05d450 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected @@ -1,10 +1,10 @@ edges nodes -| test.go:247:13:247:34 | call to GetString | semmle.label | call to GetString | -| test.go:248:20:248:41 | call to GetString | semmle.label | call to GetString | -| test.go:311:13:311:27 | call to URI | semmle.label | call to URI | -| test.go:312:20:312:34 | call to URL | semmle.label | call to URL | +| test.go:253:13:253:34 | call to GetString | semmle.label | call to GetString | +| test.go:254:20:254:41 | call to GetString | semmle.label | call to GetString | +| test.go:317:13:317:27 | call to URI | semmle.label | call to URI | +| test.go:318:20:318:34 | call to URL | semmle.label | call to URL | subpaths #select -| test.go:247:13:247:34 | call to GetString | test.go:247:13:247:34 | call to GetString | test.go:247:13:247:34 | call to GetString | This path to an untrusted URL redirection depends on a $@. | test.go:247:13:247:34 | call to GetString | user-provided value | -| test.go:248:20:248:41 | call to GetString | test.go:248:20:248:41 | call to GetString | test.go:248:20:248:41 | call to GetString | This path to an untrusted URL redirection depends on a $@. | test.go:248:20:248:41 | call to GetString | user-provided value | +| test.go:253:13:253:34 | call to GetString | test.go:253:13:253:34 | call to GetString | test.go:253:13:253:34 | call to GetString | This path to an untrusted URL redirection depends on a $@. | test.go:253:13:253:34 | call to GetString | user-provided value | +| test.go:254:20:254:41 | call to GetString | test.go:254:20:254:41 | call to GetString | test.go:254:20:254:41 | call to GetString | This path to an untrusted URL redirection depends on a $@. | test.go:254:20:254:41 | call to GetString | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 29b131c367a..5fbcfcdc4f2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -1,284 +1,284 @@ edges -| test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion | -| test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion | -| test.go:27:6:27:10 | definition of bound | test.go:31:13:31:29 | type conversion | -| test.go:36:20:36:42 | call to Cookie | test.go:36:13:36:43 | type conversion | -| test.go:41:20:41:31 | call to Data | test.go:41:13:41:52 | type conversion | -| test.go:46:20:46:43 | call to GetData | test.go:46:13:46:53 | type conversion | -| test.go:51:20:51:42 | call to Header | test.go:51:13:51:43 | type conversion | -| test.go:56:20:56:41 | call to Param | test.go:56:13:56:42 | type conversion | -| test.go:61:20:61:33 | call to Params | test.go:61:13:61:45 | type conversion | -| test.go:66:20:66:41 | call to Query | test.go:66:13:66:42 | type conversion | -| test.go:71:20:71:32 | call to Refer | test.go:71:13:71:33 | type conversion | -| test.go:76:20:76:34 | call to Referer | test.go:76:13:76:35 | type conversion | -| test.go:81:20:81:30 | call to URI | test.go:81:13:81:31 | type conversion | -| test.go:86:20:86:30 | call to URL | test.go:86:13:86:31 | type conversion | -| test.go:91:20:91:36 | call to UserAgent | test.go:91:13:91:37 | type conversion | -| test.go:96:14:96:25 | call to Data | test.go:96:14:96:45 | type assertion | -| test.go:108:14:108:25 | call to Data | test.go:108:14:108:45 | type assertion | -| test.go:120:14:120:25 | call to Data | test.go:120:14:120:45 | type assertion | -| test.go:137:23:137:42 | call to Data | test.go:137:23:137:62 | type assertion | -| test.go:193:15:193:26 | call to Data | test.go:194:36:194:53 | type assertion | -| test.go:193:15:193:26 | call to Data | test.go:195:39:195:56 | type assertion | -| test.go:193:15:193:26 | call to Data | test.go:196:28:196:56 | type assertion | -| test.go:193:15:193:26 | call to Data | test.go:198:36:198:53 | type assertion | -| test.go:193:15:193:26 | call to Data | test.go:199:34:199:51 | type assertion | -| test.go:194:21:194:54 | call to HTML2str | test.go:194:14:194:55 | type conversion | -| test.go:194:36:194:53 | type assertion | test.go:194:21:194:54 | call to HTML2str | -| test.go:195:21:195:57 | call to Htmlunquote | test.go:195:14:195:58 | type conversion | -| test.go:195:39:195:56 | type assertion | test.go:195:21:195:57 | call to Htmlunquote | -| test.go:196:2:196:68 | ... := ...[0] | test.go:197:14:197:28 | type assertion | -| test.go:196:28:196:56 | type assertion | test.go:196:2:196:68 | ... := ...[0] | -| test.go:198:21:198:54 | call to Str2html | test.go:198:14:198:55 | type conversion | -| test.go:198:36:198:53 | type assertion | test.go:198:21:198:54 | call to Str2html | -| test.go:199:21:199:58 | call to Substr | test.go:199:14:199:59 | type conversion | -| test.go:199:34:199:51 | type assertion | test.go:199:21:199:58 | call to Substr | -| test.go:201:6:201:6 | definition of s | test.go:203:14:203:28 | type conversion | -| test.go:202:18:202:33 | selection of Form | test.go:201:6:201:6 | definition of s | -| test.go:217:2:217:34 | ... := ...[0] | test.go:219:31:219:31 | f | -| test.go:217:2:217:34 | ... := ...[1] | test.go:218:14:218:32 | type conversion | -| test.go:219:2:219:32 | ... := ...[0] | test.go:220:14:220:20 | content | -| test.go:219:31:219:31 | f | test.go:219:2:219:32 | ... := ...[0] | -| test.go:222:2:222:40 | ... := ...[0] | test.go:223:14:223:38 | type conversion | -| test.go:225:7:225:28 | call to GetString | test.go:226:14:226:22 | type conversion | -| test.go:228:8:228:35 | call to GetStrings | test.go:229:14:229:26 | type conversion | -| test.go:231:9:231:17 | call to Input | test.go:232:14:232:27 | type conversion | -| test.go:234:6:234:8 | definition of str | test.go:236:14:236:30 | type conversion | -| test.go:240:15:240:36 | call to GetString | test.go:243:21:243:29 | untrusted | -| test.go:253:23:253:44 | call to GetCookie | test.go:253:16:253:45 | type conversion | -| test.go:264:62:264:83 | call to GetCookie | test.go:264:55:264:84 | type conversion | -| test.go:269:2:269:40 | ... := ...[0] | test.go:277:44:277:60 | selection of Filename | -| test.go:269:2:269:40 | ... := ...[0] | test.go:278:38:278:49 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:279:37:279:48 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:285:4:285:15 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:287:42:287:53 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:288:53:288:64 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:289:38:289:49 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:290:49:290:60 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:291:51:291:65 | index expression | -| test.go:269:2:269:40 | ... := ...[0] | test.go:292:36:292:47 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:293:37:293:48 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:295:39:295:50 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:296:40:296:51 | genericFiles | -| test.go:269:2:269:40 | ... := ...[0] | test.go:297:39:297:50 | genericFiles | -| test.go:277:44:277:60 | selection of Filename | test.go:277:21:277:61 | call to GetDisplayString | -| test.go:278:21:278:53 | call to SliceChunk | test.go:278:21:278:92 | selection of Filename | -| test.go:278:38:278:49 | genericFiles | test.go:278:21:278:53 | call to SliceChunk | -| test.go:279:21:279:60 | call to SliceDiff | test.go:279:21:279:96 | selection of Filename | -| test.go:279:37:279:48 | genericFiles | test.go:279:21:279:60 | call to SliceDiff | -| test.go:284:3:286:44 | call to SliceFilter | test.go:284:3:286:80 | selection of Filename | -| test.go:285:4:285:15 | genericFiles | test.go:284:3:286:44 | call to SliceFilter | -| test.go:287:21:287:65 | call to SliceIntersect | test.go:287:21:287:101 | selection of Filename | -| test.go:287:42:287:53 | genericFiles | test.go:287:21:287:65 | call to SliceIntersect | -| test.go:288:21:288:65 | call to SliceIntersect | test.go:288:21:288:101 | selection of Filename | -| test.go:288:53:288:64 | genericFiles | test.go:288:21:288:65 | call to SliceIntersect | -| test.go:289:21:289:61 | call to SliceMerge | test.go:289:21:289:97 | selection of Filename | -| test.go:289:38:289:49 | genericFiles | test.go:289:21:289:61 | call to SliceMerge | -| test.go:290:21:290:61 | call to SliceMerge | test.go:290:21:290:97 | selection of Filename | -| test.go:290:49:290:60 | genericFiles | test.go:290:21:290:61 | call to SliceMerge | -| test.go:291:21:291:66 | call to SlicePad | test.go:291:21:291:102 | selection of Filename | -| test.go:291:51:291:65 | index expression | test.go:291:21:291:66 | call to SlicePad | -| test.go:292:21:292:66 | call to SlicePad | test.go:292:21:292:102 | selection of Filename | -| test.go:292:36:292:47 | genericFiles | test.go:292:21:292:66 | call to SlicePad | -| test.go:293:21:293:49 | call to SliceRand | test.go:293:21:293:82 | selection of Filename | -| test.go:293:37:293:48 | genericFiles | test.go:293:21:293:49 | call to SliceRand | -| test.go:295:21:295:97 | call to SliceReduce | test.go:295:21:295:133 | selection of Filename | -| test.go:295:39:295:50 | genericFiles | test.go:295:21:295:97 | call to SliceReduce | -| test.go:296:21:296:52 | call to SliceShuffle | test.go:296:21:296:88 | selection of Filename | -| test.go:296:40:296:51 | genericFiles | test.go:296:21:296:52 | call to SliceShuffle | -| test.go:297:21:297:51 | call to SliceUnique | test.go:297:21:297:87 | selection of Filename | -| test.go:297:39:297:50 | genericFiles | test.go:297:21:297:51 | call to SliceUnique | -| test.go:302:2:302:5 | definition of bMap | test.go:305:21:305:24 | bMap | -| test.go:302:2:302:5 | definition of bMap | test.go:306:21:306:24 | bMap | -| test.go:303:15:303:36 | call to GetString | test.go:304:22:304:30 | untrusted | -| test.go:304:22:304:30 | untrusted | test.go:302:2:302:5 | definition of bMap | -| test.go:305:21:305:24 | bMap | test.go:305:21:305:39 | call to Get | -| test.go:305:21:305:39 | call to Get | test.go:305:21:305:48 | type assertion | -| test.go:306:21:306:24 | bMap | test.go:306:21:306:32 | call to Items | -| test.go:306:21:306:32 | call to Items | test.go:306:21:306:52 | type assertion | +| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | +| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | +| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | +| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | +| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | +| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | +| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | +| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | +| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | +| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | +| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | +| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | +| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | +| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | +| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | +| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | +| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | +| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | +| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | +| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | +| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | +| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | +| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | +| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | +| test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | +| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | +| test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | +| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | +| test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | +| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | +| test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | +| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | +| test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | +| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | +| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | +| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | +| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | +| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | +| test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | +| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | +| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | +| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | +| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | +| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | +| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | +| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | +| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | +| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | +| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | +| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | +| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | +| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | +| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | +| test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | +| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | +| test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | +| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | +| test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | +| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | +| test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | +| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | +| test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | +| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | +| test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | +| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | +| test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | +| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | +| test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | +| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | +| test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | +| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | +| test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | +| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | +| test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | +| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | +| test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | +| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | +| test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | +| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | +| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | +| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | +| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | +| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | +| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | +| test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | +| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | +| test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | nodes -| test.go:27:6:27:10 | definition of bound | semmle.label | definition of bound | -| test.go:29:13:29:30 | type conversion | semmle.label | type conversion | -| test.go:30:13:30:27 | type conversion | semmle.label | type conversion | -| test.go:31:13:31:29 | type conversion | semmle.label | type conversion | -| test.go:36:13:36:43 | type conversion | semmle.label | type conversion | -| test.go:36:20:36:42 | call to Cookie | semmle.label | call to Cookie | -| test.go:41:13:41:52 | type conversion | semmle.label | type conversion | -| test.go:41:20:41:31 | call to Data | semmle.label | call to Data | -| test.go:46:13:46:53 | type conversion | semmle.label | type conversion | -| test.go:46:20:46:43 | call to GetData | semmle.label | call to GetData | -| test.go:51:13:51:43 | type conversion | semmle.label | type conversion | -| test.go:51:20:51:42 | call to Header | semmle.label | call to Header | -| test.go:56:13:56:42 | type conversion | semmle.label | type conversion | -| test.go:56:20:56:41 | call to Param | semmle.label | call to Param | -| test.go:61:13:61:45 | type conversion | semmle.label | type conversion | -| test.go:61:20:61:33 | call to Params | semmle.label | call to Params | -| test.go:66:13:66:42 | type conversion | semmle.label | type conversion | -| test.go:66:20:66:41 | call to Query | semmle.label | call to Query | -| test.go:71:13:71:33 | type conversion | semmle.label | type conversion | -| test.go:71:20:71:32 | call to Refer | semmle.label | call to Refer | -| test.go:76:13:76:35 | type conversion | semmle.label | type conversion | -| test.go:76:20:76:34 | call to Referer | semmle.label | call to Referer | -| test.go:81:13:81:31 | type conversion | semmle.label | type conversion | -| test.go:81:20:81:30 | call to URI | semmle.label | call to URI | -| test.go:86:13:86:31 | type conversion | semmle.label | type conversion | -| test.go:86:20:86:30 | call to URL | semmle.label | call to URL | -| test.go:91:13:91:37 | type conversion | semmle.label | type conversion | -| test.go:91:20:91:36 | call to UserAgent | semmle.label | call to UserAgent | -| test.go:96:14:96:25 | call to Data | semmle.label | call to Data | -| test.go:96:14:96:45 | type assertion | semmle.label | type assertion | -| test.go:108:14:108:25 | call to Data | semmle.label | call to Data | -| test.go:108:14:108:45 | type assertion | semmle.label | type assertion | -| test.go:120:14:120:25 | call to Data | semmle.label | call to Data | -| test.go:120:14:120:45 | type assertion | semmle.label | type assertion | -| test.go:137:23:137:42 | call to Data | semmle.label | call to Data | -| test.go:137:23:137:62 | type assertion | semmle.label | type assertion | -| test.go:193:15:193:26 | call to Data | semmle.label | call to Data | -| test.go:194:14:194:55 | type conversion | semmle.label | type conversion | -| test.go:194:21:194:54 | call to HTML2str | semmle.label | call to HTML2str | -| test.go:194:36:194:53 | type assertion | semmle.label | type assertion | -| test.go:195:14:195:58 | type conversion | semmle.label | type conversion | -| test.go:195:21:195:57 | call to Htmlunquote | semmle.label | call to Htmlunquote | -| test.go:195:39:195:56 | type assertion | semmle.label | type assertion | -| test.go:196:2:196:68 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:196:28:196:56 | type assertion | semmle.label | type assertion | -| test.go:197:14:197:28 | type assertion | semmle.label | type assertion | -| test.go:198:14:198:55 | type conversion | semmle.label | type conversion | -| test.go:198:21:198:54 | call to Str2html | semmle.label | call to Str2html | -| test.go:198:36:198:53 | type assertion | semmle.label | type assertion | -| test.go:199:14:199:59 | type conversion | semmle.label | type conversion | -| test.go:199:21:199:58 | call to Substr | semmle.label | call to Substr | -| test.go:199:34:199:51 | type assertion | semmle.label | type assertion | -| test.go:201:6:201:6 | definition of s | semmle.label | definition of s | -| test.go:202:18:202:33 | selection of Form | semmle.label | selection of Form | -| test.go:203:14:203:28 | type conversion | semmle.label | type conversion | -| test.go:217:2:217:34 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:217:2:217:34 | ... := ...[1] | semmle.label | ... := ...[1] | -| test.go:218:14:218:32 | type conversion | semmle.label | type conversion | -| test.go:219:2:219:32 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:219:31:219:31 | f | semmle.label | f | -| test.go:220:14:220:20 | content | semmle.label | content | -| test.go:222:2:222:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:223:14:223:38 | type conversion | semmle.label | type conversion | -| test.go:225:7:225:28 | call to GetString | semmle.label | call to GetString | -| test.go:226:14:226:22 | type conversion | semmle.label | type conversion | -| test.go:228:8:228:35 | call to GetStrings | semmle.label | call to GetStrings | -| test.go:229:14:229:26 | type conversion | semmle.label | type conversion | -| test.go:231:9:231:17 | call to Input | semmle.label | call to Input | -| test.go:232:14:232:27 | type conversion | semmle.label | type conversion | -| test.go:234:6:234:8 | definition of str | semmle.label | definition of str | -| test.go:236:14:236:30 | type conversion | semmle.label | type conversion | -| test.go:240:15:240:36 | call to GetString | semmle.label | call to GetString | -| test.go:243:21:243:29 | untrusted | semmle.label | untrusted | -| test.go:253:16:253:45 | type conversion | semmle.label | type conversion | -| test.go:253:23:253:44 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:258:16:258:37 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:259:15:259:41 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:264:55:264:84 | type conversion | semmle.label | type conversion | -| test.go:264:62:264:83 | call to GetCookie | semmle.label | call to GetCookie | -| test.go:269:2:269:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:277:21:277:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | -| test.go:277:44:277:60 | selection of Filename | semmle.label | selection of Filename | -| test.go:278:21:278:53 | call to SliceChunk | semmle.label | call to SliceChunk | -| test.go:278:21:278:92 | selection of Filename | semmle.label | selection of Filename | -| test.go:278:38:278:49 | genericFiles | semmle.label | genericFiles | -| test.go:279:21:279:60 | call to SliceDiff | semmle.label | call to SliceDiff | -| test.go:279:21:279:96 | selection of Filename | semmle.label | selection of Filename | -| test.go:279:37:279:48 | genericFiles | semmle.label | genericFiles | -| test.go:284:3:286:44 | call to SliceFilter | semmle.label | call to SliceFilter | -| test.go:284:3:286:80 | selection of Filename | semmle.label | selection of Filename | -| test.go:285:4:285:15 | genericFiles | semmle.label | genericFiles | -| test.go:287:21:287:65 | call to SliceIntersect | semmle.label | call to SliceIntersect | -| test.go:287:21:287:101 | selection of Filename | semmle.label | selection of Filename | -| test.go:287:42:287:53 | genericFiles | semmle.label | genericFiles | -| test.go:288:21:288:65 | call to SliceIntersect | semmle.label | call to SliceIntersect | -| test.go:288:21:288:101 | selection of Filename | semmle.label | selection of Filename | -| test.go:288:53:288:64 | genericFiles | semmle.label | genericFiles | -| test.go:289:21:289:61 | call to SliceMerge | semmle.label | call to SliceMerge | -| test.go:289:21:289:97 | selection of Filename | semmle.label | selection of Filename | -| test.go:289:38:289:49 | genericFiles | semmle.label | genericFiles | -| test.go:290:21:290:61 | call to SliceMerge | semmle.label | call to SliceMerge | -| test.go:290:21:290:97 | selection of Filename | semmle.label | selection of Filename | -| test.go:290:49:290:60 | genericFiles | semmle.label | genericFiles | -| test.go:291:21:291:66 | call to SlicePad | semmle.label | call to SlicePad | -| test.go:291:21:291:102 | selection of Filename | semmle.label | selection of Filename | -| test.go:291:51:291:65 | index expression | semmle.label | index expression | -| test.go:292:21:292:66 | call to SlicePad | semmle.label | call to SlicePad | -| test.go:292:21:292:102 | selection of Filename | semmle.label | selection of Filename | -| test.go:292:36:292:47 | genericFiles | semmle.label | genericFiles | -| test.go:293:21:293:49 | call to SliceRand | semmle.label | call to SliceRand | -| test.go:293:21:293:82 | selection of Filename | semmle.label | selection of Filename | -| test.go:293:37:293:48 | genericFiles | semmle.label | genericFiles | -| test.go:295:21:295:97 | call to SliceReduce | semmle.label | call to SliceReduce | -| test.go:295:21:295:133 | selection of Filename | semmle.label | selection of Filename | -| test.go:295:39:295:50 | genericFiles | semmle.label | genericFiles | -| test.go:296:21:296:52 | call to SliceShuffle | semmle.label | call to SliceShuffle | -| test.go:296:21:296:88 | selection of Filename | semmle.label | selection of Filename | -| test.go:296:40:296:51 | genericFiles | semmle.label | genericFiles | -| test.go:297:21:297:51 | call to SliceUnique | semmle.label | call to SliceUnique | -| test.go:297:21:297:87 | selection of Filename | semmle.label | selection of Filename | -| test.go:297:39:297:50 | genericFiles | semmle.label | genericFiles | -| test.go:302:2:302:5 | definition of bMap | semmle.label | definition of bMap | -| test.go:303:15:303:36 | call to GetString | semmle.label | call to GetString | -| test.go:304:22:304:30 | untrusted | semmle.label | untrusted | -| test.go:305:21:305:24 | bMap | semmle.label | bMap | -| test.go:305:21:305:39 | call to Get | semmle.label | call to Get | -| test.go:305:21:305:48 | type assertion | semmle.label | type assertion | -| test.go:306:21:306:24 | bMap | semmle.label | bMap | -| test.go:306:21:306:32 | call to Items | semmle.label | call to Items | -| test.go:306:21:306:52 | type assertion | semmle.label | type assertion | +| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | +| test.go:35:13:35:30 | type conversion | semmle.label | type conversion | +| test.go:36:13:36:27 | type conversion | semmle.label | type conversion | +| test.go:37:13:37:29 | type conversion | semmle.label | type conversion | +| test.go:42:13:42:43 | type conversion | semmle.label | type conversion | +| test.go:42:20:42:42 | call to Cookie | semmle.label | call to Cookie | +| test.go:47:13:47:52 | type conversion | semmle.label | type conversion | +| test.go:47:20:47:31 | call to Data | semmle.label | call to Data | +| test.go:52:13:52:53 | type conversion | semmle.label | type conversion | +| test.go:52:20:52:43 | call to GetData | semmle.label | call to GetData | +| test.go:57:13:57:43 | type conversion | semmle.label | type conversion | +| test.go:57:20:57:42 | call to Header | semmle.label | call to Header | +| test.go:62:13:62:42 | type conversion | semmle.label | type conversion | +| test.go:62:20:62:41 | call to Param | semmle.label | call to Param | +| test.go:67:13:67:45 | type conversion | semmle.label | type conversion | +| test.go:67:20:67:33 | call to Params | semmle.label | call to Params | +| test.go:72:13:72:42 | type conversion | semmle.label | type conversion | +| test.go:72:20:72:41 | call to Query | semmle.label | call to Query | +| test.go:77:13:77:33 | type conversion | semmle.label | type conversion | +| test.go:77:20:77:32 | call to Refer | semmle.label | call to Refer | +| test.go:82:13:82:35 | type conversion | semmle.label | type conversion | +| test.go:82:20:82:34 | call to Referer | semmle.label | call to Referer | +| test.go:87:13:87:31 | type conversion | semmle.label | type conversion | +| test.go:87:20:87:30 | call to URI | semmle.label | call to URI | +| test.go:92:13:92:31 | type conversion | semmle.label | type conversion | +| test.go:92:20:92:30 | call to URL | semmle.label | call to URL | +| test.go:97:13:97:37 | type conversion | semmle.label | type conversion | +| test.go:97:20:97:36 | call to UserAgent | semmle.label | call to UserAgent | +| test.go:102:14:102:25 | call to Data | semmle.label | call to Data | +| test.go:102:14:102:45 | type assertion | semmle.label | type assertion | +| test.go:114:14:114:25 | call to Data | semmle.label | call to Data | +| test.go:114:14:114:45 | type assertion | semmle.label | type assertion | +| test.go:126:14:126:25 | call to Data | semmle.label | call to Data | +| test.go:126:14:126:45 | type assertion | semmle.label | type assertion | +| test.go:143:23:143:42 | call to Data | semmle.label | call to Data | +| test.go:143:23:143:62 | type assertion | semmle.label | type assertion | +| test.go:199:15:199:26 | call to Data | semmle.label | call to Data | +| test.go:200:14:200:55 | type conversion | semmle.label | type conversion | +| test.go:200:21:200:54 | call to HTML2str | semmle.label | call to HTML2str | +| test.go:200:36:200:53 | type assertion | semmle.label | type assertion | +| test.go:201:14:201:58 | type conversion | semmle.label | type conversion | +| test.go:201:21:201:57 | call to Htmlunquote | semmle.label | call to Htmlunquote | +| test.go:201:39:201:56 | type assertion | semmle.label | type assertion | +| test.go:202:2:202:68 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:202:28:202:56 | type assertion | semmle.label | type assertion | +| test.go:203:14:203:28 | type assertion | semmle.label | type assertion | +| test.go:204:14:204:55 | type conversion | semmle.label | type conversion | +| test.go:204:21:204:54 | call to Str2html | semmle.label | call to Str2html | +| test.go:204:36:204:53 | type assertion | semmle.label | type assertion | +| test.go:205:14:205:59 | type conversion | semmle.label | type conversion | +| test.go:205:21:205:58 | call to Substr | semmle.label | call to Substr | +| test.go:205:34:205:51 | type assertion | semmle.label | type assertion | +| test.go:207:6:207:6 | definition of s | semmle.label | definition of s | +| test.go:208:18:208:33 | selection of Form | semmle.label | selection of Form | +| test.go:209:14:209:28 | type conversion | semmle.label | type conversion | +| test.go:223:2:223:34 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:223:2:223:34 | ... := ...[1] | semmle.label | ... := ...[1] | +| test.go:224:14:224:32 | type conversion | semmle.label | type conversion | +| test.go:225:2:225:32 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:225:31:225:31 | f | semmle.label | f | +| test.go:226:14:226:20 | content | semmle.label | content | +| test.go:228:2:228:40 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:229:14:229:38 | type conversion | semmle.label | type conversion | +| test.go:231:7:231:28 | call to GetString | semmle.label | call to GetString | +| test.go:232:14:232:22 | type conversion | semmle.label | type conversion | +| test.go:234:8:234:35 | call to GetStrings | semmle.label | call to GetStrings | +| test.go:235:14:235:26 | type conversion | semmle.label | type conversion | +| test.go:237:9:237:17 | call to Input | semmle.label | call to Input | +| test.go:238:14:238:27 | type conversion | semmle.label | type conversion | +| test.go:240:6:240:8 | definition of str | semmle.label | definition of str | +| test.go:242:14:242:30 | type conversion | semmle.label | type conversion | +| test.go:246:15:246:36 | call to GetString | semmle.label | call to GetString | +| test.go:249:21:249:29 | untrusted | semmle.label | untrusted | +| test.go:259:16:259:45 | type conversion | semmle.label | type conversion | +| test.go:259:23:259:44 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:264:16:264:37 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:265:15:265:41 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:270:55:270:84 | type conversion | semmle.label | type conversion | +| test.go:270:62:270:83 | call to GetCookie | semmle.label | call to GetCookie | +| test.go:275:2:275:40 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:283:21:283:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | +| test.go:283:44:283:60 | selection of Filename | semmle.label | selection of Filename | +| test.go:284:21:284:53 | call to SliceChunk | semmle.label | call to SliceChunk | +| test.go:284:21:284:92 | selection of Filename | semmle.label | selection of Filename | +| test.go:284:38:284:49 | genericFiles | semmle.label | genericFiles | +| test.go:285:21:285:60 | call to SliceDiff | semmle.label | call to SliceDiff | +| test.go:285:21:285:96 | selection of Filename | semmle.label | selection of Filename | +| test.go:285:37:285:48 | genericFiles | semmle.label | genericFiles | +| test.go:290:3:292:44 | call to SliceFilter | semmle.label | call to SliceFilter | +| test.go:290:3:292:80 | selection of Filename | semmle.label | selection of Filename | +| test.go:291:4:291:15 | genericFiles | semmle.label | genericFiles | +| test.go:293:21:293:65 | call to SliceIntersect | semmle.label | call to SliceIntersect | +| test.go:293:21:293:101 | selection of Filename | semmle.label | selection of Filename | +| test.go:293:42:293:53 | genericFiles | semmle.label | genericFiles | +| test.go:294:21:294:65 | call to SliceIntersect | semmle.label | call to SliceIntersect | +| test.go:294:21:294:101 | selection of Filename | semmle.label | selection of Filename | +| test.go:294:53:294:64 | genericFiles | semmle.label | genericFiles | +| test.go:295:21:295:61 | call to SliceMerge | semmle.label | call to SliceMerge | +| test.go:295:21:295:97 | selection of Filename | semmle.label | selection of Filename | +| test.go:295:38:295:49 | genericFiles | semmle.label | genericFiles | +| test.go:296:21:296:61 | call to SliceMerge | semmle.label | call to SliceMerge | +| test.go:296:21:296:97 | selection of Filename | semmle.label | selection of Filename | +| test.go:296:49:296:60 | genericFiles | semmle.label | genericFiles | +| test.go:297:21:297:66 | call to SlicePad | semmle.label | call to SlicePad | +| test.go:297:21:297:102 | selection of Filename | semmle.label | selection of Filename | +| test.go:297:51:297:65 | index expression | semmle.label | index expression | +| test.go:298:21:298:66 | call to SlicePad | semmle.label | call to SlicePad | +| test.go:298:21:298:102 | selection of Filename | semmle.label | selection of Filename | +| test.go:298:36:298:47 | genericFiles | semmle.label | genericFiles | +| test.go:299:21:299:49 | call to SliceRand | semmle.label | call to SliceRand | +| test.go:299:21:299:82 | selection of Filename | semmle.label | selection of Filename | +| test.go:299:37:299:48 | genericFiles | semmle.label | genericFiles | +| test.go:301:21:301:97 | call to SliceReduce | semmle.label | call to SliceReduce | +| test.go:301:21:301:133 | selection of Filename | semmle.label | selection of Filename | +| test.go:301:39:301:50 | genericFiles | semmle.label | genericFiles | +| test.go:302:21:302:52 | call to SliceShuffle | semmle.label | call to SliceShuffle | +| test.go:302:21:302:88 | selection of Filename | semmle.label | selection of Filename | +| test.go:302:40:302:51 | genericFiles | semmle.label | genericFiles | +| test.go:303:21:303:51 | call to SliceUnique | semmle.label | call to SliceUnique | +| test.go:303:21:303:87 | selection of Filename | semmle.label | selection of Filename | +| test.go:303:39:303:50 | genericFiles | semmle.label | genericFiles | +| test.go:308:2:308:5 | definition of bMap | semmle.label | definition of bMap | +| test.go:309:15:309:36 | call to GetString | semmle.label | call to GetString | +| test.go:310:22:310:30 | untrusted | semmle.label | untrusted | +| test.go:311:21:311:24 | bMap | semmle.label | bMap | +| test.go:311:21:311:39 | call to Get | semmle.label | call to Get | +| test.go:311:21:311:48 | type assertion | semmle.label | type assertion | +| test.go:312:21:312:24 | bMap | semmle.label | bMap | +| test.go:312:21:312:32 | call to Items | semmle.label | call to Items | +| test.go:312:21:312:52 | type assertion | semmle.label | type assertion | subpaths #select -| test.go:29:13:29:30 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:30:13:30:27 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:31:13:31:29 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:31:13:31:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:36:13:36:43 | type conversion | test.go:36:20:36:42 | call to Cookie | test.go:36:13:36:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:36:20:36:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:41:13:41:52 | type conversion | test.go:41:20:41:31 | call to Data | test.go:41:13:41:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:41:20:41:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:46:13:46:53 | type conversion | test.go:46:20:46:43 | call to GetData | test.go:46:13:46:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:46:20:46:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:51:13:51:43 | type conversion | test.go:51:20:51:42 | call to Header | test.go:51:13:51:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:51:20:51:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:56:13:56:42 | type conversion | test.go:56:20:56:41 | call to Param | test.go:56:13:56:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:56:20:56:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:61:13:61:45 | type conversion | test.go:61:20:61:33 | call to Params | test.go:61:13:61:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:61:20:61:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:66:13:66:42 | type conversion | test.go:66:20:66:41 | call to Query | test.go:66:13:66:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:66:20:66:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:71:13:71:33 | type conversion | test.go:71:20:71:32 | call to Refer | test.go:71:13:71:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:71:20:71:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:76:13:76:35 | type conversion | test.go:76:20:76:34 | call to Referer | test.go:76:13:76:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:76:20:76:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:81:13:81:31 | type conversion | test.go:81:20:81:30 | call to URI | test.go:81:13:81:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:81:20:81:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:86:13:86:31 | type conversion | test.go:86:20:86:30 | call to URL | test.go:86:13:86:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:86:20:86:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:91:13:91:37 | type conversion | test.go:91:20:91:36 | call to UserAgent | test.go:91:13:91:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:91:20:91:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:96:14:96:45 | type assertion | test.go:96:14:96:25 | call to Data | test.go:96:14:96:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:96:14:96:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:108:14:108:45 | type assertion | test.go:108:14:108:25 | call to Data | test.go:108:14:108:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:108:14:108:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:120:14:120:45 | type assertion | test.go:120:14:120:25 | call to Data | test.go:120:14:120:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:120:14:120:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:137:23:137:62 | type assertion | test.go:137:23:137:42 | call to Data | test.go:137:23:137:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:137:23:137:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:194:14:194:55 | type conversion | test.go:193:15:193:26 | call to Data | test.go:194:14:194:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:195:14:195:58 | type conversion | test.go:193:15:193:26 | call to Data | test.go:195:14:195:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:197:14:197:28 | type assertion | test.go:193:15:193:26 | call to Data | test.go:197:14:197:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:198:14:198:55 | type conversion | test.go:193:15:193:26 | call to Data | test.go:198:14:198:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:199:14:199:59 | type conversion | test.go:193:15:193:26 | call to Data | test.go:199:14:199:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:193:15:193:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:203:14:203:28 | type conversion | test.go:202:18:202:33 | selection of Form | test.go:203:14:203:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:202:18:202:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:218:14:218:32 | type conversion | test.go:217:2:217:34 | ... := ...[1] | test.go:218:14:218:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:220:14:220:20 | content | test.go:217:2:217:34 | ... := ...[0] | test.go:220:14:220:20 | content | Cross-site scripting vulnerability due to $@. | test.go:217:2:217:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:223:14:223:38 | type conversion | test.go:222:2:222:40 | ... := ...[0] | test.go:223:14:223:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:222:2:222:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:226:14:226:22 | type conversion | test.go:225:7:225:28 | call to GetString | test.go:226:14:226:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:225:7:225:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:229:14:229:26 | type conversion | test.go:228:8:228:35 | call to GetStrings | test.go:229:14:229:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:8:228:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:232:14:232:27 | type conversion | test.go:231:9:231:17 | call to Input | test.go:232:14:232:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:9:231:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:236:14:236:30 | type conversion | test.go:234:6:234:8 | definition of str | test.go:236:14:236:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:6:234:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:243:21:243:29 | untrusted | test.go:240:15:240:36 | call to GetString | test.go:243:21:243:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:240:15:240:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:253:16:253:45 | type conversion | test.go:253:23:253:44 | call to GetCookie | test.go:253:16:253:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:253:23:253:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | test.go:258:16:258:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:258:16:258:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | test.go:259:15:259:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:259:15:259:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:264:55:264:84 | type conversion | test.go:264:62:264:83 | call to GetCookie | test.go:264:55:264:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:264:62:264:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:277:21:277:61 | call to GetDisplayString | test.go:269:2:269:40 | ... := ...[0] | test.go:277:21:277:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:278:21:278:92 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:278:21:278:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:279:21:279:96 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:279:21:279:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:284:3:286:80 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:284:3:286:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:287:21:287:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:287:21:287:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:288:21:288:101 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:288:21:288:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:289:21:289:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:289:21:289:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:290:21:290:97 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:290:21:290:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:291:21:291:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:291:21:291:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:292:21:292:102 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:292:21:292:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:293:21:293:82 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:293:21:293:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:295:21:295:133 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:295:21:295:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:296:21:296:88 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:296:21:296:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:297:21:297:87 | selection of Filename | test.go:269:2:269:40 | ... := ...[0] | test.go:297:21:297:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:269:2:269:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:305:21:305:48 | type assertion | test.go:303:15:303:36 | call to GetString | test.go:305:21:305:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:306:21:306:52 | type assertion | test.go:303:15:303:36 | call to GetString | test.go:306:21:306:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:303:15:303:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:57:13:57:43 | type conversion | test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:57:20:57:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:62:13:62:42 | type conversion | test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:62:20:62:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:67:13:67:45 | type conversion | test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:67:20:67:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:72:13:72:42 | type conversion | test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:72:20:72:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:77:13:77:33 | type conversion | test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:77:20:77:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:82:13:82:35 | type conversion | test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:82:20:82:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:87:13:87:31 | type conversion | test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:87:20:87:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:92:13:92:31 | type conversion | test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:92:20:92:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:97:13:97:37 | type conversion | test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:97:20:97:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:102:14:102:45 | type assertion | test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:102:14:102:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:114:14:114:45 | type assertion | test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:114:14:114:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:126:14:126:45 | type assertion | test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:126:14:126:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:143:23:143:62 | type assertion | test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:143:23:143:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:200:14:200:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:200:14:200:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:201:14:201:58 | type conversion | test.go:199:15:199:26 | call to Data | test.go:201:14:201:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:203:14:203:28 | type assertion | test.go:199:15:199:26 | call to Data | test.go:203:14:203:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:204:14:204:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:204:14:204:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:205:14:205:59 | type conversion | test.go:199:15:199:26 | call to Data | test.go:205:14:205:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:209:14:209:28 | type conversion | test.go:208:18:208:33 | selection of Form | test.go:209:14:209:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:208:18:208:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:224:14:224:32 | type conversion | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:226:14:226:20 | content | test.go:223:2:223:34 | ... := ...[0] | test.go:226:14:226:20 | content | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:229:14:229:38 | type conversion | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:2:228:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:265:15:265:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:270:55:270:84 | type conversion | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:270:62:270:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:283:21:283:61 | call to GetDisplayString | test.go:275:2:275:40 | ... := ...[0] | test.go:283:21:283:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:284:21:284:92 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:284:21:284:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:285:21:285:96 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:285:21:285:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:290:3:292:80 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:290:3:292:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:293:21:293:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:293:21:293:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:294:21:294:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:294:21:294:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:295:21:295:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:295:21:295:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:296:21:296:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:296:21:296:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:297:21:297:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:297:21:297:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:298:21:298:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:298:21:298:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:299:21:299:82 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:299:21:299:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:301:21:301:133 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:301:21:301:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:302:21:302:88 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:302:21:302:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:303:21:303:87 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:303:21:303:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 25839baff4d..714f03bdcec 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -1,20 +1,31 @@ edges -| test.go:209:15:209:26 | call to Data | test.go:210:18:210:26 | untrusted | -| test.go:209:15:209:26 | call to Data | test.go:211:10:211:18 | untrusted | -| test.go:209:15:209:26 | call to Data | test.go:212:35:212:43 | untrusted | -| test.go:318:17:318:37 | selection of RequestBody | test.go:318:40:318:43 | &... | -| test.go:318:40:318:43 | &... | test.go:320:35:320:43 | untrusted | +| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | +| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | +| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | +| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | +| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | +| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | +| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | nodes -| test.go:209:15:209:26 | call to Data | semmle.label | call to Data | -| test.go:210:18:210:26 | untrusted | semmle.label | untrusted | -| test.go:211:10:211:18 | untrusted | semmle.label | untrusted | -| test.go:212:35:212:43 | untrusted | semmle.label | untrusted | -| test.go:318:17:318:37 | selection of RequestBody | semmle.label | selection of RequestBody | -| test.go:318:40:318:43 | &... | semmle.label | &... | -| test.go:320:35:320:43 | untrusted | semmle.label | untrusted | +| test.go:215:15:215:26 | call to Data | semmle.label | call to Data | +| test.go:216:18:216:26 | untrusted | semmle.label | untrusted | +| test.go:217:10:217:18 | untrusted | semmle.label | untrusted | +| test.go:218:35:218:43 | untrusted | semmle.label | untrusted | +| test.go:324:17:324:37 | selection of RequestBody | semmle.label | selection of RequestBody | +| test.go:324:40:324:43 | &... | semmle.label | &... | +| test.go:326:35:326:43 | untrusted | semmle.label | untrusted | +| test.go:332:15:332:26 | call to Data | semmle.label | call to Data | +| test.go:334:23:334:31 | untrusted | semmle.label | untrusted | +| test.go:340:15:340:26 | call to Data | semmle.label | call to Data | +| test.go:342:53:342:61 | untrusted | semmle.label | untrusted | +| test.go:344:23:344:31 | untrusted | semmle.label | untrusted | subpaths #select -| test.go:210:18:210:26 | untrusted | test.go:209:15:209:26 | call to Data | test.go:210:18:210:26 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | -| test.go:211:10:211:18 | untrusted | test.go:209:15:209:26 | call to Data | test.go:211:10:211:18 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | -| test.go:212:35:212:43 | untrusted | test.go:209:15:209:26 | call to Data | test.go:212:35:212:43 | untrusted | This path depends on a $@. | test.go:209:15:209:26 | call to Data | user-provided value | -| test.go:320:35:320:43 | untrusted | test.go:318:17:318:37 | selection of RequestBody | test.go:320:35:320:43 | untrusted | This path depends on a $@. | test.go:318:17:318:37 | selection of RequestBody | user-provided value | +| test.go:216:18:216:26 | untrusted | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value | +| test.go:217:10:217:18 | untrusted | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value | +| test.go:218:35:218:43 | untrusted | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value | +| test.go:326:35:326:43 | untrusted | test.go:324:17:324:37 | selection of RequestBody | test.go:326:35:326:43 | untrusted | This path depends on a $@. | test.go:324:17:324:37 | selection of RequestBody | user-provided value | +| test.go:334:23:334:31 | untrusted | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | This path depends on a $@. | test.go:332:15:332:26 | call to Data | user-provided value | +| test.go:342:53:342:61 | untrusted | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value | +| test.go:344:23:344:31 | untrusted | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/Beego/go.mod index 10fdeed3e35..d9e167c5d2e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/go.mod +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/go.mod @@ -4,4 +4,5 @@ go 1.14 require ( github.com/astaxie/beego v1.12.3 -) + github.com/beego/beego/v2 v2.1.2 +) \ No newline at end of file diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go index 4a0d91f6146..2d2af8092de 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/test.go @@ -1,15 +1,21 @@ package test +//go:generate depstubber -vendor github.com/beego/beego/v2/server/web Controller Run,Router +//go:generate depstubber -vendor github.com/beego/beego/v2/server/web/context BeegoOutput,Context + import ( "encoding/json" - "github.com/astaxie/beego" - "github.com/astaxie/beego/context" - "github.com/astaxie/beego/logs" - "github.com/astaxie/beego/utils" "io/ioutil" "mime/multipart" "net/http" "os" + + "github.com/astaxie/beego" + "github.com/astaxie/beego/context" + "github.com/astaxie/beego/logs" + "github.com/astaxie/beego/utils" + beegov2 "github.com/beego/beego/v2/server/web" + Beegov2Context "github.com/beego/beego/v2/server/web/context" ) type subBindMe struct { @@ -319,3 +325,21 @@ func requestBodySourceTest(ctx *context.Context, c *beego.Controller) { untrusted := dat["filepath"].(string) c.SaveToFile("someReceviedFile", untrusted) } + +// BAD: using user-provided data as paths in file-system operations +func fsOpsTest2(ctx *context.Context, c *beego.Controller, fs beego.FileSystem) { + input := ctx.Input + untrusted := input.Data()["someKey"].(string) + beegoOutput := context.BeegoOutput{} + beegoOutput.Download(untrusted, "license.txt") +} + +// BAD: using user-provided data as paths in file-system operations +func fsOpsV2Test(ctx *Beegov2Context.Context, c *beegov2.Controller) { + input := ctx.Input + untrusted := input.Data()["someKey"].(string) + buffer := make([]byte, 10) + _ = c.SaveToFileWithBuffer("filenameExistsInForm", untrusted, buffer) + beegoOutput := Beegov2Context.BeegoOutput{} + beegoOutput.Download(untrusted, "license.txt") +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/context/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/context/stub.go new file mode 100644 index 00000000000..2ed98d3ece0 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/context/stub.go @@ -0,0 +1,404 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/beego/beego/v2/server/web/context, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/beego/beego/v2/server/web/context (exports: BeegoOutput,Context; functions: ) + +// Package context is a stub of github.com/beego/beego/v2/server/web/context, generated by depstubber. +package context + +import ( + bufio "bufio" + net "net" + http "net/http" + reflect "reflect" + time "time" +) + +type BeegoInput struct { + Context *Context + CruSession interface{} + RequestBody []byte + RunMethod string + RunController reflect.Type +} + +func (_ *BeegoInput) AcceptsHTML() bool { + return false +} + +func (_ *BeegoInput) AcceptsJSON() bool { + return false +} + +func (_ *BeegoInput) AcceptsXML() bool { + return false +} + +func (_ *BeegoInput) AcceptsYAML() bool { + return false +} + +func (_ *BeegoInput) Bind(_ interface{}, _ string) error { + return nil +} + +func (_ *BeegoInput) Cookie(_ string) string { + return "" +} + +func (_ *BeegoInput) CopyBody(_ int64) []byte { + return nil +} + +func (_ *BeegoInput) Data() map[interface{}]interface{} { + return nil +} + +func (_ *BeegoInput) Domain() string { + return "" +} + +func (_ *BeegoInput) GetData(_ interface{}) interface{} { + return nil +} + +func (_ *BeegoInput) Header(_ string) string { + return "" +} + +func (_ *BeegoInput) Host() string { + return "" +} + +func (_ *BeegoInput) IP() string { + return "" +} + +func (_ *BeegoInput) Is(_ string) bool { + return false +} + +func (_ *BeegoInput) IsAjax() bool { + return false +} + +func (_ *BeegoInput) IsDelete() bool { + return false +} + +func (_ *BeegoInput) IsGet() bool { + return false +} + +func (_ *BeegoInput) IsHead() bool { + return false +} + +func (_ *BeegoInput) IsOptions() bool { + return false +} + +func (_ *BeegoInput) IsPatch() bool { + return false +} + +func (_ *BeegoInput) IsPost() bool { + return false +} + +func (_ *BeegoInput) IsPut() bool { + return false +} + +func (_ *BeegoInput) IsSecure() bool { + return false +} + +func (_ *BeegoInput) IsUpload() bool { + return false +} + +func (_ *BeegoInput) IsWebsocket() bool { + return false +} + +func (_ *BeegoInput) Method() string { + return "" +} + +func (_ *BeegoInput) Param(_ string) string { + return "" +} + +func (_ *BeegoInput) Params() map[string]string { + return nil +} + +func (_ *BeegoInput) ParamsLen() int { + return 0 +} + +func (_ *BeegoInput) ParseFormOrMultiForm(_ int64) error { + return nil +} + +func (_ *BeegoInput) Port() int { + return 0 +} + +func (_ *BeegoInput) Protocol() string { + return "" +} + +func (_ *BeegoInput) Proxy() []string { + return nil +} + +func (_ *BeegoInput) Query(_ string) string { + return "" +} + +func (_ *BeegoInput) Refer() string { + return "" +} + +func (_ *BeegoInput) Referer() string { + return "" +} + +func (_ *BeegoInput) Reset(_ *Context) {} + +func (_ *BeegoInput) ResetParams() {} + +func (_ *BeegoInput) Scheme() string { + return "" +} + +func (_ *BeegoInput) Session(_ interface{}) interface{} { + return nil +} + +func (_ *BeegoInput) SetData(_ interface{}, _ interface{}) {} + +func (_ *BeegoInput) SetParam(_ string, _ string) {} + +func (_ *BeegoInput) Site() string { + return "" +} + +func (_ *BeegoInput) SubDomains() string { + return "" +} + +func (_ *BeegoInput) URI() string { + return "" +} + +func (_ *BeegoInput) URL() string { + return "" +} + +func (_ *BeegoInput) UserAgent() string { + return "" +} + +type BeegoOutput struct { + Context *Context + Status int + EnableGzip bool +} + +func (_ *BeegoOutput) Body(_ []byte) error { + return nil +} + +func (_ *BeegoOutput) ContentType(_ string) {} + +func (_ *BeegoOutput) Cookie(_ string, _ string, _ ...interface{}) {} + +func (_ *BeegoOutput) Download(_ string, _ ...string) {} + +func (_ *BeegoOutput) Header(_ string, _ string) {} + +func (_ *BeegoOutput) IsCachable() bool { + return false +} + +func (_ *BeegoOutput) IsClientError() bool { + return false +} + +func (_ *BeegoOutput) IsEmpty() bool { + return false +} + +func (_ *BeegoOutput) IsForbidden() bool { + return false +} + +func (_ *BeegoOutput) IsNotFound() bool { + return false +} + +func (_ *BeegoOutput) IsOk() bool { + return false +} + +func (_ *BeegoOutput) IsRedirect() bool { + return false +} + +func (_ *BeegoOutput) IsServerError() bool { + return false +} + +func (_ *BeegoOutput) IsSuccessful() bool { + return false +} + +func (_ *BeegoOutput) JSON(_ interface{}, _ bool, _ bool) error { + return nil +} + +func (_ *BeegoOutput) JSONP(_ interface{}, _ bool) error { + return nil +} + +func (_ *BeegoOutput) Proto(_ interface{}) error { + return nil +} + +func (_ *BeegoOutput) Reset(_ *Context) {} + +func (_ *BeegoOutput) ServeFormatted(_ interface{}, _ bool, _ ...bool) error { + return nil +} + +func (_ *BeegoOutput) Session(_ interface{}, _ interface{}) {} + +func (_ *BeegoOutput) SetStatus(_ int) {} + +func (_ *BeegoOutput) XML(_ interface{}, _ bool) error { + return nil +} + +func (_ *BeegoOutput) YAML(_ interface{}) error { + return nil +} + +type Context struct { + Input *BeegoInput + Output *BeegoOutput + Request *http.Request + ResponseWriter *Response +} + +func (_ *Context) Abort(_ int, _ string) {} + +func (_ *Context) Bind(_ interface{}) error { + return nil +} + +func (_ *Context) BindForm(_ interface{}) error { + return nil +} + +func (_ *Context) BindJSON(_ interface{}) error { + return nil +} + +func (_ *Context) BindProtobuf(_ interface{}) error { + return nil +} + +func (_ *Context) BindXML(_ interface{}) error { + return nil +} + +func (_ *Context) BindYAML(_ interface{}) error { + return nil +} + +func (_ *Context) CheckXSRFCookie() bool { + return false +} + +func (_ *Context) GetCookie(_ string) string { + return "" +} + +func (_ *Context) GetSecureCookie(_ string, _ string) (string, bool) { + return "", false +} + +func (_ *Context) JSONResp(_ interface{}) error { + return nil +} + +func (_ *Context) ProtoResp(_ interface{}) error { + return nil +} + +func (_ *Context) Redirect(_ int, _ string) {} + +func (_ *Context) RenderMethodResult(_ interface{}) {} + +func (_ *Context) Reset(_ http.ResponseWriter, _ *http.Request) {} + +func (_ *Context) Resp(_ interface{}) error { + return nil +} + +func (_ *Context) Session() (interface{}, error) { + return nil, nil +} + +func (_ *Context) SetCookie(_ string, _ string, _ ...interface{}) {} + +func (_ *Context) SetSecureCookie(_ string, _ string, _ string, _ ...interface{}) {} + +func (_ *Context) WriteString(_ string) {} + +func (_ *Context) XMLResp(_ interface{}) error { + return nil +} + +func (_ *Context) XSRFToken(_ string, _ int64) string { + return "" +} + +func (_ *Context) YamlResp(_ interface{}) error { + return nil +} + +type Response struct { + ResponseWriter http.ResponseWriter + Started bool + Status int + Elapsed time.Duration +} + +func (_ Response) Header() http.Header { + return nil +} + +func (_ *Response) CloseNotify() <-chan bool { + return nil +} + +func (_ *Response) Flush() {} + +func (_ *Response) Hijack() (net.Conn, *bufio.ReadWriter, error) { + return nil, nil, nil +} + +func (_ *Response) Pusher() http.Pusher { + return nil +} + +func (_ *Response) Write(_ []byte) (int, error) { + return 0, nil +} + +func (_ *Response) WriteHeader(_ int) {} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/stub.go new file mode 100644 index 00000000000..1473841910d --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/github.com/beego/beego/v2/server/web/stub.go @@ -0,0 +1,614 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/beego/beego/v2/server/web, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/beego/beego/v2/server/web (exports: Controller; functions: Run,Router) + +// Package web is a stub of github.com/beego/beego/v2/server/web, generated by depstubber. +package web + +import ( + multipart "mime/multipart" + http "net/http" + url "net/url" + time "time" +) + +type Config struct { + AppName string + RunMode string + RouterCaseSensitive bool + RecoverPanic bool + CopyRequestBody bool + EnableGzip bool + EnableErrorsShow bool + EnableErrorsRender bool + ServerName string + RecoverFunc func(interface{}, *Config) + MaxMemory int64 + MaxUploadSize int64 + Listen Listen + WebConfig WebConfig + Log LogConfig +} + +type Controller struct { + Ctx interface{} + Data map[interface{}]interface{} + AppController interface{} + TplName string + ViewPath string + Layout string + LayoutSections map[string]string + TplPrefix string + TplExt string + EnableRender bool + EnableXSRF bool + XSRFExpire int + CruSession interface{} +} + +func (_ *Controller) Abort(_ string) {} + +func (_ *Controller) Bind(_ interface{}) error { + return nil +} + +func (_ *Controller) BindForm(_ interface{}) error { + return nil +} + +func (_ *Controller) BindJSON(_ interface{}) error { + return nil +} + +func (_ *Controller) BindProtobuf(_ interface{}) error { + return nil +} + +func (_ *Controller) BindXML(_ interface{}) error { + return nil +} + +func (_ *Controller) BindYAML(_ interface{}) error { + return nil +} + +func (_ *Controller) CheckXSRFCookie() bool { + return false +} + +func (_ *Controller) CustomAbort(_ int, _ string) {} + +func (_ *Controller) DelSession(_ interface{}) error { + return nil +} + +func (_ *Controller) Delete() {} + +func (_ *Controller) DestroySession() error { + return nil +} + +func (_ *Controller) Finish() {} + +func (_ *Controller) Get() {} + +func (_ *Controller) GetBool(_ string, _ ...bool) (bool, error) { + return false, nil +} + +func (_ *Controller) GetControllerAndAction() (string, string) { + return "", "" +} + +func (_ *Controller) GetFile(_ string) (multipart.File, *multipart.FileHeader, error) { + return nil, nil, nil +} + +func (_ *Controller) GetFiles(_ string) ([]*multipart.FileHeader, error) { + return nil, nil +} + +func (_ *Controller) GetFloat(_ string, _ ...float64) (float64, error) { + return 0, nil +} + +func (_ *Controller) GetInt(_ string, _ ...int) (int, error) { + return 0, nil +} + +func (_ *Controller) GetInt16(_ string, _ ...int16) (int16, error) { + return 0, nil +} + +func (_ *Controller) GetInt32(_ string, _ ...int32) (int32, error) { + return 0, nil +} + +func (_ *Controller) GetInt64(_ string, _ ...int64) (int64, error) { + return 0, nil +} + +func (_ *Controller) GetInt8(_ string, _ ...int8) (int8, error) { + return 0, nil +} + +func (_ *Controller) GetSecureCookie(_ string, _ string) (string, bool) { + return "", false +} + +func (_ *Controller) GetSession(_ interface{}) interface{} { + return nil +} + +func (_ *Controller) GetString(_ string, _ ...string) string { + return "" +} + +func (_ *Controller) GetStrings(_ string, _ ...[]string) []string { + return nil +} + +func (_ *Controller) GetUint16(_ string, _ ...uint16) (uint16, error) { + return 0, nil +} + +func (_ *Controller) GetUint32(_ string, _ ...uint32) (uint32, error) { + return 0, nil +} + +func (_ *Controller) GetUint64(_ string, _ ...uint64) (uint64, error) { + return 0, nil +} + +func (_ *Controller) GetUint8(_ string, _ ...byte) (byte, error) { + return 0, nil +} + +func (_ *Controller) HandlerFunc(_ string) bool { + return false +} + +func (_ *Controller) Head() {} + +func (_ *Controller) Init(_ interface{}, _ string, _ string, _ interface{}) {} + +func (_ *Controller) Input() (url.Values, error) { + return nil, nil +} + +func (_ *Controller) IsAjax() bool { + return false +} + +func (_ *Controller) JSONResp(_ interface{}) error { + return nil +} + +func (_ *Controller) Mapping(_ string, _ func()) {} + +func (_ *Controller) Options() {} + +func (_ *Controller) ParseForm(_ interface{}) error { + return nil +} + +func (_ *Controller) Patch() {} + +func (_ *Controller) Post() {} + +func (_ *Controller) Prepare() {} + +func (_ *Controller) Put() {} + +func (_ *Controller) Redirect(_ string, _ int) {} + +func (_ *Controller) Render() error { + return nil +} + +func (_ *Controller) RenderBytes() ([]byte, error) { + return nil, nil +} + +func (_ *Controller) RenderString() (string, error) { + return "", nil +} + +func (_ *Controller) Resp(_ interface{}) error { + return nil +} + +func (_ *Controller) SaveToFile(_ string, _ string) error { + return nil +} + +func (_ *Controller) SaveToFileWithBuffer(_ string, _ string, _ []byte) error { + return nil +} + +func (_ *Controller) ServeFormatted(_ ...bool) error { + return nil +} + +func (_ *Controller) ServeJSON(_ ...bool) error { + return nil +} + +func (_ *Controller) ServeJSONP() error { + return nil +} + +func (_ *Controller) ServeXML() error { + return nil +} + +func (_ *Controller) ServeYAML() error { + return nil +} + +func (_ *Controller) SessionRegenerateID() error { + return nil +} + +func (_ *Controller) SetData(_ interface{}) {} + +func (_ *Controller) SetSecureCookie(_ string, _ string, _ string, _ ...interface{}) {} + +func (_ *Controller) SetSession(_ interface{}, _ interface{}) error { + return nil +} + +func (_ *Controller) StartSession() interface{} { + return nil +} + +func (_ *Controller) StopRun() {} + +func (_ *Controller) Trace() {} + +func (_ *Controller) URLFor(_ string, _ ...interface{}) string { + return "" +} + +func (_ *Controller) URLMapping() {} + +func (_ *Controller) XMLResp(_ interface{}) error { + return nil +} + +func (_ *Controller) XSRFFormHTML() string { + return "" +} + +func (_ *Controller) XSRFToken() string { + return "" +} + +func (_ *Controller) YamlResp(_ interface{}) error { + return nil +} + +type ControllerInfo struct{} + +func (_ *ControllerInfo) GetMethod() map[string]string { + return nil +} + +func (_ *ControllerInfo) GetPattern() string { + return "" +} + +type ControllerInterface interface { + CheckXSRFCookie() bool + Delete() + Finish() + Get() + HandlerFunc(_ string) bool + Head() + Init(_ interface{}, _ string, _ string, _ interface{}) + Options() + Patch() + Post() + Prepare() + Put() + Render() error + Trace() + URLMapping() + XSRFToken() string +} + +type ControllerOption func(*ControllerInfo) + +type ControllerRegister struct{} + +func (_ *ControllerRegister) Add(_ string, _ ControllerInterface, _ ...ControllerOption) {} + +func (_ *ControllerRegister) AddAuto(_ ControllerInterface) {} + +func (_ *ControllerRegister) AddAutoPrefix(_ string, _ ControllerInterface) {} + +func (_ *ControllerRegister) AddMethod(_ string, _ string, _ HandleFunc) {} + +func (_ *ControllerRegister) AddRouterMethod(_ string, _ string, _ interface{}) {} + +func (_ *ControllerRegister) Any(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) CtrlAny(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlDelete(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlGet(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlHead(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlOptions(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlPatch(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlPost(_ string, _ interface{}) {} + +func (_ *ControllerRegister) CtrlPut(_ string, _ interface{}) {} + +func (_ *ControllerRegister) Delete(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) FindPolicy(_ interface{}) []PolicyFunc { + return nil +} + +func (_ *ControllerRegister) FindRouter(_ interface{}) (*ControllerInfo, bool) { + return nil, false +} + +func (_ *ControllerRegister) Get(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) GetAllControllerInfo() []*ControllerInfo { + return nil +} + +func (_ *ControllerRegister) GetContext() interface{} { + return nil +} + +func (_ *ControllerRegister) GiveBackContext(_ interface{}) {} + +func (_ *ControllerRegister) Handler(_ string, _ http.Handler, _ ...interface{}) {} + +func (_ *ControllerRegister) Head(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) Include(_ ...ControllerInterface) {} + +func (_ *ControllerRegister) Init() {} + +func (_ *ControllerRegister) InsertFilter(_ string, _ int, _ HandleFunc, _ ...FilterOpt) error { + return nil +} + +func (_ *ControllerRegister) InsertFilterChain(_ string, _ FilterChain, _ ...FilterOpt) {} + +func (_ *ControllerRegister) Options(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) Patch(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) Post(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) Put(_ string, _ HandleFunc) {} + +func (_ *ControllerRegister) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {} + +func (_ *ControllerRegister) URLFor(_ string, _ ...interface{}) string { + return "" +} + +type FilterChain func(HandleFunc) HandleFunc + +type FilterOpt func(interface{}) + +type HandleFunc func(interface{}) + +type HttpServer struct { + Handlers *ControllerRegister + Server *http.Server + Cfg *Config + LifeCycleCallbacks []LifeCycleCallback +} + +func (_ *HttpServer) Any(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) AutoPrefix(_ string, _ ControllerInterface) *HttpServer { + return nil +} + +func (_ *HttpServer) AutoRouter(_ ControllerInterface) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlAny(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlDelete(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlGet(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlHead(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlOptions(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlPatch(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlPost(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) CtrlPut(_ string, _ interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) Delete(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) Get(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) Handler(_ string, _ http.Handler, _ ...interface{}) *HttpServer { + return nil +} + +func (_ *HttpServer) Head(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) Include(_ ...ControllerInterface) *HttpServer { + return nil +} + +func (_ *HttpServer) InsertFilter(_ string, _ int, _ HandleFunc, _ ...FilterOpt) *HttpServer { + return nil +} + +func (_ *HttpServer) InsertFilterChain(_ string, _ FilterChain, _ ...FilterOpt) *HttpServer { + return nil +} + +func (_ *HttpServer) LogAccess(_ interface{}, _ *time.Time, _ int) {} + +func (_ *HttpServer) Options(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) Patch(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) Post(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) PrintTree() M { + return nil +} + +func (_ *HttpServer) Put(_ string, _ HandleFunc) *HttpServer { + return nil +} + +func (_ *HttpServer) RESTRouter(_ string, _ ControllerInterface) *HttpServer { + return nil +} + +func (_ *HttpServer) Router(_ string, _ ControllerInterface, _ ...string) *HttpServer { + return nil +} + +func (_ *HttpServer) RouterWithOpts(_ string, _ ControllerInterface, _ ...ControllerOption) *HttpServer { + return nil +} + +func (_ *HttpServer) Run(_ string, _ ...MiddleWare) {} + +func (_ *HttpServer) UnregisterFixedRoute(_ string, _ string) *HttpServer { + return nil +} + +type LifeCycleCallback interface { + AfterStart(_ *HttpServer) + BeforeShutdown(_ *HttpServer) +} + +type Listen struct { + Graceful bool + ListenTCP4 bool + EnableHTTP bool + AutoTLS bool + EnableHTTPS bool + EnableMutualHTTPS bool + EnableAdmin bool + EnableFcgi bool + EnableStdIo bool + ServerTimeOut int64 + HTTPAddr string + HTTPPort int + Domains []string + TLSCacheDir string + HTTPSAddr string + HTTPSPort int + HTTPSCertFile string + HTTPSKeyFile string + TrustCaFile string + AdminAddr string + AdminPort int + ClientAuth int +} + +type LogConfig struct { + AccessLogs bool + EnableStaticLogs bool + FileLineNum bool + AccessLogsFormat string + Outputs map[string]string +} + +type M map[string]interface{} + +type MiddleWare func(http.Handler) http.Handler + +type PolicyFunc func(interface{}) + +func Router(_ string, _ ControllerInterface, _ ...string) *HttpServer { + return nil +} + +func Run(_ ...string) {} + +type SessionConfig struct { + SessionOn bool + SessionAutoSetCookie bool + SessionDisableHTTPOnly bool + SessionEnableSidInHTTPHeader bool + SessionEnableSidInURLQuery bool + SessionProvider string + SessionName string + SessionGCMaxLifetime int64 + SessionProviderConfig string + SessionCookieLifeTime int + SessionDomain string + SessionNameInHTTPHeader string + SessionCookieSameSite http.SameSite + SessionIDPrefix string +} + +type WebConfig struct { + AutoRender bool + EnableDocs bool + EnableXSRF bool + DirectoryIndex bool + FlashName string + FlashSeparator string + StaticDir map[string]string + StaticExtensionsToGzip []string + StaticCacheFileSize int + StaticCacheFileNum int + TemplateLeft string + TemplateRight string + ViewsPath string + CommentRouterPath string + XSRFKey string + XSRFExpire int + Session SessionConfig +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt index 864abfe6c70..bb2db0e47da 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt @@ -1,3 +1,6 @@ # github.com/astaxie/beego v1.12.3 ## explicit github.com/astaxie/beego +# github.com/beego/beego/v2 v2.1.2 +## explicit +github.com/beego/beego/v2 diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected index c907ed37229..12bab8f680e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected @@ -1,28 +1,28 @@ edges -| test.go:170:2:170:6 | definition of param | test.go:171:20:171:24 | param | -| test.go:170:11:170:32 | call to Param | test.go:170:2:170:6 | definition of param | -| test.go:176:2:176:6 | definition of param | test.go:180:24:180:28 | param | -| test.go:176:11:176:32 | call to Param | test.go:176:2:176:6 | definition of param | -| test.go:180:24:180:28 | param | test.go:180:20:180:28 | ...+... | -| test.go:188:2:188:4 | definition of url | test.go:191:21:191:23 | url | -| test.go:188:9:188:26 | star expression | test.go:188:2:188:4 | definition of url | -| test.go:188:9:188:26 | star expression | test.go:188:10:188:26 | selection of URL | -| test.go:188:10:188:26 | selection of URL | test.go:188:9:188:26 | star expression | -| test.go:191:21:191:23 | url | test.go:191:21:191:32 | call to String | +| test.go:172:2:172:6 | definition of param | test.go:173:20:173:24 | param | +| test.go:172:11:172:32 | call to Param | test.go:172:2:172:6 | definition of param | +| test.go:178:2:178:6 | definition of param | test.go:182:24:182:28 | param | +| test.go:178:11:178:32 | call to Param | test.go:178:2:178:6 | definition of param | +| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | +| test.go:190:2:190:4 | definition of url | test.go:193:21:193:23 | url | +| test.go:190:9:190:26 | star expression | test.go:190:2:190:4 | definition of url | +| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | +| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | +| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | nodes -| test.go:170:2:170:6 | definition of param | semmle.label | definition of param | -| test.go:170:11:170:32 | call to Param | semmle.label | call to Param | -| test.go:171:20:171:24 | param | semmle.label | param | -| test.go:176:2:176:6 | definition of param | semmle.label | definition of param | -| test.go:176:11:176:32 | call to Param | semmle.label | call to Param | -| test.go:180:20:180:28 | ...+... | semmle.label | ...+... | -| test.go:180:24:180:28 | param | semmle.label | param | -| test.go:188:2:188:4 | definition of url | semmle.label | definition of url | -| test.go:188:9:188:26 | star expression | semmle.label | star expression | -| test.go:188:10:188:26 | selection of URL | semmle.label | selection of URL | -| test.go:191:21:191:23 | url | semmle.label | url | -| test.go:191:21:191:32 | call to String | semmle.label | call to String | +| test.go:172:2:172:6 | definition of param | semmle.label | definition of param | +| test.go:172:11:172:32 | call to Param | semmle.label | call to Param | +| test.go:173:20:173:24 | param | semmle.label | param | +| test.go:178:2:178:6 | definition of param | semmle.label | definition of param | +| test.go:178:11:178:32 | call to Param | semmle.label | call to Param | +| test.go:182:20:182:28 | ...+... | semmle.label | ...+... | +| test.go:182:24:182:28 | param | semmle.label | param | +| test.go:190:2:190:4 | definition of url | semmle.label | definition of url | +| test.go:190:9:190:26 | star expression | semmle.label | star expression | +| test.go:190:10:190:26 | selection of URL | semmle.label | selection of URL | +| test.go:193:21:193:23 | url | semmle.label | url | +| test.go:193:21:193:32 | call to String | semmle.label | call to String | subpaths #select -| test.go:171:20:171:24 | param | test.go:170:11:170:32 | call to Param | test.go:171:20:171:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:170:11:170:32 | call to Param | user-provided value | -| test.go:180:20:180:28 | ...+... | test.go:176:11:176:32 | call to Param | test.go:180:20:180:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:176:11:176:32 | call to Param | user-provided value | +| test.go:173:20:173:24 | param | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:172:11:172:32 | call to Param | user-provided value | +| test.go:182:20:182:28 | ...+... | test.go:178:11:178:32 | call to Param | test.go:182:20:182:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index 7903ecc04ea..05a6ac2869b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -1,106 +1,106 @@ edges -| test.go:13:11:13:32 | call to Param | test.go:14:16:14:20 | param | -| test.go:19:11:19:27 | call to ParamValues | test.go:20:16:20:20 | param | -| test.go:25:11:25:37 | call to QueryParam | test.go:26:16:26:20 | param | -| test.go:31:11:31:27 | call to QueryParams | test.go:32:16:32:20 | param | -| test.go:37:10:37:26 | call to QueryString | test.go:38:16:38:19 | qstr | -| test.go:43:9:43:34 | call to FormValue | test.go:44:16:44:18 | val | -| test.go:49:2:49:30 | ... := ...[0] | test.go:50:16:50:37 | index expression | -| test.go:55:2:55:46 | ... := ...[0] | test.go:56:13:56:22 | fileHeader | -| test.go:56:2:56:29 | ... := ...[0] | test.go:58:2:58:5 | file | -| test.go:56:13:56:22 | fileHeader | test.go:56:2:56:29 | ... := ...[0] | -| test.go:57:2:57:7 | definition of buffer | test.go:59:20:59:25 | buffer | -| test.go:58:2:58:5 | file | test.go:57:2:57:7 | definition of buffer | -| test.go:64:2:64:31 | ... := ...[0] | test.go:65:16:65:41 | index expression | -| test.go:70:2:70:31 | ... := ...[0] | test.go:72:13:72:22 | fileHeader | -| test.go:72:2:72:29 | ... := ...[0] | test.go:74:2:74:5 | file | -| test.go:72:13:72:22 | fileHeader | test.go:72:2:72:29 | ... := ...[0] | -| test.go:73:2:73:7 | definition of buffer | test.go:75:20:75:25 | buffer | -| test.go:74:2:74:5 | file | test.go:73:2:73:7 | definition of buffer | -| test.go:80:2:80:32 | ... := ...[0] | test.go:81:16:81:24 | selection of Value | -| test.go:86:13:86:25 | call to Cookies | test.go:87:16:87:31 | selection of Value | -| test.go:97:11:97:15 | &... | test.go:98:16:98:21 | selection of s | -| test.go:110:17:110:19 | definition of ctx | test.go:112:16:112:18 | ctx | -| test.go:111:21:111:42 | call to Param | test.go:110:17:110:19 | definition of ctx | -| test.go:112:16:112:18 | ctx | test.go:112:16:112:33 | call to Get | -| test.go:112:16:112:33 | call to Get | test.go:112:16:112:42 | type assertion | -| test.go:122:11:122:32 | call to Param | test.go:123:16:123:20 | param | -| test.go:128:11:128:32 | call to Param | test.go:129:20:129:32 | type conversion | -| test.go:134:11:134:32 | call to Param | test.go:135:29:135:41 | type conversion | -| test.go:146:11:146:32 | call to Param | test.go:147:30:147:34 | param | -| test.go:147:12:147:35 | call to NewReader | test.go:148:31:148:36 | reader | -| test.go:147:30:147:34 | param | test.go:147:12:147:35 | call to NewReader | -| test.go:162:11:162:32 | call to Param | test.go:163:23:163:35 | type conversion | +| test.go:15:11:15:32 | call to Param | test.go:16:16:16:20 | param | +| test.go:21:11:21:27 | call to ParamValues | test.go:22:16:22:20 | param | +| test.go:27:11:27:37 | call to QueryParam | test.go:28:16:28:20 | param | +| test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | +| test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | +| test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | +| test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | +| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | +| test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | +| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | +| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | +| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | +| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | +| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | +| test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | +| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | +| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | +| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | +| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | +| test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | +| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | +| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | +| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | +| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | +| test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | +| test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | +| test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | +| test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | +| test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | +| test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | +| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | +| test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | nodes -| test.go:13:11:13:32 | call to Param | semmle.label | call to Param | -| test.go:14:16:14:20 | param | semmle.label | param | -| test.go:19:11:19:27 | call to ParamValues | semmle.label | call to ParamValues | -| test.go:20:16:20:20 | param | semmle.label | param | -| test.go:25:11:25:37 | call to QueryParam | semmle.label | call to QueryParam | -| test.go:26:16:26:20 | param | semmle.label | param | -| test.go:31:11:31:27 | call to QueryParams | semmle.label | call to QueryParams | -| test.go:32:16:32:20 | param | semmle.label | param | -| test.go:37:10:37:26 | call to QueryString | semmle.label | call to QueryString | -| test.go:38:16:38:19 | qstr | semmle.label | qstr | -| test.go:43:9:43:34 | call to FormValue | semmle.label | call to FormValue | -| test.go:44:16:44:18 | val | semmle.label | val | -| test.go:49:2:49:30 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:50:16:50:37 | index expression | semmle.label | index expression | -| test.go:55:2:55:46 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:56:2:56:29 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:56:13:56:22 | fileHeader | semmle.label | fileHeader | -| test.go:57:2:57:7 | definition of buffer | semmle.label | definition of buffer | -| test.go:58:2:58:5 | file | semmle.label | file | -| test.go:59:20:59:25 | buffer | semmle.label | buffer | -| test.go:64:2:64:31 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:65:16:65:41 | index expression | semmle.label | index expression | -| test.go:70:2:70:31 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:72:2:72:29 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:72:13:72:22 | fileHeader | semmle.label | fileHeader | -| test.go:73:2:73:7 | definition of buffer | semmle.label | definition of buffer | -| test.go:74:2:74:5 | file | semmle.label | file | -| test.go:75:20:75:25 | buffer | semmle.label | buffer | -| test.go:80:2:80:32 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:81:16:81:24 | selection of Value | semmle.label | selection of Value | -| test.go:86:13:86:25 | call to Cookies | semmle.label | call to Cookies | -| test.go:87:16:87:31 | selection of Value | semmle.label | selection of Value | -| test.go:97:11:97:15 | &... | semmle.label | &... | -| test.go:98:16:98:21 | selection of s | semmle.label | selection of s | -| test.go:110:17:110:19 | definition of ctx | semmle.label | definition of ctx | -| test.go:111:21:111:42 | call to Param | semmle.label | call to Param | -| test.go:112:16:112:18 | ctx | semmle.label | ctx | -| test.go:112:16:112:33 | call to Get | semmle.label | call to Get | -| test.go:112:16:112:42 | type assertion | semmle.label | type assertion | -| test.go:122:11:122:32 | call to Param | semmle.label | call to Param | -| test.go:123:16:123:20 | param | semmle.label | param | -| test.go:128:11:128:32 | call to Param | semmle.label | call to Param | -| test.go:129:20:129:32 | type conversion | semmle.label | type conversion | -| test.go:134:11:134:32 | call to Param | semmle.label | call to Param | -| test.go:135:29:135:41 | type conversion | semmle.label | type conversion | -| test.go:146:11:146:32 | call to Param | semmle.label | call to Param | -| test.go:147:12:147:35 | call to NewReader | semmle.label | call to NewReader | -| test.go:147:30:147:34 | param | semmle.label | param | -| test.go:148:31:148:36 | reader | semmle.label | reader | -| test.go:162:11:162:32 | call to Param | semmle.label | call to Param | -| test.go:163:23:163:35 | type conversion | semmle.label | type conversion | +| test.go:15:11:15:32 | call to Param | semmle.label | call to Param | +| test.go:16:16:16:20 | param | semmle.label | param | +| test.go:21:11:21:27 | call to ParamValues | semmle.label | call to ParamValues | +| test.go:22:16:22:20 | param | semmle.label | param | +| test.go:27:11:27:37 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:28:16:28:20 | param | semmle.label | param | +| test.go:33:11:33:27 | call to QueryParams | semmle.label | call to QueryParams | +| test.go:34:16:34:20 | param | semmle.label | param | +| test.go:39:10:39:26 | call to QueryString | semmle.label | call to QueryString | +| test.go:40:16:40:19 | qstr | semmle.label | qstr | +| test.go:45:9:45:34 | call to FormValue | semmle.label | call to FormValue | +| test.go:46:16:46:18 | val | semmle.label | val | +| test.go:51:2:51:30 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:52:16:52:37 | index expression | semmle.label | index expression | +| test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader | +| test.go:59:2:59:7 | definition of buffer | semmle.label | definition of buffer | +| test.go:60:2:60:5 | file | semmle.label | file | +| test.go:61:20:61:25 | buffer | semmle.label | buffer | +| test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:67:16:67:41 | index expression | semmle.label | index expression | +| test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader | +| test.go:75:2:75:7 | definition of buffer | semmle.label | definition of buffer | +| test.go:76:2:76:5 | file | semmle.label | file | +| test.go:77:20:77:25 | buffer | semmle.label | buffer | +| test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] | +| test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value | +| test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies | +| test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value | +| test.go:99:11:99:15 | &... | semmle.label | &... | +| test.go:100:16:100:21 | selection of s | semmle.label | selection of s | +| test.go:112:17:112:19 | definition of ctx | semmle.label | definition of ctx | +| test.go:113:21:113:42 | call to Param | semmle.label | call to Param | +| test.go:114:16:114:18 | ctx | semmle.label | ctx | +| test.go:114:16:114:33 | call to Get | semmle.label | call to Get | +| test.go:114:16:114:42 | type assertion | semmle.label | type assertion | +| test.go:124:11:124:32 | call to Param | semmle.label | call to Param | +| test.go:125:16:125:20 | param | semmle.label | param | +| test.go:130:11:130:32 | call to Param | semmle.label | call to Param | +| test.go:131:20:131:32 | type conversion | semmle.label | type conversion | +| test.go:136:11:136:32 | call to Param | semmle.label | call to Param | +| test.go:137:29:137:41 | type conversion | semmle.label | type conversion | +| test.go:148:11:148:32 | call to Param | semmle.label | call to Param | +| test.go:149:12:149:35 | call to NewReader | semmle.label | call to NewReader | +| test.go:149:30:149:34 | param | semmle.label | param | +| test.go:150:31:150:36 | reader | semmle.label | reader | +| test.go:164:11:164:32 | call to Param | semmle.label | call to Param | +| test.go:165:23:165:35 | type conversion | semmle.label | type conversion | subpaths #select -| test.go:14:16:14:20 | param | test.go:13:11:13:32 | call to Param | test.go:14:16:14:20 | param | Cross-site scripting vulnerability due to $@. | test.go:13:11:13:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:20:16:20:20 | param | test.go:19:11:19:27 | call to ParamValues | test.go:20:16:20:20 | param | Cross-site scripting vulnerability due to $@. | test.go:19:11:19:27 | call to ParamValues | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:26:16:26:20 | param | test.go:25:11:25:37 | call to QueryParam | test.go:26:16:26:20 | param | Cross-site scripting vulnerability due to $@. | test.go:25:11:25:37 | call to QueryParam | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:32:16:32:20 | param | test.go:31:11:31:27 | call to QueryParams | test.go:32:16:32:20 | param | Cross-site scripting vulnerability due to $@. | test.go:31:11:31:27 | call to QueryParams | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:38:16:38:19 | qstr | test.go:37:10:37:26 | call to QueryString | test.go:38:16:38:19 | qstr | Cross-site scripting vulnerability due to $@. | test.go:37:10:37:26 | call to QueryString | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:44:16:44:18 | val | test.go:43:9:43:34 | call to FormValue | test.go:44:16:44:18 | val | Cross-site scripting vulnerability due to $@. | test.go:43:9:43:34 | call to FormValue | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:50:16:50:37 | index expression | test.go:49:2:49:30 | ... := ...[0] | test.go:50:16:50:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:49:2:49:30 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:59:20:59:25 | buffer | test.go:55:2:55:46 | ... := ...[0] | test.go:59:20:59:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:55:2:55:46 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:65:16:65:41 | index expression | test.go:64:2:64:31 | ... := ...[0] | test.go:65:16:65:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:64:2:64:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:75:20:75:25 | buffer | test.go:70:2:70:31 | ... := ...[0] | test.go:75:20:75:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:70:2:70:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:81:16:81:24 | selection of Value | test.go:80:2:80:32 | ... := ...[0] | test.go:81:16:81:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:80:2:80:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:87:16:87:31 | selection of Value | test.go:86:13:86:25 | call to Cookies | test.go:87:16:87:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:86:13:86:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:98:16:98:21 | selection of s | test.go:97:11:97:15 | &... | test.go:98:16:98:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:97:11:97:15 | &... | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:112:16:112:42 | type assertion | test.go:111:21:111:42 | call to Param | test.go:112:16:112:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:111:21:111:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:123:16:123:20 | param | test.go:122:11:122:32 | call to Param | test.go:123:16:123:20 | param | Cross-site scripting vulnerability due to $@. | test.go:122:11:122:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:129:20:129:32 | type conversion | test.go:128:11:128:32 | call to Param | test.go:129:20:129:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:128:11:128:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:135:29:135:41 | type conversion | test.go:134:11:134:32 | call to Param | test.go:135:29:135:41 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:134:11:134:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:148:31:148:36 | reader | test.go:146:11:146:32 | call to Param | test.go:148:31:148:36 | reader | Cross-site scripting vulnerability due to $@. | test.go:146:11:146:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:163:23:163:35 | type conversion | test.go:162:11:162:32 | call to Param | test.go:163:23:163:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:162:11:162:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:16:16:16:20 | param | test.go:15:11:15:32 | call to Param | test.go:16:16:16:20 | param | Cross-site scripting vulnerability due to $@. | test.go:15:11:15:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:22:16:22:20 | param | test.go:21:11:21:27 | call to ParamValues | test.go:22:16:22:20 | param | Cross-site scripting vulnerability due to $@. | test.go:21:11:21:27 | call to ParamValues | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:28:16:28:20 | param | test.go:27:11:27:37 | call to QueryParam | test.go:28:16:28:20 | param | Cross-site scripting vulnerability due to $@. | test.go:27:11:27:37 | call to QueryParam | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:34:16:34:20 | param | test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | Cross-site scripting vulnerability due to $@. | test.go:33:11:33:27 | call to QueryParams | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:40:16:40:19 | qstr | test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | Cross-site scripting vulnerability due to $@. | test.go:39:10:39:26 | call to QueryString | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:46:16:46:18 | val | test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | Cross-site scripting vulnerability due to $@. | test.go:45:9:45:34 | call to FormValue | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:52:16:52:37 | index expression | test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:51:2:51:30 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:61:20:61:25 | buffer | test.go:57:2:57:46 | ... := ...[0] | test.go:61:20:61:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:57:2:57:46 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:67:16:67:41 | index expression | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:66:2:66:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:125:16:125:20 | param | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | Cross-site scripting vulnerability due to $@. | test.go:124:11:124:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:131:20:131:32 | type conversion | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:130:11:130:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:137:29:137:41 | type conversion | test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:136:11:136:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:150:31:150:36 | reader | test.go:148:11:148:32 | call to Param | test.go:150:31:150:36 | reader | Cross-site scripting vulnerability due to $@. | test.go:148:11:148:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:165:23:165:35 | type conversion | test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:164:11:164:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected new file mode 100644 index 00000000000..5c43259a2b6 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected @@ -0,0 +1,12 @@ +edges +| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | +| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | +nodes +| test.go:221:15:221:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:222:17:222:24 | filepath | semmle.label | filepath | +| test.go:225:15:225:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:226:23:226:30 | filepath | semmle.label | filepath | +subpaths +#select +| test.go:222:17:222:24 | filepath | test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | This path depends on a $@. | test.go:221:15:221:38 | call to QueryParam | user-provided value | +| test.go:226:23:226:30 | filepath | test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | This path depends on a $@. | test.go:225:15:225:38 | call to QueryParam | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref new file mode 100644 index 00000000000..53d53cb8dc5 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref @@ -0,0 +1 @@ +Security/CWE-022/TaintedPath.ql diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go index 3b56cfecbaa..45f92cd19cb 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go @@ -1,5 +1,7 @@ package test +//go:generate depstubber -vendor github.com/labstack/echo/v4 Context New + import ( "strings" @@ -211,3 +213,17 @@ func testNonExploitableFields(ctx echo.Context) error { ctx.Redirect(301, cookies[0].Value) return nil } + +// BAD: using user-provided data as paths in file-system operations +func fsOpsTest() { + e := echo.New() + e.GET("/", func(c echo.Context) error { + filepath := c.QueryParam("filePath") + return c.File(filepath) // $ FileSystemAccess=filepath + }) + e.GET("/attachment", func(c echo.Context) error { + filepath := c.QueryParam("filePath") + return c.Attachment(filepath, "file name in response") // $ FileSystemAccess=filepath + }) + _ = e.Start(":1323") +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/vendor/github.com/labstack/echo/v4/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Echo/vendor/github.com/labstack/echo/v4/stub.go index 3daaf9d4fd5..2a9381a857a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/vendor/github.com/labstack/echo/v4/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/vendor/github.com/labstack/echo/v4/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for github.com/labstack/echo/v4, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/labstack/echo/v4 (exports: Context,Response; functions: ) +// Source: github.com/labstack/echo/v4 (exports: Context; functions: New) // Package echo is a stub of github.com/labstack/echo/v4, generated by depstubber. package echo @@ -332,6 +332,10 @@ type Logger interface { type MiddlewareFunc func(HandlerFunc) HandlerFunc +func New() *Echo { + return nil +} + type Renderer interface { Render(_ io.Writer, _ string, _ interface{}, _ Context) error } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.expected b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.expected new file mode 100644 index 00000000000..8ec8033d086 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.expected @@ -0,0 +1,2 @@ +testFailures +failures diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.ql b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.ql new file mode 100644 index 00000000000..2bcd815716d --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/Query.ql @@ -0,0 +1,18 @@ +import go +import TestUtilities.InlineExpectationsTest + +module FileSystemAccessTest implements TestSig { + string getARelevantTag() { result = "FileSystemAccess" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(FileSystemAccess fsa | + fsa.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), + location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and + element = fsa.getAPathArgument().toString() and + value = fsa.getAPathArgument().toString() and + tag = "FileSystemAccess" + ) + } +} + +import MakeTest diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/go.mod new file mode 100644 index 00000000000..0f6bc75edce --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/go.mod @@ -0,0 +1,19 @@ +module aferno + +go 1.20 + +require github.com/gofiber/fiber/v2 v2.48.0 + +require ( + github.com/andybalholm/brotli v1.0.5 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/klauspost/compress v1.16.7 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/rivo/uniseg v0.2.0 // indirect + github.com/valyala/bytebufferpool v1.0.0 // indirect + github.com/valyala/fasthttp v1.48.0 // indirect + github.com/valyala/tcplisten v1.0.0 // indirect + golang.org/x/sys v0.11.0 // indirect +) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/test.go new file mode 100644 index 00000000000..d021518fc33 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/test.go @@ -0,0 +1,15 @@ +package fiber + +//go:generate depstubber -vendor github.com/gofiber/fiber/v2 Ctx New +import "github.com/gofiber/fiber/v2" + +func FileSystemAccess() { + app := fiber.New() + app.Get("/b", func(c *fiber.Ctx) error { + filepath := c.Params("filepath") + header, _ := c.FormFile("f") + _ = c.SaveFile(header, filepath) // $ FileSystemAccess=filepath + return c.SendFile(filepath) // $ FileSystemAccess=filepath + }) + _ = app.Listen(":3000") +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/github.com/gofiber/fiber/v2/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/github.com/gofiber/fiber/v2/stub.go new file mode 100644 index 00000000000..3b0a74c6d42 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/github.com/gofiber/fiber/v2/stub.go @@ -0,0 +1,742 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/gofiber/fiber/v2, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/gofiber/fiber/v2 (exports: Ctx; functions: New) + +// Package fiber is a stub of github.com/gofiber/fiber/v2, generated by depstubber. +package fiber + +import ( + context "context" + tls "crypto/tls" + x509 "crypto/x509" + io "io" + multipart "mime/multipart" + net "net" + http "net/http" + time "time" +) + +type App struct{} + +func (_ *App) AcquireCtx(_ interface{}) *Ctx { + return nil +} + +func (_ *App) Add(_ string, _ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) All(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Config() Config { + return Config{} +} + +func (_ *App) Connect(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Delete(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) ErrorHandler(_ *Ctx, _ error) error { + return nil +} + +func (_ *App) Get(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) GetRoute(_ string) Route { + return Route{} +} + +func (_ *App) GetRoutes(_ ...bool) []Route { + return nil +} + +func (_ *App) Group(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Handler() interface{} { + return nil +} + +func (_ *App) HandlersCount() uint32 { + return 0 +} + +func (_ *App) Head(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Hooks() *Hooks { + return nil +} + +func (_ *App) Listen(_ string) error { + return nil +} + +func (_ *App) ListenMutualTLS(_ string, _ string, _ string, _ string) error { + return nil +} + +func (_ *App) ListenMutualTLSWithCertificate(_ string, _ tls.Certificate, _ *x509.CertPool) error { + return nil +} + +func (_ *App) ListenTLS(_ string, _ string, _ string) error { + return nil +} + +func (_ *App) ListenTLSWithCertificate(_ string, _ tls.Certificate) error { + return nil +} + +func (_ *App) Listener(_ net.Listener) error { + return nil +} + +func (_ *App) Mount(_ string, _ *App) Router { + return nil +} + +func (_ *App) MountPath() string { + return "" +} + +func (_ *App) Name(_ string) Router { + return nil +} + +func (_ *App) Options(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Patch(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Post(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Put(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) ReleaseCtx(_ *Ctx) {} + +func (_ *App) Route(_ string, _ func(Router), _ ...string) Router { + return nil +} + +func (_ *App) Server() interface{} { + return nil +} + +func (_ *App) SetTLSHandler(_ *TLSHandler) {} + +func (_ *App) Shutdown() error { + return nil +} + +func (_ *App) ShutdownWithContext(_ context.Context) error { + return nil +} + +func (_ *App) ShutdownWithTimeout(_ time.Duration) error { + return nil +} + +func (_ *App) Stack() [][]*Route { + return nil +} + +func (_ *App) Static(_ string, _ string, _ ...Static) Router { + return nil +} + +func (_ *App) Test(_ *http.Request, _ ...int) (*http.Response, error) { + return nil, nil +} + +func (_ *App) Trace(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *App) Use(_ ...interface{}) Router { + return nil +} + +type Colors struct { + Black string + Red string + Green string + Yellow string + Blue string + Magenta string + Cyan string + White string + Reset string +} + +type Config struct { + Prefork bool + ServerHeader string + StrictRouting bool + CaseSensitive bool + Immutable bool + UnescapePath bool + ETag bool + BodyLimit int + Concurrency int + Views Views + ViewsLayout string + PassLocalsToViews bool + ReadTimeout time.Duration + WriteTimeout time.Duration + IdleTimeout time.Duration + ReadBufferSize int + WriteBufferSize int + CompressedFileSuffix string + ProxyHeader string + GETOnly bool + ErrorHandler func(*Ctx, error) error + DisableKeepalive bool + DisableDefaultDate bool + DisableDefaultContentType bool + DisableHeaderNormalizing bool + DisableStartupMessage bool + AppName string + StreamRequestBody bool + DisablePreParseMultipartForm bool + ReduceMemoryUsage bool + JSONEncoder interface{} + JSONDecoder interface{} + XMLEncoder interface{} + Network string + EnableTrustedProxyCheck bool + TrustedProxies []string + EnableIPValidation bool + EnablePrintRoutes bool + ColorScheme Colors + RequestMethods []string +} + +type Cookie struct { + Name string + Value string + Path string + Domain string + MaxAge int + Expires time.Time + Secure bool + HTTPOnly bool + SameSite string + SessionOnly bool +} + +type Ctx struct{} + +func (_ *Ctx) Accepts(_ ...string) string { + return "" +} + +func (_ *Ctx) AcceptsCharsets(_ ...string) string { + return "" +} + +func (_ *Ctx) AcceptsEncodings(_ ...string) string { + return "" +} + +func (_ *Ctx) AcceptsLanguages(_ ...string) string { + return "" +} + +func (_ *Ctx) AllParams() map[string]string { + return nil +} + +func (_ *Ctx) App() *App { + return nil +} + +func (_ *Ctx) Append(_ string, _ ...string) {} + +func (_ *Ctx) Attachment(_ ...string) {} + +func (_ *Ctx) BaseURL() string { + return "" +} + +func (_ *Ctx) Bind(_ Map) error { + return nil +} + +func (_ *Ctx) Body() []byte { + return nil +} + +func (_ *Ctx) BodyParser(_ interface{}) error { + return nil +} + +func (_ *Ctx) ClearCookie(_ ...string) {} + +func (_ *Ctx) ClientHelloInfo() *tls.ClientHelloInfo { + return nil +} + +func (_ *Ctx) Context() interface{} { + return nil +} + +func (_ *Ctx) Cookie(_ *Cookie) {} + +func (_ *Ctx) Cookies(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) Download(_ string, _ ...string) error { + return nil +} + +func (_ *Ctx) FormFile(_ string) (*multipart.FileHeader, error) { + return nil, nil +} + +func (_ *Ctx) FormValue(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) Format(_ interface{}) error { + return nil +} + +func (_ *Ctx) Fresh() bool { + return false +} + +func (_ *Ctx) Get(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) GetReqHeaders() map[string]string { + return nil +} + +func (_ *Ctx) GetRespHeader(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) GetRespHeaders() map[string]string { + return nil +} + +func (_ *Ctx) GetRouteURL(_ string, _ Map) (string, error) { + return "", nil +} + +func (_ *Ctx) Hostname() string { + return "" +} + +func (_ *Ctx) IP() string { + return "" +} + +func (_ *Ctx) IPs() []string { + return nil +} + +func (_ *Ctx) Is(_ string) bool { + return false +} + +func (_ *Ctx) IsFromLocal() bool { + return false +} + +func (_ *Ctx) IsProxyTrusted() bool { + return false +} + +func (_ *Ctx) JSON(_ interface{}) error { + return nil +} + +func (_ *Ctx) JSONP(_ interface{}, _ ...string) error { + return nil +} + +func (_ *Ctx) Links(_ ...string) {} + +func (_ *Ctx) Locals(_ interface{}, _ ...interface{}) interface{} { + return nil +} + +func (_ *Ctx) Location(_ string) {} + +func (_ *Ctx) Method(_ ...string) string { + return "" +} + +func (_ *Ctx) MultipartForm() (*multipart.Form, error) { + return nil, nil +} + +func (_ *Ctx) Next() error { + return nil +} + +func (_ *Ctx) OriginalURL() string { + return "" +} + +func (_ *Ctx) Params(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) ParamsInt(_ string, _ ...int) (int, error) { + return 0, nil +} + +func (_ *Ctx) ParamsParser(_ interface{}) error { + return nil +} + +func (_ *Ctx) Path(_ ...string) string { + return "" +} + +func (_ *Ctx) Port() string { + return "" +} + +func (_ *Ctx) Protocol() string { + return "" +} + +func (_ *Ctx) Queries() map[string]string { + return nil +} + +func (_ *Ctx) Query(_ string, _ ...string) string { + return "" +} + +func (_ *Ctx) QueryBool(_ string, _ ...bool) bool { + return false +} + +func (_ *Ctx) QueryFloat(_ string, _ ...float64) float64 { + return 0 +} + +func (_ *Ctx) QueryInt(_ string, _ ...int) int { + return 0 +} + +func (_ *Ctx) QueryParser(_ interface{}) error { + return nil +} + +func (_ *Ctx) Range(_ int) (Range, error) { + return Range{}, nil +} + +func (_ *Ctx) Redirect(_ string, _ ...int) error { + return nil +} + +func (_ *Ctx) RedirectBack(_ string, _ ...int) error { + return nil +} + +func (_ *Ctx) RedirectToRoute(_ string, _ Map, _ ...int) error { + return nil +} + +func (_ *Ctx) Render(_ string, _ interface{}, _ ...string) error { + return nil +} + +func (_ *Ctx) ReqHeaderParser(_ interface{}) error { + return nil +} + +func (_ *Ctx) Request() interface{} { + return nil +} + +func (_ *Ctx) Response() interface{} { + return nil +} + +func (_ *Ctx) RestartRouting() error { + return nil +} + +func (_ *Ctx) Route() *Route { + return nil +} + +func (_ *Ctx) SaveFile(_ *multipart.FileHeader, _ string) error { + return nil +} + +func (_ *Ctx) SaveFileToStorage(_ *multipart.FileHeader, _ string, _ Storage) error { + return nil +} + +func (_ *Ctx) Secure() bool { + return false +} + +func (_ *Ctx) Send(_ []byte) error { + return nil +} + +func (_ *Ctx) SendFile(_ string, _ ...bool) error { + return nil +} + +func (_ *Ctx) SendStatus(_ int) error { + return nil +} + +func (_ *Ctx) SendStream(_ io.Reader, _ ...int) error { + return nil +} + +func (_ *Ctx) SendString(_ string) error { + return nil +} + +func (_ *Ctx) Set(_ string, _ string) {} + +func (_ *Ctx) SetUserContext(_ context.Context) {} + +func (_ *Ctx) Stale() bool { + return false +} + +func (_ *Ctx) Status(_ int) *Ctx { + return nil +} + +func (_ *Ctx) String() string { + return "" +} + +func (_ *Ctx) Subdomains(_ ...int) []string { + return nil +} + +func (_ *Ctx) Type(_ string, _ ...string) *Ctx { + return nil +} + +func (_ *Ctx) UserContext() context.Context { + return nil +} + +func (_ *Ctx) Vary(_ ...string) {} + +func (_ *Ctx) Write(_ []byte) (int, error) { + return 0, nil +} + +func (_ *Ctx) WriteString(_ string) (int, error) { + return 0, nil +} + +func (_ *Ctx) Writef(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Ctx) XHR() bool { + return false +} + +func (_ *Ctx) XML(_ interface{}) error { + return nil +} + +type Group struct { + Prefix string +} + +func (_ *Group) Add(_ string, _ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) All(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Connect(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Delete(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Get(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Group(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Head(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Mount(_ string, _ *App) Router { + return nil +} + +func (_ *Group) Name(_ string) Router { + return nil +} + +func (_ *Group) Options(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Patch(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Post(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Put(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Route(_ string, _ func(Router), _ ...string) Router { + return nil +} + +func (_ *Group) Static(_ string, _ string, _ ...Static) Router { + return nil +} + +func (_ *Group) Trace(_ string, _ ...func(*Ctx) error) Router { + return nil +} + +func (_ *Group) Use(_ ...interface{}) Router { + return nil +} + +type Hooks struct{} + +func (_ *Hooks) OnFork(_ ...func(int) error) {} + +func (_ *Hooks) OnGroup(_ ...func(Group) error) {} + +func (_ *Hooks) OnGroupName(_ ...func(Group) error) {} + +func (_ *Hooks) OnListen(_ ...func(ListenData) error) {} + +func (_ *Hooks) OnMount(_ ...func(*App) error) {} + +func (_ *Hooks) OnName(_ ...func(Route) error) {} + +func (_ *Hooks) OnRoute(_ ...func(Route) error) {} + +func (_ *Hooks) OnShutdown(_ ...func() error) {} + +type ListenData struct { + Host string + Port string + TLS bool +} + +type Map map[string]interface{} + +func New(_ ...Config) *App { + return nil +} + +type Range struct { + Type string + Ranges []struct { + Start int + End int + } +} + +type Route struct { + Method string + Name string + Path string + Params []string + Handlers []func(*Ctx) error +} + +type Router interface { + Add(_ string, _ string, _ ...func(*Ctx) error) Router + All(_ string, _ ...func(*Ctx) error) Router + Connect(_ string, _ ...func(*Ctx) error) Router + Delete(_ string, _ ...func(*Ctx) error) Router + Get(_ string, _ ...func(*Ctx) error) Router + Group(_ string, _ ...func(*Ctx) error) Router + Head(_ string, _ ...func(*Ctx) error) Router + Mount(_ string, _ *App) Router + Name(_ string) Router + Options(_ string, _ ...func(*Ctx) error) Router + Patch(_ string, _ ...func(*Ctx) error) Router + Post(_ string, _ ...func(*Ctx) error) Router + Put(_ string, _ ...func(*Ctx) error) Router + Route(_ string, _ func(Router), _ ...string) Router + Static(_ string, _ string, _ ...Static) Router + Trace(_ string, _ ...func(*Ctx) error) Router + Use(_ ...interface{}) Router +} + +type Static struct { + Compress bool + ByteRange bool + Browse bool + Download bool + Index string + CacheDuration time.Duration + MaxAge int + ModifyResponse func(*Ctx) error + Next func(*Ctx) bool +} + +type Storage interface { + Close() error + Delete(_ string) error + Get(_ string) ([]byte, error) + Reset() error + Set(_ string, _ []byte, _ time.Duration) error +} + +type TLSHandler struct{} + +func (_ *TLSHandler) GetClientInfo(_ *tls.ClientHelloInfo) (*tls.Certificate, error) { + return nil, nil +} + +type Views interface { + Load() error + Render(_ io.Writer, _ string, _ interface{}, _ ...string) error +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/modules.txt new file mode 100644 index 00000000000..9db04bbe140 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fiber/vendor/modules.txt @@ -0,0 +1,36 @@ +# github.com/gofiber/fiber/v2 v2.48.0 +## explicit +github.com/gofiber/fiber/v2 +# github.com/andybalholm/brotli v1.0.5 +## explicit +github.com/andybalholm/brotli +# github.com/google/uuid v1.3.0 +## explicit +github.com/google/uuid +# github.com/klauspost/compress v1.16.7 +## explicit +github.com/klauspost/compress +# github.com/mattn/go-colorable v0.1.13 +## explicit +github.com/mattn/go-colorable +# github.com/mattn/go-isatty v0.0.19 +## explicit +github.com/mattn/go-isatty +# github.com/mattn/go-runewidth v0.0.14 +## explicit +github.com/mattn/go-runewidth +# github.com/rivo/uniseg v0.2.0 +## explicit +github.com/rivo/uniseg +# github.com/valyala/bytebufferpool v1.0.0 +## explicit +github.com/valyala/bytebufferpool +# github.com/valyala/fasthttp v1.48.0 +## explicit +github.com/valyala/fasthttp +# github.com/valyala/tcplisten v1.0.0 +## explicit +github.com/valyala/tcplisten +# golang.org/x/sys v0.11.0 +## explicit +golang.org/x/sys diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected index fead9c34934..719a6a26147 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected @@ -1,68 +1,69 @@ -| Gin.go:23:10:23:29 | call to GetHeader | -| Gin.go:27:10:27:30 | call to QueryArray | -| Gin.go:31:10:31:25 | call to Query | -| Gin.go:35:10:35:33 | call to PostFormArray | -| Gin.go:39:10:39:28 | call to PostForm | -| Gin.go:43:10:43:25 | call to Param | -| Gin.go:47:10:47:34 | call to GetStringSlice | -| Gin.go:51:10:51:29 | call to GetString | -| Gin.go:55:3:55:28 | ... := ...[0] | -| Gin.go:59:10:59:23 | call to ClientIP | -| Gin.go:63:10:63:26 | call to ContentType | -| Gin.go:67:3:67:29 | ... := ...[0] | -| Gin.go:71:3:71:36 | ... := ...[0] | -| Gin.go:75:3:75:31 | ... := ...[0] | -| Gin.go:79:3:79:39 | ... := ...[0] | -| Gin.go:83:3:83:34 | ... := ...[0] | -| Gin.go:87:10:87:52 | call to DefaultPostForm | -| Gin.go:91:10:91:49 | call to DefaultQuery | -| Gin.go:95:3:95:37 | ... := ...[0] | -| Gin.go:99:3:99:34 | ... := ...[0] | -| Gin.go:103:10:103:32 | call to GetStringMap | -| Gin.go:107:10:107:38 | call to GetStringMapString | -| Gin.go:111:10:111:43 | call to GetStringMapStringSlice | -| Gin.go:115:10:115:31 | call to PostFormMap | -| Gin.go:119:10:119:28 | call to QueryMap | -| Gin.go:123:10:123:23 | call to FullPath | -| Gin.go:129:10:129:21 | selection of Accepted | -| Gin.go:133:10:133:19 | selection of Params | -| Gin.go:139:10:139:19 | selection of Params | -| Gin.go:143:10:143:19 | selection of Params | -| Gin.go:147:13:147:22 | selection of Params | -| Gin.go:153:12:153:21 | selection of Params | -| Gin.go:163:16:163:22 | &... | -| Gin.go:167:7:167:19 | definition of personPointer | -| Gin.go:173:15:173:21 | &... | -| Gin.go:177:7:177:19 | definition of personPointer | -| Gin.go:183:16:183:22 | &... | -| Gin.go:187:7:187:19 | definition of personPointer | -| Gin.go:193:15:193:21 | &... | -| Gin.go:197:7:197:19 | definition of personPointer | -| Gin.go:203:17:203:23 | &... | -| Gin.go:207:7:207:19 | definition of personPointer | -| Gin.go:213:20:213:26 | &... | -| Gin.go:217:7:217:19 | definition of personPointer | -| Gin.go:223:16:223:22 | &... | -| Gin.go:227:7:227:19 | definition of personPointer | -| Gin.go:233:12:233:18 | &... | -| Gin.go:237:7:237:19 | definition of personPointer | -| Gin.go:243:18:243:24 | &... | -| Gin.go:247:7:247:19 | definition of personPointer | -| Gin.go:253:26:253:32 | &... | -| Gin.go:257:7:257:19 | definition of personPointer | -| Gin.go:263:22:263:28 | &... | -| Gin.go:267:7:267:19 | definition of personPointer | -| Gin.go:273:23:273:29 | &... | -| Gin.go:277:7:277:19 | definition of personPointer | -| Gin.go:283:21:283:27 | &... | -| Gin.go:287:7:287:19 | definition of personPointer | -| Gin.go:293:22:293:28 | &... | -| Gin.go:297:7:297:19 | definition of personPointer | -| Gin.go:303:21:303:27 | &... | -| Gin.go:307:7:307:19 | definition of personPointer | -| Gin.go:313:22:313:28 | &... | -| Gin.go:317:7:317:19 | definition of personPointer | -| Gin.go:323:18:323:24 | &... | -| Gin.go:327:7:327:19 | definition of personPointer | -| Gin.go:333:24:333:30 | &... | -| Gin.go:337:7:337:19 | definition of personPointer | +| Gin.go:24:15:24:33 | call to Query | +| Gin.go:38:10:38:29 | call to GetHeader | +| Gin.go:42:10:42:30 | call to QueryArray | +| Gin.go:46:10:46:25 | call to Query | +| Gin.go:50:10:50:33 | call to PostFormArray | +| Gin.go:54:10:54:28 | call to PostForm | +| Gin.go:58:10:58:25 | call to Param | +| Gin.go:62:10:62:34 | call to GetStringSlice | +| Gin.go:66:10:66:29 | call to GetString | +| Gin.go:70:3:70:28 | ... := ...[0] | +| Gin.go:74:10:74:23 | call to ClientIP | +| Gin.go:78:10:78:26 | call to ContentType | +| Gin.go:82:3:82:29 | ... := ...[0] | +| Gin.go:86:3:86:36 | ... := ...[0] | +| Gin.go:90:3:90:31 | ... := ...[0] | +| Gin.go:94:3:94:39 | ... := ...[0] | +| Gin.go:98:3:98:34 | ... := ...[0] | +| Gin.go:102:10:102:52 | call to DefaultPostForm | +| Gin.go:106:10:106:49 | call to DefaultQuery | +| Gin.go:110:3:110:37 | ... := ...[0] | +| Gin.go:114:3:114:34 | ... := ...[0] | +| Gin.go:118:10:118:32 | call to GetStringMap | +| Gin.go:122:10:122:38 | call to GetStringMapString | +| Gin.go:126:10:126:43 | call to GetStringMapStringSlice | +| Gin.go:130:10:130:31 | call to PostFormMap | +| Gin.go:134:10:134:28 | call to QueryMap | +| Gin.go:138:10:138:23 | call to FullPath | +| Gin.go:144:10:144:21 | selection of Accepted | +| Gin.go:148:10:148:19 | selection of Params | +| Gin.go:154:10:154:19 | selection of Params | +| Gin.go:158:10:158:19 | selection of Params | +| Gin.go:162:13:162:22 | selection of Params | +| Gin.go:168:12:168:21 | selection of Params | +| Gin.go:178:16:178:22 | &... | +| Gin.go:182:7:182:19 | definition of personPointer | +| Gin.go:188:15:188:21 | &... | +| Gin.go:192:7:192:19 | definition of personPointer | +| Gin.go:198:16:198:22 | &... | +| Gin.go:202:7:202:19 | definition of personPointer | +| Gin.go:208:15:208:21 | &... | +| Gin.go:212:7:212:19 | definition of personPointer | +| Gin.go:218:17:218:23 | &... | +| Gin.go:222:7:222:19 | definition of personPointer | +| Gin.go:228:20:228:26 | &... | +| Gin.go:232:7:232:19 | definition of personPointer | +| Gin.go:238:16:238:22 | &... | +| Gin.go:242:7:242:19 | definition of personPointer | +| Gin.go:248:12:248:18 | &... | +| Gin.go:252:7:252:19 | definition of personPointer | +| Gin.go:258:18:258:24 | &... | +| Gin.go:262:7:262:19 | definition of personPointer | +| Gin.go:268:26:268:32 | &... | +| Gin.go:272:7:272:19 | definition of personPointer | +| Gin.go:278:22:278:28 | &... | +| Gin.go:282:7:282:19 | definition of personPointer | +| Gin.go:288:23:288:29 | &... | +| Gin.go:292:7:292:19 | definition of personPointer | +| Gin.go:298:21:298:27 | &... | +| Gin.go:302:7:302:19 | definition of personPointer | +| Gin.go:308:22:308:28 | &... | +| Gin.go:312:7:312:19 | definition of personPointer | +| Gin.go:318:21:318:27 | &... | +| Gin.go:322:7:322:19 | definition of personPointer | +| Gin.go:328:22:328:28 | &... | +| Gin.go:332:7:332:19 | definition of personPointer | +| Gin.go:338:18:338:24 | &... | +| Gin.go:342:7:342:19 | definition of personPointer | +| Gin.go:348:24:348:30 | &... | +| Gin.go:352:7:352:19 | definition of personPointer | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.go b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.go index b4f77cbc153..33e826d5f47 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.go @@ -2,8 +2,11 @@ package main //go:generate depstubber -vendor github.com/gin-gonic/gin Context //go:generate depstubber -vendor github.com/gin-gonic/gin/binding "" YAML +//go:generate depstubber -vendor github.com/gin-gonic/gin Context Default import ( + "net/http" + "github.com/gin-gonic/gin" "github.com/gin-gonic/gin/binding" ) @@ -15,6 +18,18 @@ type Person struct { Address string `form:"address"` } +func FileSystemAccess() { + router := gin.Default() + router.POST("/FormUploads", func(c *gin.Context) { + filepath := c.Query("filepath") + c.File(filepath) // $ FileSystemAccess=filepath + http.ServeFile(c.Writer, c.Request, filepath) // $ FileSystemAccess=filepath + c.FileAttachment(filepath, "file name in response") // $ FileSystemAccess=filepath + file, _ := c.FormFile("afile") + _ = c.SaveUploadedFile(file, filepath) // $ FileSystemAccess=filepath + }) + _ = router.Run() +} func use(val string) {} // gin diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected new file mode 100644 index 00000000000..b53ceb0281e --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected @@ -0,0 +1,17 @@ +edges +| Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | +| Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | +| Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | +| Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | +nodes +| Gin.go:24:15:24:33 | call to Query | semmle.label | call to Query | +| Gin.go:25:10:25:17 | filepath | semmle.label | filepath | +| Gin.go:26:39:26:46 | filepath | semmle.label | filepath | +| Gin.go:27:20:27:27 | filepath | semmle.label | filepath | +| Gin.go:29:32:29:39 | filepath | semmle.label | filepath | +subpaths +#select +| Gin.go:25:10:25:17 | filepath | Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | This path depends on a $@. | Gin.go:24:15:24:33 | call to Query | user-provided value | +| Gin.go:26:39:26:46 | filepath | Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | This path depends on a $@. | Gin.go:24:15:24:33 | call to Query | user-provided value | +| Gin.go:27:20:27:27 | filepath | Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | This path depends on a $@. | Gin.go:24:15:24:33 | call to Query | user-provided value | +| Gin.go:29:32:29:39 | filepath | Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | This path depends on a $@. | Gin.go:24:15:24:33 | call to Query | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.qlref b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.qlref new file mode 100644 index 00000000000..53d53cb8dc5 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.qlref @@ -0,0 +1 @@ +Security/CWE-022/TaintedPath.ql diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/binding/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/binding/stub.go index 43fd634edcd..03ba958d2e5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/binding/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/binding/stub.go @@ -7,6 +7,4 @@ // Package binding is a stub of github.com/gin-gonic/gin/binding, generated by depstubber. package binding -import () - var YAML interface{} = nil diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/stub.go index eb68095e53e..20f3e64db76 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/github.com/gin-gonic/gin/stub.go @@ -2,18 +2,20 @@ // This is a simple stub for github.com/gin-gonic/gin, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/gin-gonic/gin (exports: Context; functions: ) +// Source: github.com/gin-gonic/gin (exports: Context; functions: Default) // Package gin is a stub of github.com/gin-gonic/gin, generated by depstubber. package gin import ( bufio "bufio" + template "html/template" io "io" multipart "mime/multipart" net "net" http "net/http" sync "sync" + template0 "text/template" time "time" ) @@ -29,9 +31,7 @@ type Context struct { func (_ *Context) Abort() {} -func (_ *Context) AbortWithError(_ int, _ interface { - Error() string -}) *Error { +func (_ *Context) AbortWithError(_ int, _ error) *Error { return nil } @@ -41,51 +41,35 @@ func (_ *Context) AbortWithStatusJSON(_ int, _ interface{}) {} func (_ *Context) AsciiJSON(_ int, _ interface{}) {} -func (_ *Context) Bind(_ interface{}) interface { - Error() string -} { +func (_ *Context) Bind(_ interface{}) error { return nil } -func (_ *Context) BindHeader(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindHeader(_ interface{}) error { return nil } -func (_ *Context) BindJSON(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindJSON(_ interface{}) error { return nil } -func (_ *Context) BindQuery(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindQuery(_ interface{}) error { return nil } -func (_ *Context) BindUri(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindUri(_ interface{}) error { return nil } -func (_ *Context) BindWith(_ interface{}, _ interface{}) interface { - Error() string -} { +func (_ *Context) BindWith(_ interface{}, _ interface{}) error { return nil } -func (_ *Context) BindXML(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindXML(_ interface{}) error { return nil } -func (_ *Context) BindYAML(_ interface{}) interface { - Error() string -} { +func (_ *Context) BindYAML(_ interface{}) error { return nil } @@ -97,9 +81,7 @@ func (_ *Context) ContentType() string { return "" } -func (_ *Context) Cookie(_ string) (string, interface { - Error() string -}) { +func (_ *Context) Cookie(_ string) (string, error) { return "", nil } @@ -107,7 +89,7 @@ func (_ *Context) Copy() *Context { return nil } -func (_ *Context) Data(_ int, _ string, _ []uint8) {} +func (_ *Context) Data(_ int, _ string, _ []byte) {} func (_ *Context) DataFromReader(_ int, _ int64, _ string, _ io.Reader, _ map[string]string) {} @@ -127,15 +109,11 @@ func (_ *Context) Done() <-chan struct{} { return nil } -func (_ *Context) Err() interface { - Error() string -} { +func (_ *Context) Err() error { return nil } -func (_ *Context) Error(_ interface { - Error() string -}) *Error { +func (_ *Context) Error(_ error) *Error { return nil } @@ -145,9 +123,7 @@ func (_ *Context) FileAttachment(_ string, _ string) {} func (_ *Context) FileFromFS(_ string, _ http.FileSystem) {} -func (_ *Context) FormFile(_ string) (*multipart.FileHeader, interface { - Error() string -}) { +func (_ *Context) FormFile(_ string) (*multipart.FileHeader, error) { return nil, nil } @@ -207,9 +183,7 @@ func (_ *Context) GetQueryMap(_ string) (map[string]string, bool) { return nil, false } -func (_ *Context) GetRawData() ([]uint8, interface { - Error() string -}) { +func (_ *Context) GetRawData() ([]byte, error) { return nil, nil } @@ -267,15 +241,11 @@ func (_ *Context) JSON(_ int, _ interface{}) {} func (_ *Context) JSONP(_ int, _ interface{}) {} -func (_ *Context) MultipartForm() (*multipart.Form, interface { - Error() string -}) { +func (_ *Context) MultipartForm() (*multipart.Form, error) { return nil, nil } -func (_ *Context) MustBindWith(_ interface{}, _ interface{}) interface { - Error() string -} { +func (_ *Context) MustBindWith(_ interface{}, _ interface{}) error { return nil } @@ -329,9 +299,7 @@ func (_ *Context) Render(_ int, _ interface{}) {} func (_ *Context) SSEvent(_ string, _ interface{}) {} -func (_ *Context) SaveUploadedFile(_ *multipart.FileHeader, _ string) interface { - Error() string -} { +func (_ *Context) SaveUploadedFile(_ *multipart.FileHeader, _ string) error { return nil } @@ -345,57 +313,39 @@ func (_ *Context) SetCookie(_ string, _ string, _ int, _ string, _ string, _ boo func (_ *Context) SetSameSite(_ http.SameSite) {} -func (_ *Context) ShouldBind(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBind(_ interface{}) error { return nil } -func (_ *Context) ShouldBindBodyWith(_ interface{}, _ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindBodyWith(_ interface{}, _ interface{}) error { return nil } -func (_ *Context) ShouldBindHeader(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindHeader(_ interface{}) error { return nil } -func (_ *Context) ShouldBindJSON(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindJSON(_ interface{}) error { return nil } -func (_ *Context) ShouldBindQuery(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindQuery(_ interface{}) error { return nil } -func (_ *Context) ShouldBindUri(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindUri(_ interface{}) error { return nil } -func (_ *Context) ShouldBindWith(_ interface{}, _ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindWith(_ interface{}, _ interface{}) error { return nil } -func (_ *Context) ShouldBindXML(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindXML(_ interface{}) error { return nil } -func (_ *Context) ShouldBindYAML(_ interface{}) interface { - Error() string -} { +func (_ *Context) ShouldBindYAML(_ interface{}) error { return nil } @@ -415,10 +365,135 @@ func (_ *Context) XML(_ int, _ interface{}) {} func (_ *Context) YAML(_ int, _ interface{}) {} +func Default() *Engine { + return nil +} + +type Engine struct { + RouterGroup RouterGroup + RedirectTrailingSlash bool + RedirectFixedPath bool + HandleMethodNotAllowed bool + ForwardedByClientIP bool + AppEngine bool + UseRawPath bool + UnescapePathValues bool + MaxMultipartMemory int64 + RemoveExtraSlash bool + HTMLRender interface{} + FuncMap template0.FuncMap +} + +func (_ *Engine) Any(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) BasePath() string { + return "" +} + +func (_ *Engine) DELETE(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) Delims(_ string, _ string) *Engine { + return nil +} + +func (_ *Engine) GET(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) Group(_ string, _ ...HandlerFunc) *RouterGroup { + return nil +} + +func (_ *Engine) HEAD(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) HandleContext(_ *Context) {} + +func (_ *Engine) LoadHTMLFiles(_ ...string) {} + +func (_ *Engine) LoadHTMLGlob(_ string) {} + +func (_ *Engine) NoMethod(_ ...HandlerFunc) {} + +func (_ *Engine) NoRoute(_ ...HandlerFunc) {} + +func (_ *Engine) OPTIONS(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) PATCH(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) POST(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) PUT(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *Engine) Routes() RoutesInfo { + return nil +} + +func (_ *Engine) Run(_ ...string) error { + return nil +} + +func (_ *Engine) RunFd(_ int) error { + return nil +} + +func (_ *Engine) RunListener(_ net.Listener) error { + return nil +} + +func (_ *Engine) RunTLS(_ string, _ string, _ string) error { + return nil +} + +func (_ *Engine) RunUnix(_ string) error { + return nil +} + +func (_ *Engine) SecureJsonPrefix(_ string) *Engine { + return nil +} + +func (_ *Engine) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {} + +func (_ *Engine) SetFuncMap(_ template0.FuncMap) {} + +func (_ *Engine) SetHTMLTemplate(_ *template.Template) {} + +func (_ *Engine) Static(_ string, _ string) IRoutes { + return nil +} + +func (_ *Engine) StaticFS(_ string, _ http.FileSystem) IRoutes { + return nil +} + +func (_ *Engine) StaticFile(_ string, _ string) IRoutes { + return nil +} + +func (_ *Engine) Use(_ ...HandlerFunc) IRoutes { + return nil +} + type Error struct { - Err interface { - Error() string - } + Err error Type ErrorType Meta interface{} } @@ -435,9 +510,7 @@ func (_ *Error) JSON() interface{} { return nil } -func (_ *Error) MarshalJSON() ([]uint8, interface { - Error() string -}) { +func (_ *Error) MarshalJSON() ([]byte, error) { return nil, nil } @@ -453,6 +526,28 @@ type ErrorType uint64 type HandlerFunc func(*Context) +type HandlersChain []HandlerFunc + +func (_ HandlersChain) Last() HandlerFunc { + return nil +} + +type IRoutes interface { + Any(_ string, _ ...HandlerFunc) IRoutes + DELETE(_ string, _ ...HandlerFunc) IRoutes + GET(_ string, _ ...HandlerFunc) IRoutes + HEAD(_ string, _ ...HandlerFunc) IRoutes + Handle(_ string, _ string, _ ...HandlerFunc) IRoutes + OPTIONS(_ string, _ ...HandlerFunc) IRoutes + PATCH(_ string, _ ...HandlerFunc) IRoutes + POST(_ string, _ ...HandlerFunc) IRoutes + PUT(_ string, _ ...HandlerFunc) IRoutes + Static(_ string, _ string) IRoutes + StaticFS(_ string, _ http.FileSystem) IRoutes + StaticFile(_ string, _ string) IRoutes + Use(_ ...HandlerFunc) IRoutes +} + type Negotiate struct { Offered []string HTMLName string @@ -482,19 +577,86 @@ type ResponseWriter interface { CloseNotify() <-chan bool Flush() Header() http.Header - Hijack() (net.Conn, *bufio.ReadWriter, interface { - Error() string - }) + Hijack() (net.Conn, *bufio.ReadWriter, error) Pusher() http.Pusher Size() int Status() int - Write(_ []uint8) (int, interface { - Error() string - }) + Write(_ []byte) (int, error) WriteHeader(_ int) WriteHeaderNow() - WriteString(_ string) (int, interface { - Error() string - }) + WriteString(_ string) (int, error) Written() bool } + +type RouteInfo struct { + Method string + Path string + Handler string + HandlerFunc HandlerFunc +} + +type RouterGroup struct { + Handlers HandlersChain +} + +func (_ *RouterGroup) Any(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) BasePath() string { + return "" +} + +func (_ *RouterGroup) DELETE(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) GET(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) Group(_ string, _ ...HandlerFunc) *RouterGroup { + return nil +} + +func (_ *RouterGroup) HEAD(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) OPTIONS(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) PATCH(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) POST(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) PUT(_ string, _ ...HandlerFunc) IRoutes { + return nil +} + +func (_ *RouterGroup) Static(_ string, _ string) IRoutes { + return nil +} + +func (_ *RouterGroup) StaticFS(_ string, _ http.FileSystem) IRoutes { + return nil +} + +func (_ *RouterGroup) StaticFile(_ string, _ string) IRoutes { + return nil +} + +func (_ *RouterGroup) Use(_ ...HandlerFunc) IRoutes { + return nil +} + +type RoutesInfo []RouteInfo diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql index ff95de5b731..a0320b7909e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql @@ -1,5 +1,4 @@ import go -import semmle.go.frameworks.GoKit import TestUtilities.InlineExpectationsTest module UntrustedFlowSourceTest implements TestSig { diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.expected b/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.expected new file mode 100644 index 00000000000..8ec8033d086 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.expected @@ -0,0 +1,2 @@ +testFailures +failures diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.ql b/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.ql new file mode 100644 index 00000000000..2bcd815716d --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/Query.ql @@ -0,0 +1,18 @@ +import go +import TestUtilities.InlineExpectationsTest + +module FileSystemAccessTest implements TestSig { + string getARelevantTag() { result = "FileSystemAccess" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(FileSystemAccess fsa | + fsa.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), + location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and + element = fsa.getAPathArgument().toString() and + value = fsa.getAPathArgument().toString() and + tag = "FileSystemAccess" + ) + } +} + +import MakeTest diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/Iris/go.mod new file mode 100644 index 00000000000..47766fd974e --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/go.mod @@ -0,0 +1,38 @@ +module aferno + +go 1.21 + +require github.com/kataras/iris/v12 v12.2.5 + +require ( + github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 // indirect + github.com/andybalholm/brotli v1.0.5 // indirect + github.com/aymerick/douceur v0.2.0 // indirect + github.com/fatih/structs v1.1.0 // indirect + github.com/golang/snappy v0.0.4 // indirect + github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/gorilla/css v1.0.0 // indirect + github.com/iris-contrib/schema v0.0.6 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/kataras/golog v0.1.9 // indirect + github.com/kataras/pio v0.0.12 // indirect + github.com/klauspost/compress v1.16.7 // indirect + github.com/kr/pretty v0.3.1 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/microcosm-cc/bluemonday v1.0.25 // indirect + github.com/rogpeppe/go-internal v1.10.0 // indirect + github.com/tdewolff/minify/v2 v2.12.8 // indirect + github.com/tdewolff/parse/v2 v2.6.7 // indirect + github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + golang.org/x/crypto v0.12.0 // indirect + golang.org/x/net v0.14.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect + golang.org/x/time v0.3.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Iris/test.go new file mode 100644 index 00000000000..bf1271813dd --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/test.go @@ -0,0 +1,16 @@ +package iris + +//go:generate depstubber -vendor github.com/kataras/iris/v12/context Context + +import "github.com/kataras/iris/v12/context" + +func FileSystemAccess(ctx context.Context) { + filepath := ctx.URLParam("filepath") + _ = ctx.SendFile(filepath, "file") // $ FileSystemAccess=filepath + _ = ctx.SendFileWithRate(filepath, "file", 0, 0) // $ FileSystemAccess=filepath + _ = ctx.ServeFile(filepath) // $ FileSystemAccess=filepath + _ = ctx.ServeFileWithRate(filepath, 0, 0) // $ FileSystemAccess=filepath + _, _, _ = ctx.UploadFormFiles(filepath, nil) // $ FileSystemAccess=filepath + _, fileHeader, _ := ctx.FormFile("file") + _, _ = ctx.SaveFormFile(fileHeader, filepath) // $ FileSystemAccess=filepath +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/github.com/kataras/iris/v12/context/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/github.com/kataras/iris/v12/context/stub.go new file mode 100644 index 00000000000..c40e1d610db --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/github.com/kataras/iris/v12/context/stub.go @@ -0,0 +1,1653 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/kataras/iris/v12/context, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/kataras/iris/v12/context (exports: Context; functions: ) + +// Package context is a stub of github.com/kataras/iris/v12/context, generated by depstubber. +package context + +import ( + context "context" + xml "encoding/xml" + io "io" + multipart "mime/multipart" + http "net/http" + reflect "reflect" + time "time" +) + +type Application interface { + ConfigurationReadOnly() ConfigurationReadOnly + FindClosestPaths(_ string, _ string, _ int) []string + FireErrorCode(_ *Context) + GetContextErrorHandler() ErrorHandler + GetContextPool() *Pool + GetRouteReadOnly(_ string) RouteReadOnly + GetRoutesReadOnly() []RouteReadOnly + I18nReadOnly() I18nReadOnly + IsDebug() bool + Logger() interface{} + Minifier() interface{} + RouteExists(_ *Context, _ string, _ string) bool + ServeHTTP(_ http.ResponseWriter, _ *http.Request) + ServeHTTPC(_ *Context) + Shutdown(_ context.Context) error + String() string + Validate(_ interface{}) error + View(_ io.Writer, _ string, _ string, _ interface{}) error +} + +type ConfigurationReadOnly interface { + GetCharset() string + GetDisableAutoFireStatusCode() bool + GetDisableBodyConsumptionOnUnmarshal() bool + GetDisablePathCorrection() bool + GetDisablePathCorrectionRedirection() bool + GetEnableDynamicHandler() bool + GetEnableEasyJSON() bool + GetEnableOptimizations() bool + GetEnablePathEscape() bool + GetEnablePathIntelligence() bool + GetEnableProtoJSON() bool + GetFallbackViewContextKey() string + GetFireEmptyFormError() bool + GetFireMethodNotAllowed() bool + GetForceLowercaseRouting() bool + GetHostProxyHeaders() map[string]bool + GetKeepAlive() time.Duration + GetLanguageContextKey() string + GetLanguageInputContextKey() string + GetLocaleContextKey() string + GetLogLevel() string + GetOther() map[string]interface{} + GetPostMaxMemory() int64 + GetRemoteAddrHeaders() []string + GetRemoteAddrHeadersForce() bool + GetRemoteAddrPrivateSubnets() []interface{} + GetResetOnFireErrorCode() bool + GetSSLProxyHeaders() map[string]string + GetSocketSharding() bool + GetTimeFormat() string + GetTimeout() time.Duration + GetTimeoutMessage() string + GetURLParamSeparator() *string + GetVHost() string + GetVersionAliasesContextKey() string + GetVersionContextKey() string + GetViewDataContextKey() string + GetViewEngineContextKey() string + GetViewLayoutContextKey() string +} + +type Context struct{} + +func (_ *Context) AbsoluteURI(_ string) string { + return "" +} + +func (_ *Context) AddCookieOptions(_ ...CookieOption) {} + +func (_ *Context) AddHandler(_ ...Handler) {} + +func (_ *Context) Application() Application { + return nil +} + +func (_ *Context) BeginRequest(_ http.ResponseWriter, _ *http.Request) {} + +func (_ *Context) Binary(_ []byte) (int, error) { + return 0, nil +} + +func (_ *Context) CallFunc(_ string, _ ...interface{}) ([]reflect.Value, error) { + return nil, nil +} + +func (_ *Context) CheckIfModifiedSince(_ time.Time) (bool, error) { + return false, nil +} + +func (_ *Context) ClearCookieOptions() {} + +func (_ *Context) ClientSupportsEncoding(_ ...string) bool { + return false +} + +func (_ *Context) Clone() *Context { + return nil +} + +func (_ *Context) CompressReader(_ bool) error { + return nil +} + +func (_ *Context) CompressWriter(_ bool) error { + return nil +} + +func (_ *Context) ContentType(_ string) {} + +func (_ *Context) Controller() reflect.Value { + return reflect.Value{} +} + +func (_ *Context) Deadline() (time.Time, bool) { + return time.Time{}, false +} + +func (_ *Context) DisablePoolRelease() {} + +func (_ *Context) Do(_ Handlers) {} + +func (_ *Context) Domain() string { + return "" +} + +func (_ *Context) Done() <-chan struct{} { + return nil +} + +func (_ *Context) EndRequest() {} + +func (_ *Context) Err() error { + return nil +} + +func (_ *Context) Exec(_ string, _ string) {} + +func (_ *Context) FallbackView(_ ...FallbackViewProvider) {} + +func (_ *Context) FindClosest(_ int) []string { + return nil +} + +func (_ *Context) FormFile(_ string) (multipart.File, *multipart.FileHeader, error) { + return nil, nil, nil +} + +func (_ *Context) FormFiles(_ string, _ ...func(*Context, *multipart.FileHeader) bool) ([]multipart.File, []*multipart.FileHeader, error) { + return nil, nil, nil +} + +func (_ *Context) FormValue(_ string) string { + return "" +} + +func (_ *Context) FormValueDefault(_ string, _ string) string { + return "" +} + +func (_ *Context) FormValues() map[string][]string { + return nil +} + +func (_ *Context) FullRequestURI() string { + return "" +} + +func (_ *Context) GetBody() ([]byte, error) { + return nil, nil +} + +func (_ *Context) GetContentLength() int64 { + return 0 +} + +func (_ *Context) GetContentType() string { + return "" +} + +func (_ *Context) GetContentTypeRequested() string { + return "" +} + +func (_ *Context) GetCookie(_ string, _ ...CookieOption) string { + return "" +} + +func (_ *Context) GetCurrentRoute() RouteReadOnly { + return nil +} + +func (_ *Context) GetErr() error { + return nil +} + +func (_ *Context) GetErrPublic() (bool, error) { + return false, nil +} + +func (_ *Context) GetFunc(_ string) (*Func, bool) { + return nil, false +} + +func (_ *Context) GetHeader(_ string) string { + return "" +} + +func (_ *Context) GetID() interface{} { + return nil +} + +func (_ *Context) GetLocale() Locale { + return nil +} + +func (_ *Context) GetReferrer() Referrer { + return Referrer{} +} + +func (_ *Context) GetRequestCookie(_ string, _ ...CookieOption) (*http.Cookie, error) { + return nil, nil +} + +func (_ *Context) GetStatusCode() int { + return 0 +} + +func (_ *Context) GetViewData() map[string]interface{} { + return nil +} + +func (_ *Context) HTML(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) HandlerFileLine() (string, int) { + return "", 0 +} + +func (_ *Context) HandlerIndex(_ int) int { + return 0 +} + +func (_ *Context) HandlerName() string { + return "" +} + +func (_ *Context) Handlers() Handlers { + return nil +} + +func (_ *Context) Header(_ string, _ string) {} + +func (_ *Context) Host() string { + return "" +} + +func (_ *Context) IsAjax() bool { + return false +} + +func (_ *Context) IsCanceled() bool { + return false +} + +func (_ *Context) IsDebug() bool { + return false +} + +func (_ *Context) IsGRPC() bool { + return false +} + +func (_ *Context) IsHTTP2() bool { + return false +} + +func (_ *Context) IsMobile() bool { + return false +} + +func (_ *Context) IsRecording() (*ResponseRecorder, bool) { + return nil, false +} + +func (_ *Context) IsRecordingBody() bool { + return false +} + +func (_ *Context) IsRecovered() (*ErrPanicRecovery, bool) { + return nil, false +} + +func (_ *Context) IsSSL() bool { + return false +} + +func (_ *Context) IsScript() bool { + return false +} + +func (_ *Context) IsStopped() bool { + return false +} + +func (_ *Context) IsWWW() bool { + return false +} + +func (_ *Context) JSON(_ interface{}, _ ...JSON) error { + return nil +} + +func (_ *Context) JSONP(_ interface{}, _ ...JSONP) error { + return nil +} + +func (_ *Context) Logout(_ ...interface{}) error { + return nil +} + +func (_ *Context) Markdown(_ []byte, _ ...Markdown) error { + return nil +} + +func (_ *Context) MaxAge() int64 { + return 0 +} + +func (_ *Context) Method() string { + return "" +} + +func (_ *Context) MsgPack(_ interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) Negotiate(_ interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) Negotiation() *NegotiationBuilder { + return nil +} + +func (_ *Context) Next() {} + +func (_ *Context) NextHandler() Handler { + return nil +} + +func (_ *Context) NextOr(_ ...Handler) bool { + return false +} + +func (_ *Context) NextOrNotFound() bool { + return false +} + +func (_ *Context) NotFound() {} + +func (_ *Context) OnClose(_ Handler) {} + +func (_ *Context) OnCloseErr(_ func() error) {} + +func (_ *Context) OnConnectionClose(_ Handler) bool { + return false +} + +func (_ *Context) OnConnectionCloseErr(_ func() error) bool { + return false +} + +func (_ *Context) Params() *RequestParams { + return nil +} + +func (_ *Context) Path() string { + return "" +} + +func (_ *Context) PostValue(_ string) string { + return "" +} + +func (_ *Context) PostValueBool(_ string) (bool, error) { + return false, nil +} + +func (_ *Context) PostValueComplex128(_ string) (complex128, error) { + return 0, nil +} + +func (_ *Context) PostValueComplex128Default(_ string, _ complex128) complex128 { + return 0 +} + +func (_ *Context) PostValueComplex64(_ string) (complex64, error) { + return 0, nil +} + +func (_ *Context) PostValueComplex64Default(_ string, _ complex64) complex64 { + return 0 +} + +func (_ *Context) PostValueDefault(_ string, _ string) string { + return "" +} + +func (_ *Context) PostValueFloat32(_ string) (float32, error) { + return 0, nil +} + +func (_ *Context) PostValueFloat32Default(_ string, _ float32) float32 { + return 0 +} + +func (_ *Context) PostValueFloat64(_ string) (float64, error) { + return 0, nil +} + +func (_ *Context) PostValueFloat64Default(_ string, _ float64) float64 { + return 0 +} + +func (_ *Context) PostValueInt(_ string) (int, error) { + return 0, nil +} + +func (_ *Context) PostValueInt16(_ string) (int16, error) { + return 0, nil +} + +func (_ *Context) PostValueInt16Default(_ string, _ int16) int16 { + return 0 +} + +func (_ *Context) PostValueInt32(_ string) (int32, error) { + return 0, nil +} + +func (_ *Context) PostValueInt32Default(_ string, _ int32) int32 { + return 0 +} + +func (_ *Context) PostValueInt64(_ string) (int64, error) { + return 0, nil +} + +func (_ *Context) PostValueInt64Default(_ string, _ int64) int64 { + return 0 +} + +func (_ *Context) PostValueInt8(_ string) (int8, error) { + return 0, nil +} + +func (_ *Context) PostValueInt8Default(_ string, _ int8) int8 { + return 0 +} + +func (_ *Context) PostValueIntDefault(_ string, _ int) int { + return 0 +} + +func (_ *Context) PostValueMany(_ string) (string, error) { + return "", nil +} + +func (_ *Context) PostValueSimpleDate(_ string) (time.Time, error) { + return time.Time{}, nil +} + +func (_ *Context) PostValueString(_ string) (string, error) { + return "", nil +} + +func (_ *Context) PostValueTime(_ string, _ string) (time.Time, error) { + return time.Time{}, nil +} + +func (_ *Context) PostValueTrim(_ string) string { + return "" +} + +func (_ *Context) PostValueUint(_ string) (uint, error) { + return 0, nil +} + +func (_ *Context) PostValueUint16(_ string) (uint16, error) { + return 0, nil +} + +func (_ *Context) PostValueUint32(_ string) (uint32, error) { + return 0, nil +} + +func (_ *Context) PostValueUint64(_ string) (uint64, error) { + return 0, nil +} + +func (_ *Context) PostValueUint8(_ string) (byte, error) { + return 0, nil +} + +func (_ *Context) PostValueWeekday(_ string) (time.Weekday, error) { + return 0, nil +} + +func (_ *Context) PostValues(_ string) ([]string, error) { + return nil, nil +} + +func (_ *Context) Problem(_ interface{}, _ ...ProblemOptions) error { + return nil +} + +func (_ *Context) Proceed(_ Handler) bool { + return false +} + +func (_ *Context) ProceedAndReportIfStopped(_ Handler) (bool, bool) { + return false, false +} + +func (_ *Context) Protobuf(_ interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) ReadBody(_ interface{}) error { + return nil +} + +func (_ *Context) ReadForm(_ interface{}) error { + return nil +} + +func (_ *Context) ReadHeaders(_ interface{}) error { + return nil +} + +func (_ *Context) ReadJSON(_ interface{}, _ ...JSONReader) error { + return nil +} + +func (_ *Context) ReadJSONProtobuf(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Context) ReadJSONStream(_ func(DecodeFunc) error, _ ...JSONReader) error { + return nil +} + +func (_ *Context) ReadMsgPack(_ interface{}) error { + return nil +} + +func (_ *Context) ReadMultipartRelated() (MultipartRelated, error) { + return MultipartRelated{}, nil +} + +func (_ *Context) ReadParams(_ interface{}) error { + return nil +} + +func (_ *Context) ReadProtobuf(_ interface{}) error { + return nil +} + +func (_ *Context) ReadQuery(_ interface{}) error { + return nil +} + +func (_ *Context) ReadURL(_ interface{}) error { + return nil +} + +func (_ *Context) ReadXML(_ interface{}) error { + return nil +} + +func (_ *Context) ReadYAML(_ interface{}) error { + return nil +} + +func (_ *Context) Record() {} + +func (_ *Context) RecordRequestBody(_ bool) {} + +func (_ *Context) Recorder() *ResponseRecorder { + return nil +} + +func (_ *Context) Redirect(_ string, _ ...int) {} + +func (_ *Context) ReflectValue() []reflect.Value { + return nil +} + +func (_ *Context) RegisterDependency(_ interface{}) {} + +func (_ *Context) RemoteAddr() string { + return "" +} + +func (_ *Context) RemoveCookie(_ string, _ ...CookieOption) {} + +func (_ *Context) Render(_ int, _ interface { + Render(_ http.ResponseWriter) error + WriteContentType(_ http.ResponseWriter) +}) { +} + +func (_ *Context) Request() *http.Request { + return nil +} + +func (_ *Context) RequestPath(_ bool) string { + return "" +} + +func (_ *Context) ResetQuery() {} + +func (_ *Context) ResetRequest(_ *http.Request) {} + +func (_ *Context) ResetResponseWriter(_ ResponseWriter) {} + +func (_ *Context) ResponseWriter() ResponseWriter { + return nil +} + +func (_ *Context) ResumeExecution() bool { + return false +} + +func (_ *Context) RouteExists(_ string, _ string) bool { + return false +} + +func (_ *Context) RouteName() string { + return "" +} + +func (_ *Context) SaveFormFile(_ *multipart.FileHeader, _ string) (int64, error) { + return 0, nil +} + +func (_ *Context) Scheme() string { + return "" +} + +func (_ *Context) SendFile(_ string, _ string) error { + return nil +} + +func (_ *Context) SendFileWithRate(_ string, _ string, _ float64, _ int) error { + return nil +} + +func (_ *Context) ServeContent(_ io.ReadSeeker, _ string, _ time.Time) {} + +func (_ *Context) ServeContentWithRate(_ io.ReadSeeker, _ string, _ time.Time, _ float64, _ int) {} + +func (_ *Context) ServeFile(_ string) error { + return nil +} + +func (_ *Context) ServeFileWithRate(_ string, _ float64, _ int) error { + return nil +} + +func (_ *Context) SetCookie(_ *http.Cookie, _ ...CookieOption) {} + +func (_ *Context) SetCookieKV(_ string, _ string, _ ...CookieOption) {} + +func (_ *Context) SetCurrentRoute(_ RouteReadOnly) {} + +func (_ *Context) SetErr(_ error) {} + +func (_ *Context) SetErrPrivate(_ error) {} + +func (_ *Context) SetFunc(_ string, _ interface{}, _ ...interface{}) {} + +func (_ *Context) SetHandlers(_ Handlers) {} + +func (_ *Context) SetID(_ interface{}) {} + +func (_ *Context) SetLanguage(_ string) {} + +func (_ *Context) SetLastModified(_ time.Time) {} + +func (_ *Context) SetLogoutFunc(_ interface{}, _ ...interface{}) {} + +func (_ *Context) SetMaxRequestBodySize(_ int64) {} + +func (_ *Context) SetUser(_ interface{}) error { + return nil +} + +func (_ *Context) Skip() {} + +func (_ *Context) StatusCode(_ int) {} + +func (_ *Context) StopExecution() {} + +func (_ *Context) StopWithError(_ int, _ error) {} + +func (_ *Context) StopWithJSON(_ int, _ interface{}) error { + return nil +} + +func (_ *Context) StopWithPlainError(_ int, _ error) {} + +func (_ *Context) StopWithProblem(_ int, _ Problem) error { + return nil +} + +func (_ *Context) StopWithStatus(_ int) {} + +func (_ *Context) StopWithText(_ int, _ string, _ ...interface{}) {} + +func (_ *Context) StreamWriter(_ func(io.Writer) error) error { + return nil +} + +func (_ *Context) String() string { + return "" +} + +func (_ *Context) Subdomain() string { + return "" +} + +func (_ *Context) SubdomainFull() string { + return "" +} + +func (_ *Context) Text(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) TextYAML(_ interface{}) error { + return nil +} + +func (_ *Context) Tr(_ string, _ ...interface{}) string { + return "" +} + +func (_ *Context) URLParam(_ string) string { + return "" +} + +func (_ *Context) URLParamBool(_ string) (bool, error) { + return false, nil +} + +func (_ *Context) URLParamBoolDefault(_ string, _ bool) bool { + return false +} + +func (_ *Context) URLParamDefault(_ string, _ string) string { + return "" +} + +func (_ *Context) URLParamEscape(_ string) string { + return "" +} + +func (_ *Context) URLParamExists(_ string) bool { + return false +} + +func (_ *Context) URLParamFloat64(_ string) (float64, error) { + return 0, nil +} + +func (_ *Context) URLParamFloat64Default(_ string, _ float64) float64 { + return 0 +} + +func (_ *Context) URLParamInt(_ string) (int, error) { + return 0, nil +} + +func (_ *Context) URLParamInt32Default(_ string, _ int32) int32 { + return 0 +} + +func (_ *Context) URLParamInt64(_ string) (int64, error) { + return 0, nil +} + +func (_ *Context) URLParamInt64Default(_ string, _ int64) int64 { + return 0 +} + +func (_ *Context) URLParamIntDefault(_ string, _ int) int { + return 0 +} + +func (_ *Context) URLParamSlice(_ string) []string { + return nil +} + +func (_ *Context) URLParamTrim(_ string) string { + return "" +} + +func (_ *Context) URLParamUint64(_ string) uint64 { + return 0 +} + +func (_ *Context) URLParams() map[string]string { + return nil +} + +func (_ *Context) URLParamsSorted() []interface{} { + return nil +} + +func (_ *Context) UnmarshalBody(_ interface{}, _ Unmarshaler) error { + return nil +} + +func (_ *Context) UnregisterDependency(_ reflect.Type) bool { + return false +} + +func (_ *Context) UploadFormFiles(_ string, _ ...func(*Context, *multipart.FileHeader) bool) ([]*multipart.FileHeader, int64, error) { + return nil, 0, nil +} + +func (_ *Context) UpsertCookie(_ *http.Cookie, _ ...CookieOption) bool { + return false +} + +func (_ *Context) User() User { + return nil +} + +func (_ *Context) Value(_ interface{}) interface{} { + return nil +} + +func (_ *Context) Values() interface{} { + return nil +} + +func (_ *Context) View(_ string, _ ...interface{}) error { + return nil +} + +func (_ *Context) ViewData(_ string, _ interface{}) {} + +func (_ *Context) ViewEngine(_ ViewEngine) {} + +func (_ *Context) ViewLayout(_ string) {} + +func (_ *Context) VisitAllCookies(_ func(string, string)) {} + +func (_ *Context) Write(_ []byte) (int, error) { + return 0, nil +} + +func (_ *Context) WriteNotModified() {} + +func (_ *Context) WriteString(_ string) (int, error) { + return 0, nil +} + +func (_ *Context) WriteWithExpiration(_ []byte, _ time.Time) (int, error) { + return 0, nil +} + +func (_ *Context) Writef(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Context) XML(_ interface{}, _ ...XML) error { + return nil +} + +func (_ *Context) YAML(_ interface{}) error { + return nil +} + +type CookieOption func(*Context, *http.Cookie, byte) + +type DecodeFunc func(interface{}) error + +type ErrPanicRecovery struct { + ErrPrivate ErrPrivate + Cause interface{} + Callers []string + Stack []byte + RegisteredHandlers []string + CurrentHandler string +} + +func (_ ErrPanicRecovery) IrisPrivateError() {} + +func (_ *ErrPanicRecovery) Error() string { + return "" +} + +func (_ *ErrPanicRecovery) Is(_ error) bool { + return false +} + +type ErrPrivate interface { + Error() string + IrisPrivateError() +} + +type ErrViewNotExist struct { + Name string + IsLayout bool + Data interface{} +} + +func (_ ErrViewNotExist) Error() string { + return "" +} + +type ErrorHandler interface { + HandleContextError(_ *Context, _ error) +} + +type FallbackViewProvider interface { + FallbackView(_ *Context, _ ErrViewNotExist) error +} + +type Func struct { + RegisterName string + Raw interface{} + PersistenceArgs []interface{} + Meta *FuncMeta +} + +type FuncMeta struct { + Handler Handler + HandlerWithErr func(*Context) error + RawFunc func() + RawFuncWithErr func() error + RawFuncArgs func(...interface{}) + RawFuncArgsWithErr func(...interface{}) error + Value reflect.Value + Type reflect.Type + ExpectedArgumentsLength int + PersistenceInputs []reflect.Value + AcceptsContext bool + ReturnsError bool +} + +type Handler func(*Context) + +type Handlers []Handler + +type I18nReadOnly interface { + GetLocale(_ *Context) Locale + Tags() []interface{} + Tr(_ string, _ string, _ ...interface{}) string + TrContext(_ *Context, _ string, _ ...interface{}) string +} + +type JSON struct { + UnescapeHTML bool + Indent string + Prefix string + ASCII bool + Secure bool + Proto interface{} + OmitErrorHandler bool +} + +func (_ *JSON) IsDefault() bool { + return false +} + +type JSONP struct { + Indent string + Callback string + OmitErrorHandler bool +} + +type JSONReader struct { + DisallowUnknownFields bool + Optimize bool + ArrayStream bool +} + +type Locale interface { + GetMessage(_ string, _ ...interface{}) string + Index() int + Language() string + Tag() interface{} +} + +type Markdown struct { + Sanitize bool + OmitErrorHandler bool + RenderOptions interface{} +} + +type MultipartRelated struct { + ContentIDs []string + Contents map[string]MultipartRelatedContent +} + +type MultipartRelatedContent struct { + ID string + Headers map[string][]string + Body []byte +} + +type NegotiationAcceptBuilder struct{} + +func (_ *NegotiationAcceptBuilder) Binary() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Charset(_ ...string) *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Encoding(_ ...string) *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) EncodingGzip() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) HTML() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) JSON() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) JSONP() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) MIME(_ ...string) *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Markdown() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) MsgPack() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Override() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Problem() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Protobuf() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) Text() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) TextYAML() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) XML() *NegotiationAcceptBuilder { + return nil +} + +func (_ *NegotiationAcceptBuilder) YAML() *NegotiationAcceptBuilder { + return nil +} + +type NegotiationBuilder struct { + Accept NegotiationAcceptBuilder +} + +func (_ *NegotiationBuilder) Any(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Binary(_ ...[]byte) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Build() (string, string, string, interface{}) { + return "", "", "", nil +} + +func (_ *NegotiationBuilder) Charset(_ ...string) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Clear() *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Encoding(_ ...string) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) EncodingGzip() *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) HTML(_ ...string) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) JSON(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) JSONP(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) MIME(_ string, _ interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Markdown(_ ...[]byte) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) MsgPack(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Problem(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Protobuf(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) Text(_ ...string) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) TextYAML(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) XML(_ ...interface{}) *NegotiationBuilder { + return nil +} + +func (_ *NegotiationBuilder) YAML(_ ...interface{}) *NegotiationBuilder { + return nil +} + +type Pool struct{} + +func (_ *Pool) Acquire(_ http.ResponseWriter, _ *http.Request) *Context { + return nil +} + +func (_ *Pool) Release(_ *Context) {} + +func (_ *Pool) ReleaseLight(_ *Context) {} + +type Problem map[string]interface{} + +func (_ Problem) Cause(_ Problem) Problem { + return nil +} + +func (_ Problem) Detail(_ string) Problem { + return nil +} + +func (_ Problem) DetailErr(_ error) Problem { + return nil +} + +func (_ Problem) Error() string { + return "" +} + +func (_ Problem) GetTempKey(_ string) interface{} { + return nil +} + +func (_ Problem) Instance(_ string) Problem { + return nil +} + +func (_ Problem) Key(_ string, _ interface{}) Problem { + return nil +} + +func (_ Problem) MarshalXML(_ *xml.Encoder, _ xml.StartElement) error { + return nil +} + +func (_ Problem) Status(_ int) Problem { + return nil +} + +func (_ Problem) TempKey(_ string, _ interface{}) Problem { + return nil +} + +func (_ Problem) Title(_ string) Problem { + return nil +} + +func (_ Problem) Type(_ string) Problem { + return nil +} + +func (_ Problem) Validate() bool { + return false +} + +type ProblemOptions struct { + JSON JSON + RenderXML bool + XML XML + RetryAfter interface{} + RetryAfterFunc func(*Context) interface{} +} + +func (_ *ProblemOptions) Apply(_ *Context) {} + +type Referrer struct { + Raw string + Type interface{} + Label string + URL string + Subdomain string + Domain string + Tld string + Path string + Query string + GoogleType interface{} +} + +func (_ Referrer) String() string { + return "" +} + +type RequestParams struct { + Store interface{} +} + +func (_ RequestParams) Serialize() []byte { + return nil +} + +func (_ *RequestParams) Exists(_ string) bool { + return false +} + +func (_ *RequestParams) Get(_ string) string { + return "" +} + +func (_ *RequestParams) GetBool(_ string) (bool, error) { + return false, nil +} + +func (_ *RequestParams) GetBoolDefault(_ string, _ bool) bool { + return false +} + +func (_ *RequestParams) GetDecoded(_ string) string { + return "" +} + +func (_ *RequestParams) GetDefault(_ string, _ interface{}) interface{} { + return nil +} + +func (_ *RequestParams) GetEntry(_ string) interface{} { + return nil +} + +func (_ *RequestParams) GetEntryAt(_ int) interface{} { + return nil +} + +func (_ *RequestParams) GetEscape(_ string) string { + return "" +} + +func (_ *RequestParams) GetFloat64(_ string) (float64, error) { + return 0, nil +} + +func (_ *RequestParams) GetFloat64Default(_ string, _ float64) float64 { + return 0 +} + +func (_ *RequestParams) GetInt(_ string) (int, error) { + return 0, nil +} + +func (_ *RequestParams) GetInt16(_ string) (int16, error) { + return 0, nil +} + +func (_ *RequestParams) GetInt16Default(_ string, _ int16) int16 { + return 0 +} + +func (_ *RequestParams) GetInt32(_ string) (int32, error) { + return 0, nil +} + +func (_ *RequestParams) GetInt32Default(_ string, _ int32) int32 { + return 0 +} + +func (_ *RequestParams) GetInt64(_ string) (int64, error) { + return 0, nil +} + +func (_ *RequestParams) GetInt64Default(_ string, _ int64) int64 { + return 0 +} + +func (_ *RequestParams) GetInt8(_ string) (int8, error) { + return 0, nil +} + +func (_ *RequestParams) GetInt8Default(_ string, _ int8) int8 { + return 0 +} + +func (_ *RequestParams) GetIntDefault(_ string, _ int) int { + return 0 +} + +func (_ *RequestParams) GetIntUnslashed(_ string) (int, bool) { + return 0, false +} + +func (_ *RequestParams) GetOrSet(_ string, _ func() interface{}) interface{} { + return nil +} + +func (_ *RequestParams) GetString(_ string) string { + return "" +} + +func (_ *RequestParams) GetStringDefault(_ string, _ string) string { + return "" +} + +func (_ *RequestParams) GetStringTrim(_ string) string { + return "" +} + +func (_ *RequestParams) GetTime(_ string) (time.Time, error) { + return time.Time{}, nil +} + +func (_ *RequestParams) GetTrim(_ string) string { + return "" +} + +func (_ *RequestParams) GetTrimFile(_ string) string { + return "" +} + +func (_ *RequestParams) GetTrimFileInt(_ string) int { + return 0 +} + +func (_ *RequestParams) GetTrimFileUint(_ string) uint { + return 0 +} + +func (_ *RequestParams) GetTrimFileUint64(_ string) uint64 { + return 0 +} + +func (_ *RequestParams) GetTrimHTML(_ string) string { + return "" +} + +func (_ *RequestParams) GetTrimJSON(_ string) string { + return "" +} + +func (_ *RequestParams) GetTrimXML(_ string) string { + return "" +} + +func (_ *RequestParams) GetUint(_ string) (uint, error) { + return 0, nil +} + +func (_ *RequestParams) GetUint16(_ string) (uint16, error) { + return 0, nil +} + +func (_ *RequestParams) GetUint16Default(_ string, _ uint16) uint16 { + return 0 +} + +func (_ *RequestParams) GetUint32(_ string) (uint32, error) { + return 0, nil +} + +func (_ *RequestParams) GetUint32Default(_ string, _ uint32) uint32 { + return 0 +} + +func (_ *RequestParams) GetUint64(_ string) (uint64, error) { + return 0, nil +} + +func (_ *RequestParams) GetUint64Default(_ string, _ uint64) uint64 { + return 0 +} + +func (_ *RequestParams) GetUint8(_ string) (byte, error) { + return 0, nil +} + +func (_ *RequestParams) GetUint8Default(_ string, _ byte) byte { + return 0 +} + +func (_ *RequestParams) GetUintDefault(_ string, _ uint) uint { + return 0 +} + +func (_ *RequestParams) GetWeekday(_ string) (time.Weekday, error) { + return 0, nil +} + +func (_ *RequestParams) Len() int { + return 0 +} + +func (_ *RequestParams) Remove(_ string) bool { + return false +} + +func (_ *RequestParams) Reset() {} + +func (_ *RequestParams) Save(_ string, _ interface{}, _ bool) (interface{}, bool) { + return nil, false +} + +func (_ *RequestParams) Set(_ string, _ string) {} + +func (_ *RequestParams) SetImmutable(_ string, _ interface{}) (interface{}, bool) { + return nil, false +} + +func (_ *RequestParams) SimpleDate(_ string) string { + return "" +} + +func (_ *RequestParams) Visit(_ func(string, string)) {} + +type ResponseRecorder struct { + ResponseWriter ResponseWriter +} + +func (_ ResponseRecorder) BeginResponse(_ http.ResponseWriter) {} + +func (_ ResponseRecorder) Flusher() (http.Flusher, bool) { + return nil, false +} + +func (_ ResponseRecorder) GetBeforeFlush() func() { + return nil +} + +func (_ ResponseRecorder) IsHijacked() bool { + return false +} + +func (_ ResponseRecorder) SetBeforeFlush(_ func()) {} + +func (_ ResponseRecorder) SetWriter(_ http.ResponseWriter) {} + +func (_ ResponseRecorder) SetWritten(_ int) {} + +func (_ ResponseRecorder) StatusCode() int { + return 0 +} + +func (_ ResponseRecorder) WriteHeader(_ int) {} + +func (_ ResponseRecorder) Written() int { + return 0 +} + +func (_ *ResponseRecorder) BeginRecord(_ ResponseWriter) {} + +func (_ *ResponseRecorder) Body() []byte { + return nil +} + +func (_ *ResponseRecorder) ClearHeaders() {} + +func (_ *ResponseRecorder) Clone() ResponseWriter { + return nil +} + +func (_ *ResponseRecorder) CopyTo(_ ResponseWriter) {} + +func (_ *ResponseRecorder) EndResponse() {} + +func (_ *ResponseRecorder) Flush() {} + +func (_ *ResponseRecorder) FlushResponse() {} + +func (_ *ResponseRecorder) Header() http.Header { + return nil +} + +func (_ *ResponseRecorder) Naive() http.ResponseWriter { + return nil +} + +func (_ *ResponseRecorder) Push(_ string, _ *http.PushOptions) error { + return nil +} + +func (_ *ResponseRecorder) Reset() bool { + return false +} + +func (_ *ResponseRecorder) ResetBody() {} + +func (_ *ResponseRecorder) ResetHeaders() {} + +func (_ *ResponseRecorder) Result() *http.Response { + return nil +} + +func (_ *ResponseRecorder) SetBody(_ []byte) {} + +func (_ *ResponseRecorder) SetBodyString(_ string) {} + +func (_ *ResponseRecorder) Write(_ []byte) (int, error) { + return 0, nil +} + +type ResponseWriter interface { + BeginResponse(_ http.ResponseWriter) + Clone() ResponseWriter + CopyTo(_ ResponseWriter) + EndResponse() + Flush() + FlushResponse() + Flusher() (http.Flusher, bool) + GetBeforeFlush() func() + Header() http.Header + IsHijacked() bool + Naive() http.ResponseWriter + SetBeforeFlush(_ func()) + SetWriter(_ http.ResponseWriter) + SetWritten(_ int) + StatusCode() int + Write(_ []byte) (int, error) + WriteHeader(_ int) + Written() int +} + +type RouteReadOnly interface { + GetChangeFreq() string + GetLastMod() time.Time + GetPriority() float32 + IsOnline() bool + IsStatic() bool + MainHandlerIndex() int + MainHandlerName() string + Method() string + Name() string + Path() string + Property(_ string) (interface{}, bool) + ResolvePath(_ ...string) string + StaticPath() string + StatusErrorCode() int + String() string + Subdomain() string + Tmpl() interface{} + Trace(_ io.Writer, _ int) +} + +type Unmarshaler interface { + Unmarshal(_ []byte, _ interface{}) error +} + +type User interface { + GetAuthorization() (string, error) + GetAuthorizedAt() (time.Time, error) + GetEmail() (string, error) + GetField(_ string) (interface{}, error) + GetID() (string, error) + GetPassword() (string, error) + GetRaw() (interface{}, error) + GetRoles() ([]string, error) + GetToken() ([]byte, error) + GetUsername() (string, error) +} + +type ViewEngine interface { + ExecuteWriter(_ io.Writer, _ string, _ string, _ interface{}) error + Ext() string + Load() error + Name() string +} + +type XML struct { + Indent string + Prefix string + OmitErrorHandler bool +} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt new file mode 100644 index 00000000000..e3c62be74a7 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt @@ -0,0 +1,93 @@ +# github.com/kataras/iris/v12 v12.2.5 +## explicit +github.com/kataras/iris/v12 +# github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 +## explicit +github.com/Shopify/goreferrer +# github.com/andybalholm/brotli v1.0.5 +## explicit +github.com/andybalholm/brotli +# github.com/aymerick/douceur v0.2.0 +## explicit +github.com/aymerick/douceur +# github.com/fatih/structs v1.1.0 +## explicit +github.com/fatih/structs +# github.com/golang/snappy v0.0.4 +## explicit +github.com/golang/snappy +# github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 +## explicit +github.com/gomarkdown/markdown +# github.com/google/go-cmp v0.5.9 +## explicit +github.com/google/go-cmp +# github.com/google/uuid v1.3.0 +## explicit +github.com/google/uuid +# github.com/gorilla/css v1.0.0 +## explicit +github.com/gorilla/css +# github.com/iris-contrib/schema v0.0.6 +## explicit +github.com/iris-contrib/schema +# github.com/josharian/intern v1.0.0 +## explicit +github.com/josharian/intern +# github.com/kataras/golog v0.1.9 +## explicit +github.com/kataras/golog +# github.com/kataras/pio v0.0.12 +## explicit +github.com/kataras/pio +# github.com/klauspost/compress v1.16.7 +## explicit +github.com/klauspost/compress +# github.com/kr/pretty v0.3.1 +## explicit +github.com/kr/pretty +# github.com/mailru/easyjson v0.7.7 +## explicit +github.com/mailru/easyjson +# github.com/microcosm-cc/bluemonday v1.0.25 +## explicit +github.com/microcosm-cc/bluemonday +# github.com/rogpeppe/go-internal v1.10.0 +## explicit +github.com/rogpeppe/go-internal +# github.com/tdewolff/minify/v2 v2.12.8 +## explicit +github.com/tdewolff/minify/v2 +# github.com/tdewolff/parse/v2 v2.6.7 +## explicit +github.com/tdewolff/parse/v2 +# github.com/vmihailenco/msgpack/v5 v5.3.5 +## explicit +github.com/vmihailenco/msgpack/v5 +# github.com/vmihailenco/tagparser/v2 v2.0.0 +## explicit +github.com/vmihailenco/tagparser/v2 +# golang.org/x/crypto v0.12.0 +## explicit +golang.org/x/crypto +# golang.org/x/net v0.14.0 +## explicit +golang.org/x/net +# golang.org/x/sys v0.11.0 +## explicit +golang.org/x/sys +# golang.org/x/text v0.12.0 +## explicit +golang.org/x/text +# golang.org/x/time v0.3.0 +## explicit +golang.org/x/time +# google.golang.org/protobuf v1.31.0 +## explicit +google.golang.org/protobuf +# gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c +## explicit +gopkg.in/check.v1 +# gopkg.in/yaml.v3 v3.0.1 +## explicit +gopkg.in/yaml.v3 diff --git a/go/ql/test/query-tests/Diagnostics/SuccessfullyExtractedFiles.expected b/go/ql/test/query-tests/Diagnostics/SuccessfullyExtractedFiles.expected index 2b5394e8434..6b66e5a1ae7 100644 --- a/go/ql/test/query-tests/Diagnostics/SuccessfullyExtractedFiles.expected +++ b/go/ql/test/query-tests/Diagnostics/SuccessfullyExtractedFiles.expected @@ -1 +1,2 @@ +| ../../go.mod:0:0:0:0 | ../../go.mod | | | util.go:0:0:0:0 | util.go | | diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go index d10d1e47a3b..ed0983fedc8 100644 --- a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go +++ b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go @@ -134,7 +134,7 @@ func testParseUint() { if err != nil { panic(err) } - _ = int8(parsed) + _ = int8(parsed) // $ hasValueFlow="type conversion" _ = uint8(parsed) _ = int16(parsed) _ = uint16(parsed) @@ -152,7 +152,7 @@ func testParseUint() { } _ = int8(parsed) // $ hasValueFlow="type conversion" _ = uint8(parsed) // $ hasValueFlow="type conversion" - _ = int16(parsed) + _ = int16(parsed) // $ hasValueFlow="type conversion" _ = uint16(parsed) _ = int32(parsed) _ = uint32(parsed) @@ -170,11 +170,11 @@ func testParseUint() { _ = uint8(parsed) // $ hasValueFlow="type conversion" _ = int16(parsed) // $ hasValueFlow="type conversion" _ = uint16(parsed) // $ hasValueFlow="type conversion" - _ = int32(parsed) + _ = int32(parsed) // $ hasValueFlow="type conversion" _ = uint32(parsed) _ = int64(parsed) _ = uint64(parsed) - _ = int(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) } { @@ -188,7 +188,7 @@ func testParseUint() { _ = uint16(parsed) // $ hasValueFlow="type conversion" _ = int32(parsed) // $ hasValueFlow="type conversion" _ = uint32(parsed) // $ hasValueFlow="type conversion" - _ = int64(parsed) + _ = int64(parsed) // $ hasValueFlow="type conversion" _ = uint64(parsed) _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) // $ hasValueFlow="type conversion" @@ -204,9 +204,9 @@ func testParseUint() { _ = uint16(parsed) // $ hasValueFlow="type conversion" _ = int32(parsed) // $ hasValueFlow="type conversion" _ = uint32(parsed) // $ hasValueFlow="type conversion" - _ = int64(parsed) + _ = int64(parsed) // $ hasValueFlow="type conversion" _ = uint64(parsed) - _ = int(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) } } @@ -266,6 +266,62 @@ func testBoundsChecking(input string) { } if parsed <= math.MaxUint16 { _ = uint16(parsed) + _ = uint(parsed) + _ = int32(parsed) + } + } + { + parsed, err := strconv.ParseUint(input, 10, 0) + if err != nil { + panic(err) + } + if parsed <= math.MaxUint64 { + _ = int8(parsed) // $ hasValueFlow="type conversion" + _ = uint8(parsed) // $ hasValueFlow="type conversion" + _ = int16(parsed) // $ hasValueFlow="type conversion" + _ = uint16(parsed) // $ hasValueFlow="type conversion" + _ = int32(parsed) // $ hasValueFlow="type conversion" + _ = uint32(parsed) // $ hasValueFlow="type conversion" + _ = int64(parsed) // $ hasValueFlow="type conversion" + _ = uint64(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" + _ = uint(parsed) + } + if parsed <= math.MaxInt64 { + _ = int8(parsed) // $ hasValueFlow="type conversion" + _ = uint8(parsed) // $ hasValueFlow="type conversion" + _ = int16(parsed) // $ hasValueFlow="type conversion" + _ = uint16(parsed) // $ hasValueFlow="type conversion" + _ = int32(parsed) // $ hasValueFlow="type conversion" + _ = uint32(parsed) // $ hasValueFlow="type conversion" + _ = int64(parsed) + _ = uint64(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" + _ = uint(parsed) + } + if parsed <= math.MaxUint32 { + _ = int8(parsed) // $ hasValueFlow="type conversion" + _ = uint8(parsed) // $ hasValueFlow="type conversion" + _ = int16(parsed) // $ hasValueFlow="type conversion" + _ = uint16(parsed) // $ hasValueFlow="type conversion" + _ = int32(parsed) // $ hasValueFlow="type conversion" + _ = uint32(parsed) + _ = int64(parsed) + _ = uint64(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" + _ = uint(parsed) + } + if parsed <= math.MaxInt32 { + _ = int8(parsed) // $ hasValueFlow="type conversion" + _ = uint8(parsed) // $ hasValueFlow="type conversion" + _ = int16(parsed) // $ hasValueFlow="type conversion" + _ = uint16(parsed) // $ hasValueFlow="type conversion" + _ = int32(parsed) + _ = uint32(parsed) + _ = int64(parsed) + _ = uint64(parsed) + _ = int(parsed) + _ = uint(parsed) } } { @@ -273,8 +329,9 @@ func testBoundsChecking(input string) { if err != nil { panic(err) } - if parsed <= math.MaxUint8 { - _ = uint8(parsed) + if parsed <= math.MaxUint16 { + _ = uint16(parsed) + _ = int16(parsed) // $ hasValueFlow="type conversion" } if parsed < 5 { _ = uint16(parsed) diff --git a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go index c6f0f165e2d..52486550950 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go @@ -20,7 +20,7 @@ func testIntSource386() { if err != nil { panic(err) } - _ = int32(parsed) + _ = int32(parsed) // $ hasValueFlow="type conversion" _ = uint32(parsed) } { diff --git a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go index 15c16601b94..0a37e1db99c 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go @@ -23,7 +23,7 @@ func testIntSource32() { if err != nil { panic(err) } - _ = int32(parsed) + _ = int32(parsed) // $ hasValueFlow="type conversion" _ = uint32(parsed) } { diff --git a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go index 2049b1157c7..4aa516bb330 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go @@ -20,7 +20,7 @@ func testIntSinkAmd64() { if err != nil { panic(err) } - _ = int(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go index c4259e70312..4ea56a15045 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go @@ -23,7 +23,7 @@ func testIntSink64() { if err != nil { panic(err) } - _ = int(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go index 277b40c6d8a..47bc383394b 100644 --- a/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go @@ -24,7 +24,7 @@ func oldTestIntSink64() { if err != nil { panic(err) } - _ = int(parsed) + _ = int(parsed) // $ hasValueFlow="type conversion" _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Summary/vendor/github.com/github/codeql-go/extractor/util/stub.go b/go/ql/test/query-tests/Summary/vendor/github.com/github/codeql-go/extractor/util/stub.go index 70d8e98f222..28aba86fdc5 100644 --- a/go/ql/test/query-tests/Summary/vendor/github.com/github/codeql-go/extractor/util/stub.go +++ b/go/ql/test/query-tests/Summary/vendor/github.com/github/codeql-go/extractor/util/stub.go @@ -1,10 +1,10 @@ // Code generated by depstubber. DO NOT EDIT. -// This is a simple stub for github.com/github/codeql-go/extractor/util, strictly for use in testing. +// This is a simple stub for github.com/github/codeql-go/util, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/github/codeql-go/extractor/util (exports: ; functions: Getenv) +// Source: github.com/github/codeql-go/util (exports: ; functions: Getenv) -// Package util is a stub of github.com/github/codeql-go/extractor/util, generated by depstubber. +// Package util is a stub of github.com/github/codeql-go/util, generated by depstubber. package util func Getenv(_ string, _ ...string) string { diff --git a/java/BUILD.bazel b/java/BUILD.bazel new file mode 100644 index 00000000000..ccfaea8186f --- /dev/null +++ b/java/BUILD.bazel @@ -0,0 +1,11 @@ +package(default_visibility = ["//visibility:public"]) + +alias( + name = "dbscheme", + actual = "//java/ql/lib/config:dbscheme", +) + +alias( + name = "dbscheme-stats", + actual = "//java/ql/lib/config:dbscheme-stats", +) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 2342046cc2e..3304352f9ef 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -1,203 +1,205 @@ -package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:remote,summary:taint,summary:value -actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, -android.app,35,,103,,,,11,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,,18,85 -android.content,24,31,154,,,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,,4,27,,63,91 -android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,41, -android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15 -android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,41,81 -android.support.v4.app,11,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -android.util,6,16,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,16,, -android.webkit,3,2,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,2,, -android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1, -androidx.core.app,6,,95,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,12,83 -androidx.fragment.app,11,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,5,,27,61 -antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,6, -com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,63,24 -com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 -com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 -com.google.common.flogger,29,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,, -com.google.common.io,8,,73,,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,,72,1 -com.google.gson,,,44,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30,14 -com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,, -com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,1, -com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,, -com.opensymphony.xwork2,67,,961,,,,,,,,,,,,,,,,67,,,,,,,,,,,,,,,,,,,,,867,94 -com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7, -com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,, -com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,, -flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 -freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,, -freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,, -groovy.lang,26,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -groovy.text,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -groovy.util,5,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -hudson,68,4,2647,,4,3,,,,4,,,,,,,,,,51,,,,,,,,,6,,,,,,,,,,4,2571,76 -io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4, -io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,, -io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77 -io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,2,, -io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,13,143,116 -io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,, -io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -io.netty.util,2,,23,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,21,2 -jakarta.activation,2,,2,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,2, -jakarta.faces.context,2,7,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, -jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 -jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, -jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55 -jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,, -java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3 -java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -java.io,50,,46,,,22,,,,,,,,,,,,,,28,,,,,,,,,,,,,,,,,,,,44,2 -java.lang,31,,94,,13,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,,57,37 -java.net,13,3,23,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,3,23, -java.nio,49,,36,,,5,,,,,,,,,,,,,,43,,,,,,,,,1,,,,,,,,,,,36, -java.sql,13,,2,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,2, -java.util,45,,487,,,1,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,45,442 -javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -javax.activation,2,,7,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,7, -javax.faces.context,2,7,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, -javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, -javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 -javax.management.remote,2,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,, -javax.naming,7,,1,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,1, -javax.net.ssl,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -javax.portlet,,,61,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61, -javax.script,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -javax.servlet,7,21,2,,,,,,,,1,,,,,,,,,1,,,,,,,,,,3,,,2,,,,,,21,2, -javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,, -javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, -javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,,,,,,94,55 -javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,, -javax.xml.transform,2,,6,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,,,,6, -javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,, -jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23 -jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 -kotlin,16,,1849,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,,1836,13 -net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,321,17 -net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,, -ognl,6,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,, -okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,23,27 -org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49, -org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, -org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 -org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 -org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, -org.apache.commons.exec,6,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.commons.io,111,,560,,,2,,,,,,,,,,,,,,94,,,,,,,,,15,,,,,,,,,,,546,14 -org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,, -org.apache.commons.jexl2,15,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.jexl3,15,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.lang,,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,596,171 -org.apache.commons.lang3,6,,425,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,294,131 -org.apache.commons.logging,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.net,9,12,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,12,, -org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 -org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,,,,,,,,,,,, -org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.configuration.jsse,2,,,,,,,,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,5,,,,,, -org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,4,,,,,,,,,5,,,,,,,,,,,, -org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,, -org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,, -org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10, -org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,, -org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,, -org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,, -org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,, -org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.hc.core5.http,73,2,45,,,,,,,1,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,2,45, -org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18, -org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6 -org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,, -org.apache.http,48,3,94,,,,,,,2,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,3,86,8 -org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,57, -org.apache.log4j,11,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,4,4 -org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.shiro.jndi,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, -org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,3,,,,,,,3839,34 -org.apache.tools.ant,11,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,, -org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,, -org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,, -org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,, -org.codehaus.groovy.control,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,, -org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,, -org.gradle.api.file,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2, -org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,, -org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.jboss.logging,324,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,, -org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,, -org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1 -org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8 -org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,, -org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38 -org.kohsuke.stapler,20,24,363,,,,,,,2,,,,,,,,,,9,,,,,,,,,4,,,,,5,,,,,24,352,11 -org.mvel2,16,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,, -org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.scijava.log,13,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,, -org.slf4j,55,,6,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,2,4 -org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30 -org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 -org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -org.springframework.core.io,2,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,, -org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 -org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,61,10 -org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,, -org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,, -org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,, -org.springframework.jndi,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.ldap,47,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,, -org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32 -org.springframework.util,3,,142,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,90,52 -org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13, -org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,3,, -org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,, -org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13, -org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,, -org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 -org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,2, -org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, -org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,, -play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,13,24, -ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, -ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, -ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48 -ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 -ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, -ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, -ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 -retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,1, +package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:encryption-iv,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:database,source:environment,source:file,source:remote,summary:taint,summary:value +actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, +android.app,35,,103,,,,,11,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,18,85 +android.content,24,31,154,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,,4,27,,,,,63,91 +android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,41, +android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15 +android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,41,81 +android.support.v4.app,11,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +android.util,6,16,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,16,, +android.webkit,3,2,,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,2,, +android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1, +androidx.core.app,6,,95,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,12,83 +androidx.fragment.app,11,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,5,,,,,27,61 +antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.alibaba.fastjson2,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,6, +com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,,63,24 +com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 +com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 +com.google.common.flogger,29,,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,, +com.google.common.io,8,,73,,,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,,,,,72,1 +com.google.gson,,,44,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30,14 +com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,, +com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,1, +com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,, +com.opensymphony.xwork2,67,,961,,,,,,,,,,,,,,,,,67,,,,,,,,,,,,,,,,,,,,,,,,867,94 +com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7, +com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,, +com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,, +flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 +freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, +freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,, +groovy.lang,26,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +groovy.text,1,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +groovy.util,5,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +hudson,68,9,2647,,4,,3,,,,4,,,,,,,,,,51,,,,,,,,,6,,,,,,,,,,,,5,4,2571,76 +io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4, +io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,, +io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77 +io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,2,, +io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,,,,13,143,116 +io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,, +io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +io.netty.util,2,,23,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,21,2 +jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,2, +jakarta.faces.context,2,7,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, +jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 +jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, +jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55 +jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,, +java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3 +java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +java.io,50,1,46,,,,22,,,,,,,,,,,,,,28,,,,,,,,,,,,,,,,,,,,,1,,44,2 +java.lang,31,3,94,,13,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,,3,,,57,37 +java.net,13,3,23,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,3,23, +java.nio,49,,36,,,,5,,,,,,,,,,,,,,43,,,,,,,,,1,,,,,,,,,,,,,,36, +java.sql,13,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,1,,,,2, +java.util,45,2,487,,,,1,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,2,,,45,442 +javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +javax.activation,2,,7,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,7, +javax.crypto,2,,4,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, +javax.faces.context,2,7,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, +javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, +javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 +javax.management,2,,1,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +javax.naming,7,,1,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +javax.net.ssl,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +javax.portlet,,,61,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61, +javax.script,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,, +javax.servlet,7,21,2,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,3,,,2,,,,,,,,,21,2, +javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,, +javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, +javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,,,,,,,,,94,55 +javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,, +javax.xml.transform,2,,6,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,,,,,,,6, +javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,, +jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23 +jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 +kotlin,16,,1849,,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,,,,,1836,13 +net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,321,17 +net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,, +ognl,6,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,, +okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,23,27 +org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49, +org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, +org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 +org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 +org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, +org.apache.commons.exec,6,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.commons.io,111,,560,,,,2,,,,,,,,,,,,,,94,,,,,,,,,15,,,,,,,,,,,,,,546,14 +org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,, +org.apache.commons.jexl2,15,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.jexl3,15,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.lang,,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,596,171 +org.apache.commons.lang3,6,,425,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,294,131 +org.apache.commons.logging,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.net,9,12,,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,,,,12,, +org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 +org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,,,,,,,,,,,,,,, +org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.configuration.jsse,2,,,,,,,,,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,5,,,,,,,,, +org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,5,,,,,,,,,,,,,,, +org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,, +org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10, +org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,, +org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,, +org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,, +org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,, +org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.hc.core5.http,73,2,45,,,,,,,,1,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,,,,2,45, +org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18, +org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6 +org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,, +org.apache.http,48,3,95,,,,,,,,2,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,,,,3,86,9 +org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,57, +org.apache.log4j,11,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,,4,4 +org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.shiro.jndi,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, +org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,3,,,,,,,,,,3839,34 +org.apache.tools.ant,11,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,, +org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,, +org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,, +org.codehaus.groovy.control,1,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,, +org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,, +org.gradle.api.file,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2, +org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,, +org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +org.jboss.logging,324,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,, +org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1 +org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8 +org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,, +org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38 +org.kohsuke.stapler,20,24,363,,,,,,,,2,,,,,,,,,,9,,,,,,,,,4,,,,,5,,,,,,,,24,352,11 +org.mvel2,16,,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,, +org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.scijava.log,13,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.slf4j,55,,6,,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,,2,4 +org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30 +org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,, +org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 +org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +org.springframework.core.io,2,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,, +org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 +org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,61,10 +org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,, +org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,, +org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,, +org.springframework.jndi,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.springframework.ldap,47,,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,, +org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32 +org.springframework.util,3,,142,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,90,52 +org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13, +org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,3,, +org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,, +org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13, +org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,, +org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 +org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,2, +org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, +org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,, +play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,13,24, +ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, +ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, +ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48 +ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 +ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, +ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, +ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 +retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,1, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 382fa519eef..a8779182dce 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -13,15 +13,15 @@ Java framework & library support `Apache Commons IO `_,``org.apache.commons.io``,,560,111,94,,,,,15 `Apache Commons Lang `_,``org.apache.commons.lang3``,,425,6,,,,,, `Apache Commons Text `_,``org.apache.commons.text``,,272,,,,,,, - `Apache HttpComponents `_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,182,122,,3,,,,119 + `Apache HttpComponents `_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,183,122,,3,,,,119 `Apache Log4j 2 `_,``org.apache.logging.log4j``,,8,359,,,,,, `Google Guava `_,``com.google.common.*``,,730,41,7,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java `_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,3,692,201,76,,9,,,18 - Java extensions,"``javax.*``, ``jakarta.*``",67,681,40,4,4,,1,1,4 + Java Standard Library,``java.*``,10,692,201,76,,9,,,18 + Java extensions,"``javax.*``, ``jakarta.*``",67,686,42,4,4,,1,1,4 Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2 `Spring `_,``org.springframework.*``,29,483,115,4,,28,14,,35 - Others,"``actions.osgi``, ``antlr``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",126,10502,706,116,6,18,18,,208 - Totals,,287,18884,2198,315,16,122,33,1,401 + Others,"``actions.osgi``, ``antlr``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",131,10503,706,116,6,18,18,,208 + Totals,,299,18891,2200,315,16,122,33,1,401 diff --git a/java/kotlin-extractor/build.py b/java/kotlin-extractor/build.py index c639209a930..752a436218f 100755 --- a/java/kotlin-extractor/build.py +++ b/java/kotlin-extractor/build.py @@ -87,7 +87,7 @@ def write_arg_file(arg_file, args): raise Exception('Single quote in argument: ' + arg) f.write("'" + arg.replace('\\', '/') + "'\n") -def compile_to_dir(build_dir, srcs, classpath, java_classpath, output): +def compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath, output): # Use kotlinc to compile .kt files: kotlin_arg_file = build_dir + '/kotlin.args' kotlin_args = ['-Werror', @@ -95,6 +95,8 @@ def compile_to_dir(build_dir, srcs, classpath, java_classpath, output): '-opt-in=org.jetbrains.kotlin.ir.symbols.IrSymbolInternals', '-d', output, '-module-name', 'codeql-kotlin-extractor', + '-Xsuppress-version-warnings', + '-language-version', language_version, '-no-reflect', '-no-stdlib', '-jvm-target', '1.8', '-classpath', classpath] + srcs @@ -114,14 +116,14 @@ def compile_to_dir(build_dir, srcs, classpath, java_classpath, output): run_process([javac, '@' + java_arg_file]) -def compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, output): +def compile_to_jar(build_dir, tmp_src_dir, srcs, language_version, classpath, java_classpath, output): class_dir = build_dir + '/classes' if os.path.exists(class_dir): shutil.rmtree(class_dir) os.makedirs(class_dir) - compile_to_dir(build_dir, srcs, classpath, java_classpath, class_dir) + compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath, class_dir) run_process(['jar', 'cf', output, '-C', class_dir, '.', @@ -192,6 +194,8 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, # copy and overwrite files from the version folder to the include folder shutil.copytree(d, include_version_folder, dirs_exist_ok=True) + language_version = str(parsed_current_version[0]) + '.' + str(parsed_current_version[1]) + # remove all version folders: shutil.rmtree(tmp_src_dir + '/main/kotlin/utils/versions') @@ -199,7 +203,7 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, transform_to_embeddable(srcs) - compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, output) + compile_to_jar(build_dir, tmp_src_dir, srcs, language_version, classpath, java_classpath, output) shutil.rmtree(tmp_src_dir) diff --git a/java/kotlin-extractor/kotlin_plugin_versions.py b/java/kotlin-extractor/kotlin_plugin_versions.py index e783caf4efe..1cf8a9cb0d8 100755 --- a/java/kotlin-extractor/kotlin_plugin_versions.py +++ b/java/kotlin-extractor/kotlin_plugin_versions.py @@ -24,7 +24,7 @@ def version_string_to_tuple(version): # Version number used by CI. ci_version = '1.9.0' -many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta', '1.9.20-Beta' ] +many_versions = [ '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta', '1.9.20-Beta' ] many_versions_tuples = [version_string_to_tuple(v) for v in many_versions] diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java index a1cc667dd43..830b2012c98 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java @@ -49,6 +49,8 @@ import com.semmle.util.trap.dependencies.TrapDependencies; import com.semmle.util.trap.dependencies.TrapSet; import com.semmle.util.trap.pathtransformers.PathTransformer; +import com.github.codeql.Compression; + public class OdasaOutput { private final File trapFolder; private final File sourceArchiveFolder; @@ -63,16 +65,18 @@ public class OdasaOutput { private final boolean trackClassOrigins; private final Logger log; + private final Compression compression; /** DEBUG only: just use the given file as the root for TRAP, source archive etc */ - OdasaOutput(File outputRoot, Logger log) { + OdasaOutput(File outputRoot, Compression compression, Logger log) { this.trapFolder = new File(outputRoot, "trap"); this.sourceArchiveFolder = new File(outputRoot, "src_archive"); this.trackClassOrigins = false; this.log = log; + this.compression = compression; } - public OdasaOutput(boolean trackClassOrigins, Logger log) { + public OdasaOutput(boolean trackClassOrigins, Compression compression, Logger log) { String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR", Var.TRAP_FOLDER.name()); if (trapFolderVar == null) { throw new ResourceError("CODEQL_EXTRACTOR_JAVA_TRAP_DIR was not set"); @@ -85,6 +89,7 @@ public class OdasaOutput { this.sourceArchiveFolder = new File(sourceArchiveVar); this.trackClassOrigins = trackClassOrigins; this.log = log; + this.compression = compression; } public File getTrapFolder() { @@ -180,18 +185,18 @@ public class OdasaOutput { return null; return FileUtil.appendAbsolutePath( currentSpecFileEntry.getTrapFolder(), - JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap.gz"); + JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap" + compression.getExtension()); } private File getTrapFileForModule(String moduleName) { return FileUtil.appendAbsolutePath( currentSpecFileEntry.getTrapFolder(), - MODULES_DIR + "/" + moduleName + ".trap.gz"); + MODULES_DIR + "/" + moduleName + ".trap" + compression.getExtension()); } private File trapFileFor(File file) { return FileUtil.appendAbsolutePath(currentSpecFileEntry.getTrapFolder(), - PathTransformer.std().fileAsDatabaseString(file) + ".trap.gz"); + PathTransformer.std().fileAsDatabaseString(file) + ".trap" + compression.getExtension()); } private File getTrapFileForDecl(IrElement sym, String signature) { @@ -214,27 +219,10 @@ public class OdasaOutput { binaryName.replace('.', '/') + signature + ".members" + - ".trap.gz"; + ".trap" + compression.getExtension(); return result; } - /* - * Deletion of existing trap files. - */ - - private void deleteTrapFileAndDependencies(IrElement sym, String signature) { - File trap = trapFileForDecl(sym, signature); - if (trap.exists()) { - trap.delete(); - File depFile = new File(trap.getParentFile(), trap.getName().replace(".trap.gz", ".dep")); - if (depFile.exists()) - depFile.delete(); - File metadataFile = new File(trap.getParentFile(), trap.getName().replace(".trap.gz", ".metadata")); - if (metadataFile.exists()) - metadataFile.delete(); - } - } - /* * Trap writers. */ @@ -262,7 +250,7 @@ public class OdasaOutput { // don't need to rewrite it only to rename it // again. File trapFileDir = trap.getParentFile(); - File trapOld = new File(trapFileDir, trap.getName().replace(".trap.gz", ".trap-old.gz")); + File trapOld = new File(trapFileDir, trap.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension())); if (trapOld.exists()) { log.trace("Not rewriting trap file for " + trap.toString() + " as the trap-old exists"); return null; @@ -289,7 +277,7 @@ public class OdasaOutput { } private TrapFileManager trapWriter(File trapFile, IrElement sym, String signature) { - if (!trapFile.getName().endsWith(".trap.gz")) + if (!trapFile.getName().endsWith(".trap" + compression.getExtension())) throw new CatastrophicError("OdasaOutput only supports writing to compressed trap files"); String relative = FileUtil.relativePath(trapFile, currentSpecFileEntry.getTrapFolder()); trapFile.getParentFile().mkdirs(); @@ -338,7 +326,7 @@ public class OdasaOutput { writeTrapDependencies(trapDependenciesForClass); } private void writeTrapDependencies(TrapDependencies trapDependencies) { - String dep = trapDependencies.trapFile().replace(".trap.gz", ".dep"); + String dep = trapDependencies.trapFile().replace(".trap" + compression.getExtension(), ".dep"); trapDependencies.save( currentSpecFileEntry.getTrapFolder().toPath().resolve(dep)); } @@ -352,7 +340,7 @@ public class OdasaOutput { * Trap file locking. */ - private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap\\.gz"); + private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap.*"); /** * CAUTION: to avoid the potential for deadlock between multiple concurrent extractor processes, @@ -429,12 +417,12 @@ public class OdasaOutput { trapFileVersion = new TrapClassVersion(0, 0, 0, "kotlin"); else trapFileVersion = TrapClassVersion.fromSymbol(sym, log); - String baseName = normalTrapFile.getName().replace(".trap.gz", ""); + String baseName = normalTrapFile.getName().replace(".trap" + compression.getExtension(), ""); // If a class has lots of inner classes, then we get lots of files // in a single directory. This makes our directory listings later slow. // To avoid this, rather than using files named .../Foo*, we use .../Foo/Foo*. trapFileBase = new File(new File(normalTrapFile.getParentFile(), baseName), baseName); - trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap.gz"); + trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap" + compression.getExtension()); } } private TrapLocker(File jarFile) { @@ -505,7 +493,7 @@ public class OdasaOutput { for (Pair p: pairs) { if (!latestVersion.equals(p.snd())) { File f = p.fst(); - File fOld = new File(f.getParentFile(), f.getName().replace(".trap.gz", ".trap-old.gz")); + File fOld = new File(f.getParentFile(), f.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension())); // We aren't interested in whether or not this succeeds; // it may fail because a concurrent extractor has already // renamed it. @@ -516,32 +504,12 @@ public class OdasaOutput { } } } - - private LockDirectory getExtractorLockDir() { - return LockDirectory.instance(currentSpecFileEntry.getTrapFolder(), log); - } - - private void lockTrapFile(File trapFile) { - getExtractorLockDir().blockingLock(LockingMode.Exclusive, trapFile, "Java extractor lock"); - } - - private void unlockTrapFile(File trapFile) { - boolean success = getExtractorLockDir().maybeUnlock(LockingMode.Exclusive, trapFile); - if (!success) { - log.warn("Trap file was not locked: " + trapFile); - } - } } /* * Class version tracking. */ - private static final String MAJOR_VERSION = "majorVersion"; - private static final String MINOR_VERSION = "minorVersion"; - private static final String LAST_MODIFIED = "lastModified"; - private static final String EXTRACTOR_NAME = "extractorName"; - private static class TrapClassVersion { private int majorVersion; private int minorVersion; @@ -709,27 +677,4 @@ public class OdasaOutput { return majorVersion + "." + minorVersion + "-" + lastModified + "-" + extractorName; } } - - private TrapClassVersion readVersionInfo(File trap) { - int majorVersion = 0; - int minorVersion = 0; - long lastModified = 0; - String extractorName = null; - File metadataFile = new File(trap.getAbsolutePath().replace(".trap.gz", ".metadata")); - if (metadataFile.exists()) { - Map metadataMap = FileUtil.readPropertiesCSV(metadataFile); - try { - majorVersion = Integer.parseInt(metadataMap.get(MAJOR_VERSION)); - minorVersion = Integer.parseInt(metadataMap.get(MINOR_VERSION)); - lastModified = Long.parseLong(metadataMap.get(LAST_MODIFIED)); - extractorName = metadataMap.get(EXTRACTOR_NAME); - } catch (NumberFormatException e) { - log.warn("Invalid class file version for " + trap.getAbsolutePath(), e); - } - } else { - log.warn("Trap metadata file does not exist: " + metadataFile.getAbsolutePath()); - } - return new TrapClassVersion(majorVersion, minorVersion, lastModified, extractorName); - } - } diff --git a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt index cfdf9895782..2b2127378dd 100644 --- a/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt @@ -14,7 +14,7 @@ import java.util.ArrayList import java.util.HashSet import java.util.zip.GZIPOutputStream -class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: DiagnosticTrapWriter) { +class ExternalDeclExtractor(val logger: FileLogger, val compression: Compression, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: DiagnosticTrapWriter) { val declBinaryNames = HashMap() val externalDeclsDone = HashSet>() @@ -23,7 +23,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri val propertySignature = ";property" val fieldSignature = ";field" - val output = OdasaOutput(false, logger).also { + val output = OdasaOutput(false, compression, logger).also { it.setCurrentSourceFile(File(sourceFilePath)) } @@ -65,7 +65,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri val trapFile = manager.file val trapTmpFile = File.createTempFile("${trapFile.nameWithoutExtension}.", ".${trapFile.extension}.tmp", trapFile.parentFile) try { - GZIPOutputStream(trapTmpFile.outputStream()).bufferedWriter().use { + compression.bufferedWriter(trapTmpFile).use { extractorFn(it, signature, manager) } diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt index 0e9524a8e43..0943f4f7f9a 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt @@ -101,26 +101,6 @@ class KotlinExtractorExtension( val usesK2 = usesK2(pluginContext) // This default should be kept in sync with com.semmle.extractor.java.interceptors.KotlinInterceptor.initializeExtractionContext val trapDir = File(System.getenv("CODEQL_EXTRACTOR_JAVA_TRAP_DIR").takeUnless { it.isNullOrEmpty() } ?: "kotlin-extractor/trap") - val compression_env_var = "CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION" - val compression_option = System.getenv(compression_env_var) - val defaultCompression = Compression.GZIP - val (compression, compressionWarning) = - if (compression_option == null) { - Pair(defaultCompression, null) - } else { - try { - @OptIn(kotlin.ExperimentalStdlibApi::class) // Annotation required by kotlin versions < 1.5 - val requested_compression = Compression.valueOf(compression_option.uppercase()) - if (requested_compression == Compression.BROTLI) { - Pair(Compression.GZIP, "Kotlin extractor doesn't support Brotli compression. Using GZip instead.") - } else { - Pair(requested_compression, null) - } - } catch (e: IllegalArgumentException) { - Pair(defaultCompression, - "Unsupported compression type (\$$compression_env_var) \"$compression_option\". Supported values are ${Compression.values().joinToString()}") - } - } // The invocation TRAP file will already have been started // before the plugin is run, so we always use no compression // and we open it in append mode. @@ -152,9 +132,7 @@ class KotlinExtractorExtension( if (System.getenv("CODEQL_EXTRACTOR_JAVA_KOTLIN_DUMP") == "true") { logger.info("moduleFragment:\n" + moduleFragment.dump()) } - if (compressionWarning != null) { - logger.warn(compressionWarning) - } + val compression = getCompression(logger) val primitiveTypeMapping = PrimitiveTypeMapping(logger, pluginContext) // FIXME: FileUtil expects a static global logger @@ -182,6 +160,29 @@ class KotlinExtractorExtension( } } + private fun getCompression(logger: Logger): Compression { + val compression_env_var = "CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION" + val compression_option = System.getenv(compression_env_var) + val defaultCompression = Compression.GZIP + if (compression_option == null) { + return defaultCompression + } else { + try { + @OptIn(kotlin.ExperimentalStdlibApi::class) // Annotation required by kotlin versions < 1.5 + val compression_option_upper = compression_option.uppercase() + if (compression_option_upper == "BROTLI") { + logger.warn("Kotlin extractor doesn't support Brotli compression. Using GZip instead.") + return Compression.GZIP + } else { + return Compression.valueOf(compression_option_upper) + } + } catch (e: IllegalArgumentException) { + logger.warn("Unsupported compression type (\$$compression_env_var) \"$compression_option\". Supported values are ${Compression.values().joinToString()}.") + return defaultCompression + } + } + } + private fun logPeakMemoryUsage(logger: Logger, time: String) { logger.info("Peak memory: Usage $time") @@ -333,7 +334,7 @@ private fun doFile( // Now elevate to a SourceFileTrapWriter, and populate the // file information val sftw = tw.makeSourceFileTrapWriter(srcFile, true) - val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter.getDiagnosticTrapWriter()) + val externalDeclExtractor = ExternalDeclExtractor(logger, compression, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter.getDiagnosticTrapWriter()) val linesOfCode = LinesOfCode(logger, sftw, srcFile) val fileExtractor = KotlinFileExtractor(logger, sftw, linesOfCode, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState) @@ -361,18 +362,24 @@ private fun doFile( } } -enum class Compression { NONE, GZIP, BROTLI } +enum class Compression(val extension: String) { + NONE("") { + override fun bufferedWriter(file: File): BufferedWriter { + return file.bufferedWriter() + } + }, + GZIP(".gz") { + override fun bufferedWriter(file: File): BufferedWriter { + return GZIPOutputStream(file.outputStream()).bufferedWriter() + } + }; + abstract fun bufferedWriter(file: File): BufferedWriter +} private fun getTrapFileWriter(compression: Compression, logger: FileLogger, trapFileName: String): TrapFileWriter { return when (compression) { Compression.NONE -> NonCompressedTrapFileWriter(logger, trapFileName) Compression.GZIP -> GZipCompressedTrapFileWriter(logger, trapFileName) - Compression.BROTLI -> { - // Brotli should have been replaced with gzip earlier, but - // if we somehow manage to get here then keep going - logger.error("Impossible Brotli compression requested. Using Gzip instead.") - getTrapFileWriter(Compression.GZIP, logger, trapFileName) - } } } diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index c8b6d696ec2..949096d4b32 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -139,7 +139,7 @@ open class KotlinUsesExtractor( } fun getJavaEquivalentClass(c: IrClass) = - getJavaEquivalentClassId(c)?.let { getClassByFqName(pluginContext, it.asSingleFqName()) }?.owner + getJavaEquivalentClassId(c)?.let { getClassByClassId(pluginContext, it) }?.owner /** * Gets a KotlinFileExtractor based on this one, except it attributes locations to the file that declares the given class. diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/CommentExtractorLighterAST.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/CommentExtractorLighterAST.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/CommentExtractorLighterAST.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/CommentExtractorLighterAST.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ExperimentalCompilerApi.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/ExperimentalCompilerApi.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ExperimentalCompilerApi.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/ExperimentalCompilerApi.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/FileEntry.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/FileEntry.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/FileEntry.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/FileEntry.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Functions.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Functions.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Functions.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Functions.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/IrSymbolInternals.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/IrSymbolInternals.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/IrSymbolInternals.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/IrSymbolInternals.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/IsUnderscoreParameter.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/IsUnderscoreParameter.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/IsUnderscoreParameter.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/IsUnderscoreParameter.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Kotlin2ComponentRegistrar.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Kotlin2ComponentRegistrar.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Kotlin2ComponentRegistrar.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Kotlin2ComponentRegistrar.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Psi2Ir.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Psi2Ir.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Psi2Ir.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ReferenceEntity.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/ReferenceEntity.kt similarity index 80% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ReferenceEntity.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/ReferenceEntity.kt index 755772d90c6..3aa4d048b9f 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ReferenceEntity.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/ReferenceEntity.kt @@ -2,6 +2,7 @@ package com.github.codeql.utils import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext import org.jetbrains.kotlin.ir.symbols.* +import org.jetbrains.kotlin.name.ClassId import org.jetbrains.kotlin.name.FqName import org.jetbrains.kotlin.name.Name @@ -9,6 +10,10 @@ fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSym return pluginContext.referenceClass(fqName) } +fun getClassByClassId(pluginContext: IrPluginContext, id: ClassId): IrClassSymbol? { + return getClassByFqName(pluginContext, id.asSingleFqName()) +} + fun getFunctionsByFqName(pluginContext: IrPluginContext, pkgName: FqName, name: Name): Collection { val fqName = pkgName.child(name) return pluginContext.referenceFunctions(fqName) diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/SyntheticBodyKind.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/SyntheticBodyKind.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/SyntheticBodyKind.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/SyntheticBodyKind.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Types.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Types.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/Types.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Types.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/UsesK2.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/UsesK2.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/UsesK2.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/UsesK2.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/allOverriddenIncludingSelf.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/allOverriddenIncludingSelf.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/allOverriddenIncludingSelf.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/allOverriddenIncludingSelf.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/annotationType.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/annotationType.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/annotationType.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/annotationType.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/copyTo.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/copyTo.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/copyTo.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/copyTo.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/createImplicitParameterDeclarationWithWrappedDescriptor.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/createImplicitParameterDeclarationWithWrappedDescriptor.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/getFileClassFqName.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/getFileClassFqName.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/getFileClassFqName.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/getFileClassFqName.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/getKotlinType.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/getKotlinType.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/getKotlinType.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/getKotlinType.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/packageFqName.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/packageFqName.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/packageFqName.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/packageFqName.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/withHasQuestionMark.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/withHasQuestionMark.kt similarity index 100% rename from java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/withHasQuestionMark.kt rename to java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/withHasQuestionMark.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt index 8d70b66cf27..d4e16e84679 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt @@ -10,6 +10,10 @@ import org.jetbrains.kotlin.name.Name fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? { val id = ClassId.topLevel(fqName) + return getClassByClassId(pluginContext, id) +} + +fun getClassByClassId(pluginContext: IrPluginContext, id: ClassId): IrClassSymbol? { return pluginContext.referenceClass(id) } diff --git a/java/ql/automodel/src/AutomodelApplicationModeExtractNegativeExamples.ql b/java/ql/automodel/src/AutomodelApplicationModeExtractNegativeExamples.ql index 1ce6e779d03..6097e2e22f9 100644 --- a/java/ql/automodel/src/AutomodelApplicationModeExtractNegativeExamples.ql +++ b/java/ql/automodel/src/AutomodelApplicationModeExtractNegativeExamples.ql @@ -63,7 +63,7 @@ where ) and message = characteristic select endpoint.asNode(), - message + "\nrelated locations: $@, $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@.", // + message + "\nrelated locations: $@, $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, CallContext()), "CallContext", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // diff --git a/java/ql/automodel/src/AutomodelApplicationModeExtractPositiveExamples.ql b/java/ql/automodel/src/AutomodelApplicationModeExtractPositiveExamples.ql index 7a152b44205..e933900aecc 100644 --- a/java/ql/automodel/src/AutomodelApplicationModeExtractPositiveExamples.ql +++ b/java/ql/automodel/src/AutomodelApplicationModeExtractPositiveExamples.ql @@ -24,7 +24,8 @@ where CharacteristicsImpl::isKnownAs(endpoint, endpointType, _) and exists(CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, CallContext())) select endpoint.asNode(), - endpointType + "\nrelated locations: $@, $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@.", // + endpointType + "\nrelated locations: $@, $@, $@." + + "\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, CallContext()), "CallContext", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md new file mode 100644 index 00000000000..89d062a2a24 --- /dev/null +++ b/java/ql/automodel/src/CHANGELOG.md @@ -0,0 +1,15 @@ +## 0.0.6 + +No user-facing changes. + +## 0.0.5 + +No user-facing changes. + +## 0.0.4 + +No user-facing changes. + +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.3.md b/java/ql/automodel/src/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..af7864fc7d5 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.3.md @@ -0,0 +1,3 @@ +## 0.0.3 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.4.md b/java/ql/automodel/src/change-notes/released/0.0.4.md new file mode 100644 index 00000000000..eefe286a4d8 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.4.md @@ -0,0 +1,3 @@ +## 0.0.4 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.5.md b/java/ql/automodel/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.6.md b/java/ql/automodel/src/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..ccbce856079 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml new file mode 100644 index 00000000000..cf398ce02aa --- /dev/null +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.6 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 1fe48a3541c..a157feb9ebe 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.4-dev +version: 0.0.7-dev groups: - java - automodel diff --git a/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractNegativeExamples.expected b/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractNegativeExamples.expected index 220839b9e36..092551af317 100644 --- a/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractNegativeExamples.expected +++ b/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractNegativeExamples.expected @@ -1,4 +1,4 @@ -| Test.java:47:10:49:3 | compareTo(...) | known sanitizer\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:47:10:49:3 | compareTo(...) | CallContext | Test.java:47:10:49:3 | compareTo(...) | MethodDoc | Test.java:47:10:49:3 | compareTo(...) | ClassDoc | file://java.io:1:1:1:1 | java.io | package | file://File:1:1:1:1 | File | type | file://true:1:1:1:1 | true | subtypes | file://compareTo:1:1:1:1 | compareTo | name | file://(File):1:1:1:1 | (File) | signature | file://:1:1:1:1 | | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://sourceModel:1:1:1:1 | sourceModel | extensibleType | -| Test.java:48:4:48:5 | f2 | known non-sink\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:47:10:49:3 | compareTo(...) | CallContext | Test.java:48:4:48:5 | f2 | MethodDoc | Test.java:48:4:48:5 | f2 | ClassDoc | file://java.io:1:1:1:1 | java.io | package | file://File:1:1:1:1 | File | type | file://true:1:1:1:1 | true | subtypes | file://compareTo:1:1:1:1 | compareTo | name | file://(File):1:1:1:1 | (File) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | -| Test.java:54:4:54:4 | p | taint step\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:53:3:58:3 | walk(...) | CallContext | Test.java:54:4:54:4 | p | MethodDoc | Test.java:54:4:54:4 | p | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://walk:1:1:1:1 | walk | name | file://(Path,FileVisitOption[]):1:1:1:1 | (Path,FileVisitOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | -| Test.java:66:7:66:18 | this | exception\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:66:7:66:18 | super(...) | CallContext | Test.java:66:7:66:18 | super(...) | MethodDoc | Test.java:66:7:66:18 | super(...) | ClassDoc | file://java.lang:1:1:1:1 | java.lang | package | file://Exception:1:1:1:1 | Exception | type | file://true:1:1:1:1 | true | subtypes | file://Exception:1:1:1:1 | Exception | name | file://():1:1:1:1 | () | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:47:10:49:3 | compareTo(...) | known sanitizer\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:47:10:49:3 | compareTo(...) | CallContext | Test.java:47:10:49:3 | compareTo(...) | MethodDoc | Test.java:47:10:49:3 | compareTo(...) | ClassDoc | file://java.io:1:1:1:1 | java.io | package | file://File:1:1:1:1 | File | type | file://true:1:1:1:1 | true | subtypes | file://compareTo:1:1:1:1 | compareTo | name | file://(File):1:1:1:1 | (File) | signature | file://:1:1:1:1 | | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://sourceModel:1:1:1:1 | sourceModel | extensibleType | +| Test.java:48:4:48:5 | f2 | known non-sink\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:47:10:49:3 | compareTo(...) | CallContext | Test.java:48:4:48:5 | f2 | MethodDoc | Test.java:48:4:48:5 | f2 | ClassDoc | file://java.io:1:1:1:1 | java.io | package | file://File:1:1:1:1 | File | type | file://true:1:1:1:1 | true | subtypes | file://compareTo:1:1:1:1 | compareTo | name | file://(File):1:1:1:1 | (File) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:54:4:54:4 | p | taint step\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:53:3:58:3 | walk(...) | CallContext | Test.java:54:4:54:4 | p | MethodDoc | Test.java:54:4:54:4 | p | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://walk:1:1:1:1 | walk | name | file://(Path,FileVisitOption[]):1:1:1:1 | (Path,FileVisitOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:66:7:66:18 | this | exception\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:66:7:66:18 | super(...) | CallContext | Test.java:66:7:66:18 | super(...) | MethodDoc | Test.java:66:7:66:18 | super(...) | ClassDoc | file://java.lang:1:1:1:1 | java.lang | package | file://Exception:1:1:1:1 | Exception | type | file://true:1:1:1:1 | true | subtypes | file://Exception:1:1:1:1 | Exception | name | file://():1:1:1:1 | () | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | diff --git a/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractPositiveExamples.expected b/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractPositiveExamples.expected index 088eb8ab665..3419e5c0c8d 100644 --- a/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractPositiveExamples.expected +++ b/java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractPositiveExamples.expected @@ -1,4 +1,4 @@ -| Test.java:28:4:28:9 | source | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:27:3:31:3 | copy(...) | CallContext | Test.java:28:4:28:9 | source | MethodDoc | Test.java:28:4:28:9 | source | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | -| Test.java:29:4:29:9 | target | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:27:3:31:3 | copy(...) | CallContext | Test.java:29:4:29:9 | target | MethodDoc | Test.java:29:4:29:9 | target | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[1]:1:1:1:1 | Argument[1] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | -| Test.java:36:4:36:11 | openPath | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:35:10:37:3 | newInputStream(...) | CallContext | Test.java:36:4:36:11 | openPath | MethodDoc | Test.java:36:4:36:11 | openPath | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://newInputStream:1:1:1:1 | newInputStream | name | file://(Path,OpenOption[]):1:1:1:1 | (Path,OpenOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | -| Test.java:62:3:62:20 | getInputStream(...) | remote\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:62:3:62:20 | getInputStream(...) | CallContext | Test.java:62:3:62:20 | getInputStream(...) | MethodDoc | Test.java:62:3:62:20 | getInputStream(...) | ClassDoc | file://java.net:1:1:1:1 | java.net | package | file://URLConnection:1:1:1:1 | URLConnection | type | file://true:1:1:1:1 | true | subtypes | file://getInputStream:1:1:1:1 | getInputStream | name | file://():1:1:1:1 | () | signature | file://:1:1:1:1 | | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://sourceModel:1:1:1:1 | sourceModel | extensibleType | +| Test.java:28:4:28:9 | source | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:27:3:31:3 | copy(...) | CallContext | Test.java:28:4:28:9 | source | MethodDoc | Test.java:28:4:28:9 | source | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:29:4:29:9 | target | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:27:3:31:3 | copy(...) | CallContext | Test.java:29:4:29:9 | target | MethodDoc | Test.java:29:4:29:9 | target | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[1]:1:1:1:1 | Argument[1] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:36:4:36:11 | openPath | path-injection\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:35:10:37:3 | newInputStream(...) | CallContext | Test.java:36:4:36:11 | openPath | MethodDoc | Test.java:36:4:36:11 | openPath | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://newInputStream:1:1:1:1 | newInputStream | name | file://(Path,OpenOption[]):1:1:1:1 | (Path,OpenOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://:1:1:1:1 | | output | file://false:1:1:1:1 | false | isVarargsArray | file://sinkModel:1:1:1:1 | sinkModel | extensibleType | +| Test.java:62:3:62:20 | getInputStream(...) | remote\nrelated locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:62:3:62:20 | getInputStream(...) | CallContext | Test.java:62:3:62:20 | getInputStream(...) | MethodDoc | Test.java:62:3:62:20 | getInputStream(...) | ClassDoc | file://java.net:1:1:1:1 | java.net | package | file://URLConnection:1:1:1:1 | URLConnection | type | file://true:1:1:1:1 | true | subtypes | file://getInputStream:1:1:1:1 | getInputStream | name | file://():1:1:1:1 | () | signature | file://:1:1:1:1 | | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://sourceModel:1:1:1:1 | sourceModel | extensibleType | diff --git a/java/ql/integration-tests/all-platforms/java/buildless-maven/diagnostics.expected b/java/ql/integration-tests/all-platforms/java/buildless-maven/diagnostics.expected new file mode 100644 index 00000000000..3aa56bc8d5c --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-maven/diagnostics.expected @@ -0,0 +1,56 @@ +{ + "markdownMessage": "Java buildless mode used build tool Maven to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java buildless mode used build tool Maven to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java buildless mode used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java buildless mode used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted in buildless mode. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted in buildless mode" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from Maven build files provided 2 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-maven", + "name": "Java buildless mode extracted precise dependency graph information from Maven" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/all-platforms/java/buildless-maven/test.py b/java/ql/integration-tests/all-platforms/java/buildless-maven/test.py index fc295ae5e35..9b787b196e0 100644 --- a/java/ql/integration-tests/all-platforms/java/buildless-maven/test.py +++ b/java/ql/integration-tests/all-platforms/java/buildless-maven/test.py @@ -1,5 +1,8 @@ import sys from create_database_utils import * +from diagnostics_test_utils import * run_codeql_database_create([], lang="java", extra_env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true"}) + +check_diagnostics() diff --git a/java/ql/integration-tests/all-platforms/java/buildless/diagnostics.expected b/java/ql/integration-tests/all-platforms/java/buildless/diagnostics.expected new file mode 100644 index 00000000000..2118edbe296 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless/diagnostics.expected @@ -0,0 +1,42 @@ +{ + "markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/no-build-tool-advice", + "name": "Java buildless mode found no usable build tool" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java buildless mode used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java buildless mode used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted in buildless mode. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted in buildless mode" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/all-platforms/java/buildless/test.py b/java/ql/integration-tests/all-platforms/java/buildless/test.py index eeee63c9913..747dd6a82ad 100644 --- a/java/ql/integration-tests/all-platforms/java/buildless/test.py +++ b/java/ql/integration-tests/all-platforms/java/buildless/test.py @@ -1,5 +1,8 @@ import sys from create_database_utils import * +from diagnostics_test_utils import * run_codeql_database_create([], lang="java", extra_env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true"}) + +check_diagnostics() diff --git a/java/ql/integration-tests/all-platforms/kotlin/trap_compression/test.py b/java/ql/integration-tests/all-platforms/kotlin/trap_compression/test.py index bb4889dfebe..26f9eb2121b 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/trap_compression/test.py +++ b/java/ql/integration-tests/all-platforms/kotlin/trap_compression/test.py @@ -1,6 +1,6 @@ from create_database_utils import * -def check_extension(directory, expected_extension): +def check_extensions(directory, counts): if platform.system() == 'Windows': # It's important that the path is a Unicode path on Windows, so # that the right system calls get used. @@ -8,48 +8,59 @@ def check_extension(directory, expected_extension): if not directory.startswith("\\\\?\\"): directory = "\\\\?\\" + os.path.abspath(directory) - if expected_extension == '.trap': - # We start TRAP files with a comment - expected_start = b'//' - elif expected_extension == '.trap.gz': - # The GZip magic numbers - expected_start = b'\x1f\x8b' - else: - raise Exception('Unknown expected extension ' + expected_extension) - count = check_extension_worker(directory, expected_extension, expected_start) - if count != 1: - raise Exception('Expected 1 relevant file, but found ' + str(count) + ' in ' + directory) + check_extensions_worker(counts, directory) + check_counts('non-compressed', counts.expected_none, counts.count_none) + check_counts('gzipped', counts.expected_gzip, counts.count_gzip) -def check_extension_worker(directory, expected_extension, expected_start): - count = 0 +def check_counts(name, expected, count): + if expected == -1: + if count < 10: + raise Exception('Expected lots of ' + name + ' files, but got ' + str(count)) + elif expected != count: + raise Exception('Expected ' + str(expected) + ' ' + name + ' files, but got ' + str(count)) + +class Counts: + def __init__(self, expected_none, expected_gzip): + self.expected_none = expected_none + self.expected_gzip = expected_gzip + self.count_none = 0 + self.count_gzip = 0 + +def check_extensions_worker(counts, directory): for f in os.listdir(directory): x = os.path.join(directory, f) if os.path.isdir(x): - count += check_extension_worker(x, expected_extension, expected_start) - else: - if f.startswith('test.kt') and not f.endswith('.set'): - if f.endswith(expected_extension): - with open(x, 'rb') as f_in: - content = f_in.read() - if content.startswith(expected_start): - count += 1 - else: - raise Exception('Unexpected start to content of ' + x) - else: - raise Exception('Expected test.kt TRAP file to have extension ' + expected_extension + ', but found ' + x) - return count + check_extensions_worker(counts, x) + elif f.endswith('.trap'): + counts.count_none += 1 + if not startsWith(x, b'//'): # We start TRAP files with a comment + raise Exception("TRAP file that doesn't start with a comment: " + f) + elif f.endswith('.trap.gz'): + counts.count_gzip += 1 + if not startsWith(x, b'\x1f\x8b'): # The GZip magic numbers + raise Exception("GZipped TRAP file that doesn't start with GZip magic numbers: " + f) +def startsWith(f, b): + with open(f, 'rb') as f_in: + content = f_in.read() + return content.startswith(b) + +# In the counts, we expect lots of files of the compression type chosen +# (so expected count is -1), but the diagnostic TRAP files will always +# be uncompressed (so count_none is always 1 or -1) and the +# sourceLocationPrefix TRAP file is always gzipped (so count_gzip is +# always 1 or -1). run_codeql_database_create(['kotlinc test.kt'], test_db="default-db", db=None, lang="java") -check_extension('default-db/trap', '.trap.gz') +check_extensions('default-db/trap', Counts(1, -1)) os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "nOnE" run_codeql_database_create(['kotlinc test.kt'], test_db="none-db", db=None, lang="java") -check_extension('none-db/trap', '.trap') +check_extensions('none-db/trap', Counts(-1, 1)) os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "gzip" run_codeql_database_create(['kotlinc test.kt'], test_db="gzip-db", db=None, lang="java") -check_extension('gzip-db/trap', '.trap.gz') +check_extensions('gzip-db/trap', Counts(1, -1)) os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "brotli" run_codeql_database_create(['kotlinc test.kt'], test_db="brotli-db", db=None, lang="java") -check_extension('brotli-db/trap', '.trap.gz') +check_extensions('brotli-db/trap', Counts(1, -1)) os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "invalidValue" run_codeql_database_create(['kotlinc test.kt'], test_db="invalid-db", db=None, lang="java") -check_extension('invalid-db/trap', '.trap.gz') +check_extensions('invalid-db/trap', Counts(1, -1)) diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 42a5c07e826..aad04cf36de 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,76 @@ +## 0.8.1 + +### New Features + +* Added predicate `MemberRefExpr::getReceiverExpr` + +### Minor Analysis Improvements + +* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAValue` predicate from the `Annotation` class. +* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. +* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. +* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. +* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. +* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. +* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. +* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. +* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes. + There are no changes to results unless you add source models using the `environment` or `file` source kinds. +* Added `environment` source models for the following methods: + * `java.lang.System#getenv` + * `java.lang.System#getProperties` + * `java.lang.System#getProperty` + * `java.util.Properties#get` + * `java.util.Properties#getProperty` +* Added `file` source models for the following methods: + * the `java.io.FileInputStream` constructor + * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded` + * `hudson.FilePath#openInputStream` + * `hudson.FilePath#read` + * `hudson.FilePath#readFromOffset` + * `hudson.FilePath#readToString` +* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes. + There are no changes to results unless you add source models using the `database` source kind. +* Added `database` source models for the following method: + * `java.sql.ResultSet#getString` + +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. + +## 0.7.5 + +No user-facing changes. + +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. +* The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. + ## 0.7.3 ### Major Analysis Improvements diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md b/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md deleted file mode 100644 index 8b34698758b..00000000000 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more dataflow models for JAX-RS. diff --git a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md b/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md deleted file mode 100644 index ca183d5d065..00000000000 --- a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new sanitizer to Java command injection model \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md b/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md deleted file mode 100644 index fbd0fef3b7f..00000000000 --- a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new dataflow models for the Apache CXF framework. diff --git a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md b/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md deleted file mode 100644 index 0a804f1866f..00000000000 --- a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed the MaD signature specifications to use proper nested type names. diff --git a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md b/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md deleted file mode 100644 index ee878bb11af..00000000000 --- a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.10 are now supported. diff --git a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md b/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md deleted file mode 100644 index 275c72fdf6b..00000000000 --- a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.20 are now supported. diff --git a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md b/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md deleted file mode 100644 index d13350726a8..00000000000 --- a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md b/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md deleted file mode 100644 index 38901500226..00000000000 --- a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. diff --git a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md b/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md deleted file mode 100644 index 5e99335aba7..00000000000 --- a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. -* Added support for default cases as proper guards in switch expressions to match switch statements. diff --git a/java/ql/lib/change-notes/2023-10-17-new-models.md b/java/ql/lib/change-notes/2023-10-17-new-models.md new file mode 100644 index 00000000000..2b1c5ae4247 --- /dev/null +++ b/java/ql/lib/change-notes/2023-10-17-new-models.md @@ -0,0 +1,8 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * com.alibaba.fastjson2 + * javax.management + * org.apache.http.client.utils diff --git a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md b/java/ql/lib/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md rename to java/ql/lib/change-notes/released/0.7.4.md index be19599c865..78491df85eb 100644 --- a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md +++ b/java/ql/lib/change-notes/released/0.7.4.md @@ -1,4 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.7.4 + +### New Features + +* Kotlin versions up to 1.9.10 are now supported. + +### Minor Analysis Improvements + +* Fixed the MaD signature specifications to use proper nested type names. +* Added new sanitizer to Java command injection model +* Added more dataflow models for JAX-RS. * The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results. diff --git a/java/ql/lib/change-notes/released/0.7.5.md b/java/ql/lib/change-notes/released/0.7.5.md new file mode 100644 index 00000000000..b2759d5bd80 --- /dev/null +++ b/java/ql/lib/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/java/ql/lib/change-notes/released/0.8.0.md b/java/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16f020fa7df --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,17 @@ +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/change-notes/released/0.8.1.md b/java/ql/lib/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..410b5384aed --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.1.md @@ -0,0 +1,37 @@ +## 0.8.1 + +### New Features + +* Added predicate `MemberRefExpr::getReceiverExpr` + +### Minor Analysis Improvements + +* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAValue` predicate from the `Annotation` class. +* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. +* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. +* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. +* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. +* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. +* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. +* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. +* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes. + There are no changes to results unless you add source models using the `environment` or `file` source kinds. +* Added `environment` source models for the following methods: + * `java.lang.System#getenv` + * `java.lang.System#getProperties` + * `java.lang.System#getProperty` + * `java.util.Properties#get` + * `java.util.Properties#getProperty` +* Added `file` source models for the following methods: + * the `java.io.FileInputStream` constructor + * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded` + * `hudson.FilePath#openInputStream` + * `hudson.FilePath#read` + * `hudson.FilePath#readFromOffset` + * `hudson.FilePath#readToString` +* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes. + There are no changes to results unless you add source models using the `database` source kind. +* Added `database` source models for the following method: + * `java.sql.ResultSet#getString` diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index a4ea9c8de17..2f693f95ba6 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.8.1 diff --git a/java/ql/lib/config/BUILD.bazel b/java/ql/lib/config/BUILD.bazel new file mode 100644 index 00000000000..ac27ed505d6 --- /dev/null +++ b/java/ql/lib/config/BUILD.bazel @@ -0,0 +1,15 @@ +load("@rules_pkg//:mappings.bzl", "pkg_files") + +package(default_visibility = ["//java:__pkg__"]) + +pkg_files( + name = "dbscheme", + srcs = ["semmlecode.dbscheme"], + prefix = "java", +) + +pkg_files( + name = "dbscheme-stats", + srcs = ["semmlecode.dbscheme.stats"], + prefix = "java", +) diff --git a/java/ql/lib/ext/com.alibaba.fastjson2.model.yml b/java/ql/lib/ext/com.alibaba.fastjson2.model.yml new file mode 100644 index 00000000000..f1eb6b7791e --- /dev/null +++ b/java/ql/lib/ext/com.alibaba.fastjson2.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["com.alibaba.fastjson2", "JSON", False, "parseArray", "(String,Class)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.model.yml b/java/ql/lib/ext/hudson.model.yml index f4fe4a1a835..4565894f020 100644 --- a/java/ql/lib/ext/hudson.model.yml +++ b/java/ql/lib/ext/hudson.model.yml @@ -36,6 +36,11 @@ extensions: pack: codeql/java-all extensible: sourceModel data: + - ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "", "", "ReturnValue", "file", "manual"] + - ["hudson", "FilePath", False, "openInputStream", "", "", "ReturnValue", "file", "manual"] + - ["hudson", "FilePath", False, "read", "", "", "ReturnValue", "file", "manual"] + - ["hudson", "FilePath", False, "readFromOffset", "", "", "ReturnValue", "file", "manual"] + - ["hudson", "FilePath", False, "readToString", "", "", "ReturnValue", "file", "manual"] - ["hudson", "Plugin", True, "configure", "", "", "Parameter", "remote", "manual"] - ["hudson", "Plugin", True, "newInstance", "", "", "Parameter", "remote", "manual"] - addsTo: diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index e4d543aa06d..1bd9251c29d 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -128,3 +128,8 @@ extensions: # sink neutrals - ["java.io", "File", "compareTo", "", "sink", "hq-manual"] - ["java.io", "File", "exists", "()", "sink", "hq-manual"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"] \ No newline at end of file diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index 7974a234f27..2cbea9c3121 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -40,6 +40,13 @@ extensions: - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Supplier,Throwable)", "", "Argument[1..2]", "log-injection", "manual"] - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["java.lang", "System", False, "getenv", "", "", "ReturnValue", "environment", "manual"] + - ["java.lang", "System", False, "getProperties", "", "", "ReturnValue", "environment", "manual"] + - ["java.lang", "System", False, "getProperty", "", "", "ReturnValue", "environment", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml index 58985c886b5..53142565d6c 100644 --- a/java/ql/lib/ext/java.sql.model.yml +++ b/java/ql/lib/ext/java.sql.model.yml @@ -45,3 +45,8 @@ extensions: - ["java.sql", "ResultSet", "getTimestamp", "(String)", "summary", "manual"] # taint-numeric - ["java.sql", "Timestamp", "Timestamp", "(long)", "summary", "manual"] # taint-numeric - ["java.sql", "Timestamp", "getTime", "()", "summary", "manual"] # taint-numeric + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["java.sql", "ResultSet", True, "getString", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file diff --git a/java/ql/lib/ext/java.util.model.yml b/java/ql/lib/ext/java.util.model.yml index 750b3adb640..5e1463930b7 100644 --- a/java/ql/lib/ext/java.util.model.yml +++ b/java/ql/lib/ext/java.util.model.yml @@ -1,4 +1,11 @@ extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["java.util", "Properties", True, "get", "", "", "ReturnValue", "environment", "manual"] + - ["java.util", "Properties", True, "getProperty", "", "", "ReturnValue", "environment", "manual"] + - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/javax.crypto.model.yml b/java/ql/lib/ext/javax.crypto.model.yml new file mode 100644 index 00000000000..d9bbc76bca4 --- /dev/null +++ b/java/ql/lib/ext/javax.crypto.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.crypto", "Cipher", True, "init", "(int,Key,AlgorithmParameterSpec)", "", "Argument[2]", "encryption-iv", "manual"] + - ["javax.crypto", "Cipher", True, "init", "(int,Key,AlgorithmParameterSpec,SecureRandom)", "", "Argument[2]", "encryption-iv", "manual"] \ No newline at end of file diff --git a/java/ql/lib/ext/javax.crypto.spec.model.yml b/java/ql/lib/ext/javax.crypto.spec.model.yml new file mode 100644 index 00000000000..92025290309 --- /dev/null +++ b/java/ql/lib/ext/javax.crypto.spec.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.crypto.spec", "IvParameterSpec", True, "IvParameterSpec", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["javax.crypto.spec", "GCMParameterSpec", True, "GCMParameterSpec", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["javax.crypto.spec", "RC2ParameterSpec", True, "RC2ParameterSpec", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["javax.crypto.spec", "RC5ParameterSpec", True, "RC5ParameterSpec", "", "", "Argument[3]", "Argument[this]", "taint", "manual"] \ No newline at end of file diff --git a/java/ql/lib/ext/javax.management.model.yml b/java/ql/lib/ext/javax.management.model.yml new file mode 100644 index 00000000000..f1877228cf1 --- /dev/null +++ b/java/ql/lib/ext/javax.management.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.management", "ObjectName", True, "ObjectName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.http.client.utils.model.yml b/java/ql/lib/ext/org.apache.http.client.utils.model.yml index 84eb805afac..f0c5f9eb8c3 100644 --- a/java/ql/lib/ext/org.apache.http.client.utils.model.yml +++ b/java/ql/lib/ext/org.apache.http.client.utils.model.yml @@ -10,6 +10,7 @@ extensions: - ["org.apache.http.client.utils", "URIBuilder", True, "setHost", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["org.apache.http.client.utils", "URIBuilder", True, "setPath", "(String)", "", "Argument[0]", "Argument[this].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "taint", "ai-manual"] - ["org.apache.http.client.utils", "URIBuilder", True, "setPathSegments", "(List)", "", "Argument[0]", "Argument[this].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "taint", "ai-manual"] + - ["org.apache.http.client.utils", "URIBuilder", True, "setPort", "(int)", "", "Argument[this]", "ReturnValue", "value", "ai-manual"] - ["org.apache.http.client.utils", "URLEncodedUtils", True, "parse", "(URI,String)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"] - ["org.apache.http.client.utils", "URIUtils", True, "createURI", "(String,String,int,String,String,String)", "", "Argument[1]", "ReturnValue", "taint", "hq-manual"] - ["org.apache.http.client.utils", "URIUtils", True, "extractHost", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "hq-manual"] diff --git a/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml index 2b85b258b57..1eb334b67e7 100644 --- a/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml +++ b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml @@ -6,11 +6,6 @@ extensions: data: # Default threat model - ["remote", "default"] - - ["uri-path", "default"] - - # Android threat models - - ["android-external-storage-dir", "android"] - - ["contentprovider", "android"] # Remote threat models - ["request", "remote"] @@ -18,6 +13,10 @@ extensions: # Local threat models - ["database", "local"] - - ["cli", "local"] + - ["commandargs", "local"] - ["environment", "local"] - ["file", "local"] + + # Android threat models + - ["android-external-storage-dir", "android"] + - ["contentprovider", "android"] diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e708ee160f2..98daf03df52 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.4-dev +version: 0.8.2-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/Annotation.qll b/java/ql/lib/semmle/code/java/Annotation.qll index fa010ec88c0..de7dd47a93e 100644 --- a/java/ql/lib/semmle/code/java/Annotation.qll +++ b/java/ql/lib/semmle/code/java/Annotation.qll @@ -46,20 +46,6 @@ class Annotation extends @annotation, Expr { result = this.getType().getAnnotationElement(name) } - /** - * DEPRECATED: Getting the value of _any_ annotation element is error-prone because - * it could lead to selecting the value of the wrong element by accident (for example - * when an annotation type is extended in the future). Prefer the predicate `getValue(string)` - * and explicitly specify the element name. Use `getValue(_)` if it is really desired to - * get the value of any element. - * - * Gets a value of an annotation element. This includes default values in case - * no explicit value is specified. For elements with an array value type this - * might have an `ArrayInit` as result. To properly handle array values, prefer - * the predicate `getAnArrayValue`. - */ - deprecated Expr getAValue() { filteredAnnotValue(this, _, result) } - /** * Gets the value of the annotation element with the specified `name`. * This includes default values in case no explicit value is specified. @@ -157,11 +143,6 @@ class Annotation extends @annotation, Expr { */ Expr getAnArrayValue(string name) { result = this.getArrayValue(name, _) } - /** - * DEPRECATED: Predicate has been renamed to `getAnArrayValue` - */ - deprecated Expr getAValue(string name) { result = this.getAnArrayValue(name) } - /** * Gets a value of the annotation element with the specified `name`, which must be declared as an enum * type array. This includes default values in case no explicit value is specified. diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 81c5dc64aea..d307e16cad2 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -609,9 +609,6 @@ class LongLiteral extends Literal, @longliteral { override string getAPrimaryQlClass() { result = "LongLiteral" } } -/** DEPRECATED: Alias for FloatLiteral */ -deprecated class FloatingPointLiteral = FloatLiteral; - /** * A float literal. For example, `4.2f`. * @@ -1199,15 +1196,15 @@ class ClassInstanceExpr extends Expr, ConstructorCall, @classinstancexpr { } /** - * Gets a type argument provided to the constructor of this class instance creation expression. + * Gets a type argument of the type of the created instance. * - * This is used for instantiations of parameterized classes. + * This is used for instantiations of parameterized classes. For example for + * `new ArrayList()` the result would be the expression representing `String`. */ Expr getATypeArgument() { result = this.getTypeName().(TypeAccess).getATypeArgument() } /** - * Gets the type argument provided to the constructor of this class instance creation expression - * at the specified (zero-based) position. + * Gets the type argument of the type of the created instance, at the specified (zero-based) position. */ Expr getTypeArgument(int index) { result = this.getTypeName().(TypeAccess).getTypeArgument(index) @@ -1333,6 +1330,40 @@ class MemberRefExpr extends FunctionalExpr, @memberref { */ override Method asMethod() { result = this.getAnonymousClass().getAMethod() } + private Expr getResultExpr() { + exists(Stmt stmt | + stmt = this.asMethod().getBody().(SingletonBlock).getStmt() and + ( + result = stmt.(ReturnStmt).getResult() + or + // Note: Currently never an ExprStmt, but might change once https://github.com/github/codeql/issues/3605 is fixed + result = stmt.(ExprStmt).getExpr() + ) + ) + } + + /** + * Gets the expression whose member this member reference refers to, that is, the left + * side of the `::`. For example, for the member reference `this::toString` the receiver + * expression is the `this` expression. + * + * This predicate might not have a result in all cases where the receiver expression is + * a type access, for example `MyClass::...`. + */ + Expr getReceiverExpr() { + exists(Expr resultExpr | resultExpr = this.getResultExpr() | + result = resultExpr.(Call).getQualifier() and + // Ignore if the qualifier is a parameter of the method of the synthetic anonymous class + // (this is the case for method refs of instance methods which don't capture the instance, e.g. `Object::toString`) + // Could try to use TypeAccess as result here from child of MemberRefExpr, but that complexity might not be worth it + not this.asMethod().getAParameter().getAnAccess() = result + or + result = resultExpr.(ClassInstanceExpr).getTypeName() + // Don't cover array creation because ArrayCreationExpr currently does not have a predicate + // to easily get ArrayTypeAccess which should probably be the result here + ) + } + /** * Gets the receiver type whose member this expression refers to. The result might not be * the type which actually declares the member. For example, for the member reference `ArrayList::toString`, @@ -1340,15 +1371,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref { * `getReferencedCallable` will have `java.util.AbstractCollection.toString` as result, which `ArrayList` inherits. */ RefType getReceiverType() { - exists(Stmt stmt, Expr resultExpr | - stmt = this.asMethod().getBody().(SingletonBlock).getStmt() and - ( - resultExpr = stmt.(ReturnStmt).getResult() - or - // Note: Currently never an ExprStmt, but might change once https://github.com/github/codeql/issues/3605 is fixed - resultExpr = stmt.(ExprStmt).getExpr() - ) - | + exists(Expr resultExpr | resultExpr = this.getResultExpr() | result = resultExpr.(MethodAccess).getReceiverType() or result = resultExpr.(ClassInstanceExpr).getConstructedType() or result = resultExpr.(ArrayCreationExpr).getType() diff --git a/java/ql/lib/semmle/code/java/GeneratedFiles.qll b/java/ql/lib/semmle/code/java/GeneratedFiles.qll index f361085b1f7..31a229f507f 100644 --- a/java/ql/lib/semmle/code/java/GeneratedFiles.qll +++ b/java/ql/lib/semmle/code/java/GeneratedFiles.qll @@ -44,7 +44,7 @@ abstract class GeneratedFile extends File { } /** * A file detected as generated based on commonly-used marker comments. */ -library class MarkerCommentGeneratedFile extends GeneratedFile { +class MarkerCommentGeneratedFile extends GeneratedFile { MarkerCommentGeneratedFile() { any(GeneratedFileMarker t).getFile() = this } } diff --git a/java/ql/lib/semmle/code/java/JDKAnnotations.qll b/java/ql/lib/semmle/code/java/JDKAnnotations.qll index 502aef09075..5f3e7068855 100644 --- a/java/ql/lib/semmle/code/java/JDKAnnotations.qll +++ b/java/ql/lib/semmle/code/java/JDKAnnotations.qll @@ -18,14 +18,6 @@ class OverrideAnnotation extends Annotation { class SuppressWarningsAnnotation extends Annotation { SuppressWarningsAnnotation() { this.getType().hasQualifiedName("java.lang", "SuppressWarnings") } - /** - * DEPRECATED: This predicate restricts the results to `StringLiteral`; prefer `getASuppressedWarning()` - * to get the name of a suppressed warning. - * - * Gets the `StringLiteral` of a warning suppressed by this annotation. - */ - deprecated StringLiteral getASuppressedWarningLiteral() { result = this.getAnArrayValue("value") } - /** Gets the name of a warning suppressed by this annotation. */ string getASuppressedWarning() { result = this.getAStringArrayValue("value") } } @@ -34,17 +26,6 @@ class SuppressWarningsAnnotation extends Annotation { class TargetAnnotation extends Annotation { TargetAnnotation() { this.getType().hasQualifiedName("java.lang.annotation", "Target") } - /** - * DEPRECATED: Getting the field access expression is rarely useful. Use `getATargetElementType()` - * to get the name of the target element. - * - * Gets a target expression within this annotation. - * - * For example, the field access `ElementType.FIELD` is a target expression in - * `@Target({ElementType.FIELD, ElementType.METHOD})`. - */ - deprecated Expr getATargetExpression() { result = this.getAnArrayValue("value") } - /** * Gets the name of a target element type. * @@ -58,17 +39,6 @@ class TargetAnnotation extends Annotation { class RetentionAnnotation extends Annotation { RetentionAnnotation() { this.getType().hasQualifiedName("java.lang.annotation", "Retention") } - /** - * DEPRECATED: Getting the field access expression is rarely useful. Use `getRetentionPolicy()` - * to get the name of the retention policy. - * - * Gets the retention policy expression within this annotation. - * - * For example, the field access `RetentionPolicy.RUNTIME` is the - * retention policy expression in `@Retention(RetentionPolicy.RUNTIME)`. - */ - deprecated Expr getRetentionPolicyExpression() { result = this.getValue("value") } - /** * Gets the name of the retention policy of this annotation. * @@ -116,7 +86,7 @@ class ReflectiveAccessAnnotation extends Annotation { */ abstract class NonReflectiveAnnotation extends Annotation { } -library class StandardNonReflectiveAnnotation extends NonReflectiveAnnotation { +class StandardNonReflectiveAnnotation extends NonReflectiveAnnotation { StandardNonReflectiveAnnotation() { this.getType() .hasQualifiedName("java.lang", ["Override", "Deprecated", "SuppressWarnings", "SafeVarargs"]) diff --git a/java/ql/lib/semmle/code/java/Serializability.qll b/java/ql/lib/semmle/code/java/Serializability.qll index f665f663c7e..479d1d8cdb0 100644 --- a/java/ql/lib/semmle/code/java/Serializability.qll +++ b/java/ql/lib/semmle/code/java/Serializability.qll @@ -24,7 +24,7 @@ abstract class DeserializableField extends Field { } * A non-`transient` field in a type that (directly or indirectly) implements the `Serializable` interface * and may be read or written via serialization. */ -library class StandardSerializableField extends SerializableField, DeserializableField { +class StandardSerializableField extends SerializableField, DeserializableField { StandardSerializableField() { this.getDeclaringType().getAnAncestor() instanceof TypeSerializable and not this.isTransient() diff --git a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll index 3563176f4b0..180d99e7e71 100644 --- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll +++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll @@ -96,15 +96,6 @@ private predicate condtionCheckMethodTestingFramework(Method m, int argument, bo ) } -/** - * DEPRECATED: Use `conditionCheckArgument` instead. - * Holds if `ma` is an access to a non-overridable method that checks that its - * first argument is equal to `checkTrue` and throws otherwise. - */ -deprecated predicate conditionCheck(MethodAccess ma, boolean checkTrue) { - conditionCheckArgument(ma, 0, checkTrue) -} - /** * Holds if `ma` is an access to a non-overridable method that checks that its * zero-indexed `argument` is equal to `checkTrue` and throws otherwise. diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll index a3bd7d158c2..0331da2477f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll @@ -26,6 +26,6 @@ private string getChildThreatModel(string group) { threatModelGrouping(result, g * Holds if the source model kind `kind` is relevant for generic queries * under the current threat model configuration. */ -predicate sourceModelKindConfig(string kind) { +predicate currentThreatModel(string kind) { exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group)) } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 26f29076efc..d135db16831 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -29,11 +29,42 @@ import semmle.code.java.frameworks.struts.StrutsActions import semmle.code.java.frameworks.Thrift import semmle.code.java.frameworks.javaee.jsf.JSFRenderer private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.ExternalFlowConfiguration + +/** + * A data flow source. + */ +abstract class SourceNode extends DataFlow::Node { + /** + * Gets a string that represents the source kind with respect to threat modeling. + */ + abstract string getThreatModel(); +} + +/** + * A class of data flow sources that respects the + * current threat model configuration. + */ +class ThreatModelFlowSource extends DataFlow::Node { + ThreatModelFlowSource() { + // Expansive threat model. + currentThreatModel("all") and + (this instanceof SourceNode or sourceNode(this, _)) + or + exists(string kind | + // Specific threat model. + currentThreatModel(kind) and + (this.(SourceNode).getThreatModel() = kind or sourceNode(this, kind)) + ) + } +} /** A data flow source of remote user input. */ -abstract class RemoteFlowSource extends DataFlow::Node { +abstract class RemoteFlowSource extends SourceNode { /** Gets a string that describes the type of this remote flow source. */ abstract string getSourceType(); + + override string getThreatModel() { result = "remote" } } /** @@ -175,14 +206,44 @@ abstract class UserInput extends DataFlow::Node { } private class RemoteUserInput extends UserInput instanceof RemoteFlowSource { } /** A node with input that may be controlled by a local user. */ -abstract class LocalUserInput extends UserInput { } +abstract class LocalUserInput extends UserInput, SourceNode { + override string getThreatModel() { result = "local" } +} /** + * DEPRECATED: Use the threat models feature. + * That is, use `ThreatModelFlowSource` as the class of nodes for sources + * and set up the threat model configuration to filter source nodes. + * Alternatively, use `getThreatModel` to filter nodes to create the + * class of nodes you need. + * * A node with input from the local environment, such as files, standard in, * environment variables, and main method parameters. */ -class EnvInput extends LocalUserInput { +deprecated class EnvInput extends DataFlow::Node { EnvInput() { + this instanceof EnvironmentInput or + this instanceof CliInput or + this instanceof FileInput + } +} + +/** + * A node with input from the local environment, such as + * environment variables. + */ +private class EnvironmentInput extends LocalUserInput { + EnvironmentInput() { sourceNode(this, "environment") } + + override string getThreatModel() { result = "environment" } +} + +/** + * A node with input from the command line, such as standard in + * and main method parameters. + */ +private class CliInput extends LocalUserInput { + CliInput() { // Parameters to a main method. exists(MainMethod main | this.asParameter() = main.getParameter(0)) or @@ -191,23 +252,43 @@ class EnvInput extends LocalUserInput { f.getAnAnnotation().getType().getQualifiedName() = "org.kohsuke.args4j.Argument" ) or - // Results from various specific methods. - this.asExpr().(MethodAccess).getMethod() instanceof EnvReadMethod - or // Access to `System.in`. exists(Field f | this.asExpr() = f.getAnAccess() | f instanceof SystemIn) - or - // Access to files. - this.asExpr() - .(ConstructorCall) - .getConstructedType() - .hasQualifiedName("java.io", "FileInputStream") } + + override string getThreatModel() { result = "commandargs" } } -/** A node with input from a database. */ -class DatabaseInput extends LocalUserInput { - DatabaseInput() { this.asExpr().(MethodAccess).getMethod() instanceof ResultSetGetStringMethod } +/** + * A node with input from the local environment, such as files. + */ +private class FileInput extends LocalUserInput { + FileInput() { + // Access to files. + sourceNode(this, "file") + } + + override string getThreatModel() { result = "file" } +} + +/** + * DEPRECATED: Use the threat models feature. + * That is, use `ThreatModelFlowSource` as the class of nodes for sources + * and set up the threat model configuration to filter source nodes. + * Alternatively, use `getThreatModel` to filter nodes to create the + * class of nodes you need. + * + * A node with input from a database. + */ +deprecated class DatabaseInput = DbInput; + +/** + * A node with input from a database. + */ +private class DbInput extends LocalUserInput { + DbInput() { sourceNode(this, "database") } + + override string getThreatModel() { result = "database" } } /** A method that reads from the environment, such as `System.getProperty` or `System.getenv`. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index 4f48b066055..1e8a3bbcb88 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -387,29 +387,3 @@ module BarrierGuard { ) } } - -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends Guard { - /** Holds if this guard validates `e` upon evaluating to `branch`. */ - abstract predicate checks(Expr e, boolean branch); - - /** Gets a node guarded by this guard. */ - final Node getAGuardedNode() { - exists(SsaVariable v, boolean branch, RValue use | - this.checks(v.getAUse(), branch) and - use = v.getAUse() and - this.controls(use.getBasicBlock(), branch) and - result.asExpr() = use - ) - } -} diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 5d609087c93..d08cb8df57e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -618,7 +618,7 @@ private MethodAccess callReturningSameType(Expr ref) { } private SrcRefType entrypointType() { - exists(RemoteFlowSource s, RefType t | + exists(ThreatModelFlowSource s, RefType t | s instanceof DataFlow::ExplicitParameterNode and t = pragma[only_bind_out](s).getType() and not t instanceof TypeObject and @@ -629,6 +629,10 @@ private SrcRefType entrypointType() { } private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) { - src = DataFlow::getFieldQualifier(sink.asExpr().(FieldRead)) and + exists(FieldRead fa | + fa = sink.asExpr() and + src = DataFlow::getFieldQualifier(fa) and + not fa.getField().isStatic() + ) and src.getType().(RefType).getSourceDeclaration() = entrypointType() } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll index d20ae81b00b..70991104656 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll @@ -140,7 +140,7 @@ class NamespaceClass extends RefType { * This represents the set of classes and interfaces for which we will determine liveness. Each * `SourceClassOrInterfacce` will either be a `LiveClass` or `DeadClass`. */ -library class SourceClassOrInterface extends ClassOrInterface { +class SourceClassOrInterface extends ClassOrInterface { SourceClassOrInterface() { this.fromSource() } } diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index 32690d73626..e5bbb7e9ee3 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -9,7 +9,7 @@ import semmle.code.java.frameworks.jackson.JacksonSerializability * * This defines the set of fields for which we will determine liveness. */ -library class SourceField extends Field { +class SourceField extends Field { SourceField() { this.fromSource() } } diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index 5c037258309..8ee23098eef 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -94,7 +94,7 @@ abstract class ReflectivelyConstructedClass extends EntryPoint, Class { /** * Classes that are deserialized by Jackson are reflectively constructed. */ -library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType +class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType { override Callable getALiveCallable() { // Constructors may be called by Jackson, if they are a no-arg, they have a suitable annotation, diff --git a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll index c9c9aee71b5..62d1004aa4e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll @@ -2,7 +2,7 @@ import semmle.code.java.Type -library class JaxbElement extends Class { +class JaxbElement extends Class { JaxbElement() { this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or this.getAnAnnotation().getType().getName() = "XmlRootElement" @@ -12,7 +12,7 @@ library class JaxbElement extends Class { /** DEPRECATED: Alias for JaxbElement */ deprecated class JAXBElement = JaxbElement; -library class JaxbMarshalMethod extends Method { +class JaxbMarshalMethod extends Method { JaxbMarshalMethod() { this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and this.getName() = "marshal" @@ -151,7 +151,7 @@ class JaxbBoundField extends Field { /** * A getter or setter method, as defined by whether the method name starts with "set" or "get". */ -library class GetterOrSetterMethod extends Method { +class GetterOrSetterMethod extends Method { GetterOrSetterMethod() { this.getName().matches("get%") or this.getName().matches("set%") } Field getField() { diff --git a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll index 9622d7e50ba..47074f9547b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll @@ -301,7 +301,7 @@ private int mockableParameterCount(Constructor constructor) { /** * A class which is referenced by an `@InjectMocks` field. */ -library class MockitoMockInjectedClass extends Class { +class MockitoMockInjectedClass extends Class { MockitoMockInjectedClass() { // There must be an `@InjectMock` field that has `this` as the type. exists(MockitoInjectedField injectedField | this = injectedField.getType()) diff --git a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaAnnotations.qll b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaAnnotations.qll index 2313d05c11d..1d42bd4c94b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaAnnotations.qll +++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaAnnotations.qll @@ -19,7 +19,7 @@ import java import semmle.code.java.Reflection import semmle.code.java.frameworks.spring.Spring -library class CamelAnnotation extends Annotation { +class CamelAnnotation extends Annotation { CamelAnnotation() { this.getType().getPackage().hasName("org.apache.camel") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll index 6b3f2c7ae6d..ab72d80d2e5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll +++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll @@ -21,7 +21,7 @@ import semmle.code.java.frameworks.spring.Spring /** * A method call to a ProcessorDefinition element. */ -library class ProcessorDefinitionElement extends MethodAccess { +class ProcessorDefinitionElement extends MethodAccess { ProcessorDefinitionElement() { this.getMethod() .getDeclaringType() diff --git a/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll b/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll index c283c23a046..c2a7272a9f5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll @@ -13,19 +13,6 @@ class HudsonWebMethod extends Method { } } -private class FilePathRead extends LocalUserInput { - FilePathRead() { - this.asExpr() - .(MethodAccess) - .getMethod() - .hasQualifiedName("hudson", "FilePath", - [ - "newInputStreamDenyingSymlinkAsNeeded", "openInputStream", "read", "readFromOffset", - "readToString" - ]) - } -} - private class HudsonUtilXssSanitizer extends XssSanitizer { HudsonUtilXssSanitizer() { this.asExpr() diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll index 0d68044a956..b4ae1b1c19c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll @@ -7,7 +7,7 @@ import semmle.code.java.frameworks.javaee.jsf.JSFFacesContextXML /** * A method that is visible to faces, if the instance type is visible to faces. */ -library class FacesVisibleMethod extends Method { +class FacesVisibleMethod extends Method { FacesVisibleMethod() { this.isPublic() and not this.isStatic() } } diff --git a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll index b3adfa8d80e..17ff3537194 100644 --- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll @@ -6,7 +6,7 @@ import semmle.code.xml.MavenPom /** * A Maven dependency on the Struts 2 convention plugin. */ -library class Struts2ConventionDependency extends Dependency { +class Struts2ConventionDependency extends Dependency { Struts2ConventionDependency() { this.getGroup().getValue() = "org.apache.struts" and this.getArtifact().getValue() = "struts2-convention-plugin" diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll index 87fd5003afb..ed47b6df8c9 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll @@ -30,7 +30,7 @@ deprecated class IntentRedirectionConfiguration extends TaintTracking::Configura /** A taint tracking configuration for tainted Intents being used to start Android components. */ module IntentRedirectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink } @@ -57,7 +57,7 @@ private class OriginalIntentSanitizer extends IntentRedirectionSanitizer { * flowing directly to sinks that start Android components. */ private module SameIntentBeingRelaunchedConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink } @@ -93,7 +93,7 @@ private class IntentWithTaintedComponent extends DataFlow::Node { * A taint tracking configuration for tainted data flowing to an `Intent`'s component. */ private module TaintedIntentComponentConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { any(IntentSetComponent setComponent).getSink() = sink.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll index 09a74b2e536..d91910b546c 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll @@ -74,7 +74,7 @@ class ExternalApkSource extends DataFlow::Node { sourceNode(this, "android-external-storage-dir") or this.asExpr().(MethodAccess).getMethod() instanceof UriConstructorMethod or this.asExpr().(StringLiteral).getValue().matches("file://%") or - this instanceof RemoteFlowSource + this instanceof ThreatModelFlowSource } } diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll index c33414f59be..979f4b23466 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll @@ -13,6 +13,8 @@ module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) } predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } /** @@ -30,6 +32,8 @@ module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) } predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } /** diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll index f2be743e11b..5003ceb8a3a 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll @@ -6,7 +6,7 @@ private import semmle.code.java.security.ArithmeticCommon /** A taint-tracking configuration to reason about overflow from unvalidated user input. */ module RemoteUserInputOverflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) } @@ -17,7 +17,7 @@ module RemoteUserInputOverflowConfig implements DataFlow::ConfigSig { /** A taint-tracking configuration to reason about underflow from unvalidated user input. */ module RemoteUserInputUnderflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) } diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll index 30772d9fdf1..cc0ed2a8810 100644 --- a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll @@ -52,7 +52,7 @@ private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer * A taint-tracking configuration for unvalidated user input that is used to run an external process. */ module RemoteUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll index a45afda4105..705e9527944 100644 --- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll @@ -57,7 +57,7 @@ deprecated class ConditionalBypassFlowConfig extends TaintTracking::Configuratio * A taint tracking configuration for untrusted data flowing to sensitive conditions. */ module ConditionalBypassFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) } diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index beef024eb15..f0127176cd9 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -106,10 +106,10 @@ deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configu } /** - * Taint tracking configuration for flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. + * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll index 34c23682221..4d07e8bddd0 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll @@ -11,6 +11,10 @@ module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSi predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(StringFormat formatCall).getFormatArgument() } + + predicate isBarrier(DataFlow::Node node) { + node.getType() instanceof NumericType or node.getType() instanceof BooleanType + } } /** diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll index 25d4e2b4fa5..a71ebc964f6 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll @@ -8,7 +8,7 @@ private import semmle.code.java.StringFormat * A taint-tracking configuration for externally controlled format string vulnerabilities. */ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(StringFormat formatCall).getFormatArgument() diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index 6164a6663a0..97ad1d7a564 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -28,7 +28,7 @@ deprecated class FragmentInjectionTaintConf extends TaintTracking::Configuration * that is used to create Android fragments dynamically. */ module FragmentInjectionTaintConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof FragmentInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll index 1d3c55398a5..aecd634b541 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll @@ -28,7 +28,7 @@ deprecated class GroovyInjectionConfig extends TaintTracking::Configuration { * that is used to evaluate a Groovy expression. */ module GroovyInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll index 23e7443fc43..8bef1ec3650 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll @@ -5,10 +5,11 @@ private import semmle.code.java.security.internal.ArraySizing private import semmle.code.java.dataflow.FlowSources /** - * A taint-tracking configuration to reason about improper validation of user-provided size used for array construction. + * A taint-tracking configuration to reason about improper validation of + * user-provided size used for array construction. */ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _) @@ -16,7 +17,8 @@ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSi } /** - * Taint-tracking flow for improper validation of user-provided size used for array construction. + * Taint-tracking flow for improper validation of user-provided size used + * for array construction. */ module ImproperValidationOfArrayConstructionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll index 6b078bc2830..d21de6c7fdf 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll @@ -13,6 +13,10 @@ module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig predicate isSink(DataFlow::Node sink) { any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr()) } + + predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } /** diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll index fd93b73b7c3..440600b8a7c 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll @@ -5,10 +5,11 @@ private import semmle.code.java.security.internal.ArraySizing private import semmle.code.java.dataflow.FlowSources /** - * A taint-tracking configuration to reason about improper validation of user-provided array index. + * A taint-tracking configuration to reason about improper validation + * of user-provided array index. */ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr()) diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index 3d7c7f2fa94..4e2b85d56c2 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -46,7 +46,7 @@ class SetMessageInterpolatorCall extends MethodAccess { * to the argument of a method that builds constraint error messages. */ module BeanValidationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink } } diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll index 4842d36e86a..fc897dcc97d 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll @@ -23,16 +23,6 @@ abstract class IntentUriPermissionManipulationSink extends DataFlow::Node { } */ abstract class IntentUriPermissionManipulationSanitizer extends DataFlow::Node { } -/** - * DEPRECATED: Use `IntentUriPermissionManipulationSanitizer` instead. - * - * A guard that makes sure that an Intent is safe to be returned to another Activity. - * - * Usually, this is done by checking that the Intent's data URI and/or its flags contain - * expected values. - */ -abstract deprecated class IntentUriPermissionManipulationGuard extends DataFlow::BarrierGuard { } - /** * An additional taint step for flows related to Intent URI permission manipulation * vulnerabilities. diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index f563b4bf093..b9fc3f42eb7 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -26,10 +26,6 @@ deprecated class IntentUriPermissionManipulationConf extends TaintTracking::Conf barrier instanceof IntentUriPermissionManipulationSanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof IntentUriPermissionManipulationGuard - } - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2) } @@ -39,7 +35,7 @@ deprecated class IntentUriPermissionManipulationConf extends TaintTracking::Conf * A taint tracking configuration for user-provided Intents being returned to third party apps. */ module IntentUriPermissionManipulationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentUriPermissionManipulationSink } diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index dd877720495..8f08eee44a4 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -63,7 +63,7 @@ deprecated class JexlInjectionConfig extends TaintTracking::Configuration { * It supports both JEXL 2 and 3. */ module JexlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index d189c119080..cf1520b3dd5 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -33,7 +33,7 @@ deprecated class JndiInjectionFlowConfig extends TaintTracking::Configuration { * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup. */ module JndiInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll index c0f52cdf659..5c055c00516 100644 --- a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll @@ -8,7 +8,7 @@ import semmle.code.java.security.LdapInjection * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries. */ module LdapInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll index 5b57847d286..f66ae7f5808 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll @@ -27,7 +27,7 @@ deprecated class LogInjectionConfiguration extends TaintTracking::Configuration * A taint-tracking configuration for tracking untrusted user input used in log entries. */ module LogInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof LogInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll index a87d7554dd7..c2697861d7c 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll @@ -32,7 +32,7 @@ deprecated class MvelInjectionFlowConfig extends TaintTracking::Configuration { * that is used to construct and evaluate a MVEL expression. */ module MvelInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof MvelEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll index d3098a18a11..d59e8abb5c5 100644 --- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll @@ -85,7 +85,7 @@ private predicate smallExpr(Expr e) { * numeric cast. */ module NumericCastFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() and @@ -117,7 +117,8 @@ module NumericCastLocalFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() + sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() and + sink.asExpr() instanceof VarAccess } predicate isBarrier(DataFlow::Node node) { @@ -125,8 +126,11 @@ module NumericCastLocalFlowConfig implements DataFlow::ConfigSig { castCheck(node.asExpr()) or node.getType() instanceof SmallType or smallExpr(node.asExpr()) or - node.getEnclosingCallable() instanceof HashCodeMethod + node.getEnclosingCallable() instanceof HashCodeMethod or + exists(RightShiftOp e | e.getShiftedVariable().getAnAccess() = node.asExpr()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } /** diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll index d0dfdda94a4..19995e2a25b 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll @@ -29,7 +29,7 @@ deprecated class OgnlInjectionFlowConfig extends TaintTracking::Configuration { * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. */ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll index 1fd25df25aa..b00a8388550 100644 --- a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll @@ -29,7 +29,7 @@ deprecated class PartialPathTraversalFromRemoteConfig extends TaintTracking::Con * and remains vulnerable to Partial Path Traversal. */ module PartialPathTraversalFromRemoteConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node node) { any(PartialPathTraversalMethodAccess ma).getQualifier() = node.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index 6a79193c4fd..bfaac0d9919 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -37,7 +37,7 @@ deprecated class RequestForgeryConfiguration extends TaintTracking::Configuratio */ module RequestForgeryConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource and + source instanceof ThreatModelFlowSource and // Exclude results of remote HTTP requests: fetching something else based on that result // is no worse than following a redirect returned by the remote server, and typically // we're requesting a resource via https which we trust to only send us to safe URLs. diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll index 01743bd3c61..a39c213502a 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll @@ -13,8 +13,21 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink } predicate isBarrier(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or + node.getType() instanceof PrimitiveType + or node.getType() instanceof BoxedType + or + exists(MethodAccess ma, string methodName, CompileTimeConstantExpr target | + node.asExpr() = ma and + ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and + target = ma.getArgument(0) and + ( + methodName = "replace" and target.getIntValue() = [10, 13] // 10 == "\n", 13 == "\r" + or + methodName = "replaceAll" and + target.getStringValue().regexpMatch(".*([\n\r]|\\[\\^[^\\]\r\n]*\\]).*") + ) + ) } } diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll index 5ac4953422a..5cc7422e787 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.ResponseSplitting */ module ResponseSplittingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource and + source instanceof ThreatModelFlowSource and not source instanceof SafeHeaderSplittingSource } diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll index ca3b385239b..0f3526bfd7f 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll @@ -18,7 +18,7 @@ private class ResultReceiverSendCall extends MethodAccess { } private module UntrustedResultReceiverConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node node) { node.asExpr() = any(ResultReceiverSendCall c).getReceiver() diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index e54515f4827..b1a17e0fdd6 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -29,7 +29,7 @@ deprecated class SpelInjectionConfig extends TaintTracking::Configuration { * that is used to construct and evaluate a SpEL expression. */ module SpelInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof SpelExpressionEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll b/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll new file mode 100644 index 00000000000..bc25f167327 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll @@ -0,0 +1,20 @@ +/** Provides predicates to reason about disabling CSRF protection in Spring. */ + +import java + +/** Holds if `call` disables CSRF protection in Spring. */ +predicate disablesSpringCsrfProtection(MethodAccess call) { + call.getMethod().hasName("disable") and + call.getReceiverType() + .hasQualifiedName("org.springframework.security.config.annotation.web.configurers", + "CsrfConfigurer") + or + call.getMethod() + .hasQualifiedName("org.springframework.security.config.annotation.web.builders", + "HttpSecurity", "csrf") and + call.getArgument(0) + .(MemberRefExpr) + .getReferencedCallable() + .hasQualifiedName("org.springframework.security.config.annotation.web.configurers", + "AbstractHttpConfigurer", "disable") +} diff --git a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll index 18f3c01571e..091240763ec 100644 --- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll @@ -37,7 +37,7 @@ deprecated class QueryInjectionFlowConfig extends TaintTracking::Configuration { * A taint-tracking configuration for unvalidated user input that is used in SQL queries. */ module QueryInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll index f926901a8b9..eeab7f7f6cd 100644 --- a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll @@ -17,7 +17,9 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } predicate isBarrier(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType + node.getType() instanceof PrimitiveType or + node.getType() instanceof BoxedType or + node.getType() instanceof NumberType } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll index 38d426adc5a..673cfc5d7b1 100644 --- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll @@ -2,7 +2,7 @@ import java import semmle.code.java.dataflow.TaintTracking -import semmle.code.java.dataflow.DataFlow2 +private import semmle.code.java.dataflow.ExternalFlow /** * Holds if `array` is initialized only with constants. @@ -99,7 +99,7 @@ private module ArrayUpdateFlow = DataFlow::Global; private class StaticInitializationVectorSource extends DataFlow::Node { StaticInitializationVectorSource() { exists(StaticByteArrayCreation array | array = this.asExpr() | - not ArrayUpdateFlow::flow(DataFlow2::exprNode(array), _) and + not ArrayUpdateFlow::flow(DataFlow::exprNode(array), _) and // Reduce FPs from utility methods that return an empty array in an exceptional case not exists(ReturnStmt ret | array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and @@ -113,34 +113,7 @@ private class StaticInitializationVectorSource extends DataFlow::Node { * A sink that initializes a cipher with unsafe parameters. */ private class EncryptionInitializationSink extends DataFlow::Node { - EncryptionInitializationSink() { - exists(MethodAccess ma, Method m | m = ma.getMethod() | - m.hasQualifiedName("javax.crypto", "Cipher", "init") and - m.getParameterType(2) - .(RefType) - .hasQualifiedName("java.security.spec", "AlgorithmParameterSpec") and - ma.getArgument(2) = this.asExpr() - ) - } -} - -/** - * Holds if `fromNode` to `toNode` is a dataflow step - * that creates cipher's parameters with initialization vector. - */ -private predicate createInitializationVectorSpecStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - exists(ConstructorCall cc, RefType type | - cc = toNode.asExpr() and type = cc.getConstructedType() - | - type.hasQualifiedName("javax.crypto.spec", "IvParameterSpec") and - cc.getArgument(0) = fromNode.asExpr() - or - type.hasQualifiedName("javax.crypto.spec", ["GCMParameterSpec", "RC2ParameterSpec"]) and - cc.getArgument(1) = fromNode.asExpr() - or - type.hasQualifiedName("javax.crypto.spec", "RC5ParameterSpec") and - cc.getArgument(3) = fromNode.asExpr() - ) + EncryptionInitializationSink() { sinkNode(this, "encryption-iv") } } /** @@ -156,10 +129,6 @@ deprecated class StaticInitializationVectorConfig extends TaintTracking::Configu } override predicate isSink(DataFlow::Node sink) { sink instanceof EncryptionInitializationSink } - - override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - createInitializationVectorSpecStep(fromNode, toNode) - } } /** @@ -169,10 +138,6 @@ module StaticInitializationVectorConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof StaticInitializationVectorSource } predicate isSink(DataFlow::Node sink) { sink instanceof EncryptionInitializationSink } - - predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - createInitializationVectorSpecStep(fromNode, toNode) - } } /** Tracks the flow from a static initialization vector to the initialization of a cipher */ diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index a90a23c2165..23166bc17c3 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -52,7 +52,7 @@ private class TaintPreservingUriCtorParam extends Parameter { * A taint-tracking configuration for tracking flow from remote sources to the creation of a path. */ module TaintedPathConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") } diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll index bd568355886..b3e9bb86aaa 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll @@ -62,7 +62,7 @@ abstract class TemplateInjectionSanitizerWithState extends DataFlow::Node { abstract predicate hasState(DataFlow::FlowState state); } -private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof RemoteFlowSource +private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof ThreatModelFlowSource { } private class DefaultTemplateInjectionSink extends TemplateInjectionSink { diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll index a89f24e6f1f..69ea9f4bcae 100644 --- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll @@ -12,7 +12,8 @@ private import semmle.code.java.frameworks.owasp.Esapi */ abstract class TrustBoundaryViolationSource extends DataFlow::Node { } -private class RemoteSource extends TrustBoundaryViolationSource instanceof RemoteFlowSource { } +private class ThreatModelSource extends TrustBoundaryViolationSource instanceof ThreatModelFlowSource +{ } /** * A sink for data that crosses a trust boundary. diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll index 267bfd6bf39..bf25cd3117e 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll @@ -27,7 +27,7 @@ deprecated class FetchUntrustedResourceConfiguration extends TaintTracking::Conf * A taint configuration tracking flow from untrusted inputs to a resource fetching call. */ module FetchUntrustedResourceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index 424edace82a..a43864f8b53 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -30,7 +30,7 @@ deprecated class UnsafeContentResolutionConf extends TaintTracking::Configuratio * A taint-tracking configuration to find paths from remote sources to content URI resolutions. */ module UnsafeContentResolutionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof ContentUriResolutionSink } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index 550b778d8db..e3b69ed0cc1 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -324,7 +324,7 @@ deprecated class UnsafeDeserializationConfig extends TaintTracking::Configuratio /** Tracks flows from remote user input to a deserialization sink. */ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } @@ -448,7 +448,7 @@ deprecated class UnsafeTypeConfig extends TaintTracking2::Configuration { * If this is user-controlled, arbitrary code could be executed while instantiating the user-specified type. */ module UnsafeTypeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeTypeSink } diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll index 552435d8af7..cdae7839366 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll @@ -8,7 +8,7 @@ private import semmle.code.java.security.UrlRedirect * A taint-tracking configuration for reasoning about URL redirections. */ module UrlRedirectConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } } diff --git a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll index 7615784896d..38dc1ff993c 100644 --- a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.security.XPath * A taint-tracking configuration for reasoning about XPath injection vulnerabilities. */ module XPathInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } } diff --git a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll index 5622ef60a84..d852a4a9095 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll @@ -31,7 +31,7 @@ deprecated class XsltInjectionFlowConfig extends TaintTracking::Configuration { * A taint-tracking configuration for unvalidated user input that is used in XSLT transformation. */ module XsltInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof XsltInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll index 83eb33682af..f19872bb489 100644 --- a/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll @@ -12,6 +12,14 @@ module XssLocalConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } + + predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer } + + predicate isBarrierOut(DataFlow::Node node) { node instanceof XssSinkBarrier } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + any(XssAdditionalTaintStep s).step(node1, node2) + } } /** diff --git a/java/ql/lib/semmle/code/java/security/XssQuery.qll b/java/ql/lib/semmle/code/java/security/XssQuery.qll index 5accb2ca585..6fec86a78dd 100644 --- a/java/ql/lib/semmle/code/java/security/XssQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XssQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.XSS * A taint-tracking configuration for cross site scripting vulnerabilities. */ module XssConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 06bccc993a4..9236a7185c3 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -28,7 +28,7 @@ deprecated class XxeConfig extends TaintTracking::Configuration { * A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion. */ module XxeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink } diff --git a/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll deleted file mode 100644 index eb52a4862f9..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.ExponentialBackTracking` instead. */ - -deprecated import semmle.code.java.security.regexp.ExponentialBackTracking as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll deleted file mode 100644 index f88f7fdc5c4..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.PolynomialReDoSQuery` instead. */ - -deprecated import semmle.code.java.security.regexp.PolynomialReDoSQuery as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll b/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll deleted file mode 100644 index 32014393864..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.NfaUtils` instead. */ - -deprecated import semmle.code.java.security.regexp.NfaUtils as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll deleted file mode 100644 index de0d6201623..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.SuperlinearBackTracking` instead. */ - -deprecated import semmle.code.java.security.regexp.SuperlinearBackTracking as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index 4d7f963e968..9c1c1d92956 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -66,7 +66,7 @@ deprecated predicate hasPolynomialReDoSResult( /** A configuration for Polynomial ReDoS queries. */ module PolynomialRedosConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp | diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll index 409143c18f8..5d44139e02e 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll @@ -24,7 +24,7 @@ deprecated class RegexInjectionConfiguration extends TaintTracking::Configuratio * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ module RegexInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 4c5b963ada7..c0a6261d914 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,27 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. + +## 0.8.0 + +No user-facing changes. + +## 0.7.5 + +No user-facing changes. + +## 0.7.4 + +### New Queries + +* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. + +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. + ## 0.7.3 No user-facing changes. diff --git a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll index 11cbf84cdbe..e0029ffeba2 100644 --- a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll +++ b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll @@ -6,7 +6,7 @@ import semmle.code.java.dataflow.SSA /** * The kind of bound that is known to hold for some variable. */ -library class BoundKind extends string { +class BoundKind extends string { BoundKind() { this = ["=", "!=", ">=", "<="] } predicate isEqual() { this = "=" } diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql index 9bca9dc3ed9..2ce5d5797ba 100644 --- a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +++ b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql @@ -12,11 +12,8 @@ */ import java +import semmle.code.java.security.SpringCsrfProtection from MethodAccess call -where - call.getMethod().hasName("disable") and - call.getReceiverType() - .hasQualifiedName("org.springframework.security.config.annotation.web.configurers", - "CsrfConfigurer") +where disablesSpringCsrfProtection(call) select call, "CSRF vulnerability due to protection being disabled." diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index d0ba2fce7d7..b6e0de2f842 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -90,9 +90,6 @@ class ExternalApi extends Callable { } } -/** DEPRECATED: Alias for ExternalApi */ -deprecated class ExternalAPI = ExternalApi; - /** * Gets the limit for the number of results produced by a telemetry query. */ diff --git a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md b/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md deleted file mode 100644 index 6f062a63e81..00000000000 --- a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md b/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md new file mode 100644 index 00000000000..94462f0f8c3 --- /dev/null +++ b/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. diff --git a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md b/java/ql/src/change-notes/released/0.7.4.md similarity index 50% rename from java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md rename to java/ql/src/change-notes/released/0.7.4.md index 802e367bf10..c214e52bd23 100644 --- a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md +++ b/java/ql/src/change-notes/released/0.7.4.md @@ -1,5 +1,9 @@ ---- -category: newQuery ---- +## 0.7.4 + +### New Queries + * Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method. +### Minor Analysis Improvements + +* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library. diff --git a/java/ql/src/change-notes/released/0.7.5.md b/java/ql/src/change-notes/released/0.7.5.md new file mode 100644 index 00000000000..b2759d5bd80 --- /dev/null +++ b/java/ql/src/change-notes/released/0.7.5.md @@ -0,0 +1,3 @@ +## 0.7.5 + +No user-facing changes. diff --git a/java/ql/src/change-notes/released/0.8.0.md b/java/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/java/ql/src/change-notes/released/0.8.1.md b/java/ql/src/change-notes/released/0.8.1.md new file mode 100644 index 00000000000..0b1620f54c2 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.1.md @@ -0,0 +1,5 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index a4ea9c8de17..2f693f95ba6 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.3 +lastReleaseVersion: 0.8.1 diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql index 14bef1791cc..33d060de691 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql @@ -43,7 +43,7 @@ class Log4jInjectionSanitizer extends DataFlow::Node { * A taint-tracking configuration for tracking untrusted user input used in log entries. */ module Log4jInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof Log4jInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index 000ecee2999..fedde6f21a0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -33,7 +33,7 @@ class UrlConstructor extends ClassInstanceExpr { } module RemoteUrlToOpenStreamFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(MethodAccess m | diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index ba3411e4da2..26b2c8d83ea 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -48,7 +48,7 @@ class NormalizedPathNode extends DataFlow::Node { } module InjectFilePathConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") and diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql index 8c020b6f22b..c185a4f67da 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql @@ -14,7 +14,7 @@ import CommandInjectionRuntimeExec import ExecUserFlow::PathGraph -class RemoteSource extends Source instanceof RemoteFlowSource { } +class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } from ExecUserFlow::PathNode source, ExecUserFlow::PathNode sink, DataFlow::Node sourceCmd, diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql index c31e69f09fb..d4fe781fe37 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql @@ -20,7 +20,7 @@ import semmle.code.java.dataflow.TaintTracking import MyBatisAnnotationSqlInjectionFlow::PathGraph private module MyBatisAnnotationSqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisAnnotatedMethodCallArgument } diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql index be58b8fecb0..44942f13344 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql @@ -20,7 +20,7 @@ import semmle.code.java.dataflow.FlowSources import MyBatisMapperXmlSqlInjectionFlow::PathGraph private module MyBatisMapperXmlSqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisMapperMethodCallAnArgument } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql index a867bfcb866..c67455d3da9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql @@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking import BeanShellInjectionFlow::PathGraph module BeanShellInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof BeanShellInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql index 30e4a5e4137..88eebc1ab7f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql @@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking import JShellInjectionFlow::PathGraph module JShellInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof JShellInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll index f14e03f7507..b288a1a4a19 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll @@ -8,7 +8,7 @@ import semmle.code.java.dataflow.TaintTracking * that is used to construct and evaluate an expression. */ module JakartaExpressionInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExpressionEvaluationSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql index 328792e89fc..ec3628126bd 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql @@ -99,17 +99,17 @@ class CodeInjectionSink extends DataFlow::ExprNode { } /** - * A taint configuration for tracking flow from `RemoteFlowSource` to a Jython method call + * A taint configuration for tracking flow from `ThreatModelFlowSource` to a Jython method call * `CodeInjectionSink` that executes injected code. */ module CodeInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink } } /** - * Taint tracking flow from `RemoteFlowSource` to a Jython method call + * Taint tracking flow from `ThreatModelFlowSource` to a Jython method call * `CodeInjectionSink` that executes injected code. */ module CodeInjectionFlow = TaintTracking::Global; diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql index ffbbab93d8e..21e36bbdd00 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql @@ -131,11 +131,11 @@ class ScriptInjectionSink extends DataFlow::ExprNode { } /** - * A taint tracking configuration that tracks flow from `RemoteFlowSource` to an argument + * A taint tracking configuration that tracks flow from `ThreatModelFlowSource` to an argument * of a method call that executes injected script. */ module ScriptInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof ScriptInjectionSink } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll index 7b7c2d8c8fd..943b946e95d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll @@ -42,7 +42,7 @@ class PortletRenderRequestMethod extends Method { */ module SpringViewManipulationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource or + source instanceof ThreatModelFlowSource or source instanceof WebRequestSource or source.asExpr().(MethodAccess).getMethod() instanceof PortletRenderRequestMethod } diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql index 81a181da0f0..f32c1682c29 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql @@ -19,7 +19,7 @@ import AndroidWebResourceResponse import InsecureWebResourceResponseFlow::PathGraph module InsecureWebResourceResponseConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll index 8f4f6e1b4e2..194ae34b792 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll @@ -148,7 +148,7 @@ private predicate updateMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::N * such as cipher, MAC or signature. */ private module UserInputInCryptoOperationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(ProduceCryptoCall call | call.getQualifier() = sink.asExpr()) @@ -214,7 +214,7 @@ private class NonConstantTimeComparisonCall extends StaticMethodAccess { * that compare inputs using a non-constant-time algorithm. */ private module UserInputInComparisonConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(NonConstantTimeEqualsCall call | diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index b5a457d14bb..f9a86e1c5f4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -63,7 +63,7 @@ module CorsSourceReachesCheckConfig implements DataFlow::ConfigSig { module CorsSourceReachesCheckFlow = TaintTracking::Global; private module CorsOriginConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(MethodAccess corsHeader, MethodAccess allowCredentialsHeader | diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 847f6eecdef..58448c0ed9d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -22,7 +22,7 @@ import RequestResponseFlow::PathGraph /** Taint-tracking configuration tracing flow from get method request sources to output jsonp data. */ module RequestResponseFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource and + source instanceof ThreatModelFlowSource and any(RequestGetMethod m).polyCalls*(source.getEnclosingCallable()) } diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll index 8833a42b8b0..84c189aac93 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll @@ -77,16 +77,16 @@ class JsonpBuilderExpr extends AddExpr { Expr getJsonExpr() { result = this.getLeftOperand().(AddExpr).getRightOperand() } } -/** A data flow configuration tracing flow from remote sources to jsonp function name. */ -module RemoteFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } +/** A data flow configuration tracing flow from threat model sources to jsonp function name. */ +module ThreatModelFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(JsonpBuilderExpr jhe | jhe.getFunctionName() = sink.asExpr()) } } -module RemoteFlow = DataFlow::Global; +module ThreatModelFlow = DataFlow::Global; /** A data flow configuration tracing flow from json data into the argument `json` of JSONP-like string `someFunctionName + "(" + json + ")"`. */ module JsonDataFlowConfig implements DataFlow::ConfigSig { @@ -105,7 +105,7 @@ module JsonpInjectionFlowConfig implements DataFlow::ConfigSig { exists(JsonpBuilderExpr jhe | jhe = src.asExpr() and JsonDataFlow::flowTo(DataFlow::exprNode(jhe.getJsonExpr())) and - RemoteFlow::flowTo(DataFlow::exprNode(jhe.getFunctionName())) + ThreatModelFlow::flowTo(DataFlow::exprNode(jhe.getFunctionName())) ) } diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql index 19becee1a6a..b5c98b9e34f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql @@ -17,12 +17,12 @@ import ThreadResourceAbuseFlow::PathGraph /** Taint configuration of uncontrolled thread resource consumption. */ module ThreadResourceAbuseConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof PauseThreadSink } predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { - any(AdditionalValueStep r).step(pred, succ) + any(ThreadResourceAbuseAdditionalTaintStep c).step(pred, succ) } predicate isBarrier(DataFlow::Node node) { diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll index 3201f9483e4..bbdf36b5065 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qll @@ -3,6 +3,7 @@ import java import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.arithmetic.Overflow import semmle.code.java.dataflow.FlowSteps import semmle.code.java.controlflow.Guards @@ -61,3 +62,34 @@ private class ApacheFileUploadProgressUpdateStep extends AdditionalValueStep { ) } } + +/** + * A unit class for adding additional taint steps. + * + * Extend this class to add additional taint steps that should apply to the `ThreadResourceAbuseConfig`. + */ +class ThreadResourceAbuseAdditionalTaintStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a taint + * step for the `ThreadResourceAbuseConfig` configuration. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); +} + +/** A set of additional taint steps to consider when taint tracking thread resource abuse related data flows. */ +private class DefaultThreadResourceAbuseAdditionalTaintStep extends ThreadResourceAbuseAdditionalTaintStep +{ + override predicate step(DataFlow::Node node1, DataFlow::Node node2) { + threadResourceAbuseArithmeticTaintStep(node1, node2) + } +} + +/** + * Holds if the step `node1` -> `node2` is an additional taint-step that performs an addition, multiplication, + * subtraction, or division. + */ +private predicate threadResourceAbuseArithmeticTaintStep( + DataFlow::Node fromNode, DataFlow::Node toNode +) { + toNode.asExpr().(ArithExpr).getAnOperand() = fromNode.asExpr() +} diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql index 06ec7cbe853..53b27b38df9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql @@ -32,7 +32,7 @@ private predicate equalsSanitizer(Guard g, Expr e, boolean branch) { } module UnsafeReflectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeReflectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql index d1b92f22563..bf0b5605c90 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql @@ -21,7 +21,7 @@ import UnsafeUrlForwardFlow::PathGraph module UnsafeUrlForwardFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource and + source instanceof ThreatModelFlowSource and not exists(MethodAccess ma, Method m | ma.getMethod() = m | ( m instanceof HttpServletRequestGetRequestUriMethod or diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index fc0a7c83ddd..c8e2523879a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -65,9 +65,9 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode { } } -/** Taint configuration of uncaught exceptions caused by user provided data from `RemoteFlowSource` */ +/** Taint configuration of uncaught exceptions caused by user provided data from `ThreatModelFlowSource` */ module UncaughtServletExceptionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof UncaughtServletExceptionSink } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql index 52ddfd2a187..7ac2ffa28d1 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql @@ -26,7 +26,7 @@ private predicate startsWithSanitizer(Guard g, Expr e, boolean branch) { } module SpringUrlRedirectFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof SpringUrlRedirectSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql index a5c2f8012c0..f7a8c335f1a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql @@ -20,7 +20,7 @@ import XQueryInjectionFlow::PathGraph * A taint-tracking configuration tracing flow from remote sources, through an XQuery parser, to its eventual execution. */ module XQueryInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(XQueryPreparedExecuteCall xpec).getPreparedExpression() or diff --git a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql index 41a4c8115d4..f2c31e566b8 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql @@ -24,7 +24,7 @@ import NfeLocalDoSFlow::PathGraph */ module NfeLocalDoSConfig implements DataFlow::ConfigSig { /** Holds if source is a remote flow source */ - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } /** Holds if NFE is thrown but not caught */ predicate isSink(DataFlow::Node sink) { diff --git a/java/ql/src/meta/frameworks/Coverage.ql b/java/ql/src/meta/frameworks/Coverage.ql index ca0f78d99f1..63f29a00b24 100644 --- a/java/ql/src/meta/frameworks/Coverage.ql +++ b/java/ql/src/meta/frameworks/Coverage.ql @@ -1,6 +1,6 @@ /** * @name Framework coverage - * @description The number of API endpoints covered by CSV models sorted by + * @description The number of API endpoints covered by MaD models sorted by * package and source-, sink-, and summary-kind. * @kind table * @id java/meta/framework-coverage diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index b2a297894fa..1491aeaf8a5 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/java-queries -version: 0.7.4-dev -groups: +version: 0.8.2-dev +groups: - java - queries suites: codeql-suites diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected index 12419be1064..e79dbfee2d3 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected @@ -17,6 +17,11 @@ edges | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | +| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | +| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | +| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | +| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | +| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number | | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | UploadListener.java:29:3:29:11 | this <.field> : UploadListener [slowUploads] : Number | @@ -46,6 +51,13 @@ nodes | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | semmle.label | new UploadListener(...) : UploadListener [slowUploads] : Number | | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number | +| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | semmle.label | getHeader(...) : String | +| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | semmle.label | retryAfter : Number | +| ThreadResourceAbuse.java:219:17:219:33 | ... * ... | semmle.label | ... * ... | +| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | semmle.label | getHeader(...) : String | +| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | semmle.label | retryAfter : Number | +| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | semmle.label | ...*=... : Number | +| ThreadResourceAbuse.java:233:17:233:26 | retryAfter | semmle.label | retryAfter | | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number | | UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number | semmle.label | this <.field> [post update] : UploadListener [slowUploads] : Number | | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number | @@ -65,4 +77,6 @@ subpaths | ThreadResourceAbuse.java:74:18:74:25 | waitTime | ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:74:18:74:25 | waitTime | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) | user-provided value | | ThreadResourceAbuse.java:144:34:144:42 | delayTime | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) | user-provided value | | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) | user-provided value | +| ThreadResourceAbuse.java:219:17:219:33 | ... * ... | ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) | user-provided value | +| ThreadResourceAbuse.java:233:17:233:26 | retryAfter | ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) | user-provided value | | UploadListener.java:35:18:35:28 | slowUploads | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | UploadListener.java:35:18:35:28 | slowUploads | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) | user-provided value | diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java index 6cc15ea09d3..e5cd70c42f2 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java +++ b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java @@ -209,4 +209,30 @@ public class ThreadResourceAbuse extends HttpServlet { UploadListener listener = new UploadListener(uploadDelay, getContentLength(request)); } catch (Exception e) { } } + + protected void doHead5(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + // BAD: Get thread pause time from request header with binary multiplication expression and without validation + String header = request.getHeader("Retry-After"); + int retryAfter = Integer.parseInt(header); + + try { + Thread.sleep(retryAfter * 1000); + } catch (InterruptedException ignore) { + // ignore + } + } + + protected void doHead6(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + // BAD: Get thread pause time from request header with multiplication assignment operator and without validation + String header = request.getHeader("Retry-After"); + int retryAfter = Integer.parseInt(header); + + retryAfter *= 1000; + + try { + Thread.sleep(retryAfter); + } catch (InterruptedException ignore) { + // ignore + } + } } diff --git a/java/ql/test/kotlin/library-tests/java-kotlin-collection-type-generic-methods/test.expected b/java/ql/test/kotlin/library-tests/java-kotlin-collection-type-generic-methods/test.expected index f3f148ff215..4ccb82a3d0d 100644 --- a/java/ql/test/kotlin/library-tests/java-kotlin-collection-type-generic-methods/test.expected +++ b/java/ql/test/kotlin/library-tests/java-kotlin-collection-type-generic-methods/test.expected @@ -165,6 +165,8 @@ methodWithDuplicate | List | add | int | | List | addAll | Collection | | List | addAll | int | +| List | addFirst | E | +| List | addLast | E | | List | contains | Object | | List | containsAll | Collection | | List | copyOf | Collection | @@ -213,6 +215,8 @@ methodWithDuplicate | List | add | int | | List | addAll | Collection | | List | addAll | int | +| List | addFirst | String | +| List | addLast | String | | List | contains | Object | | List | containsAll | Collection | | List | copyOf | Collection | diff --git a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected index 3260a055b94..a15930f26b8 100644 --- a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected +++ b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected @@ -1,14 +1,54 @@ -| Test.java:24:26:24:51 | ...::... | Test$Generic$Inner<>.Inner<> | Test$Generic$Inner.class:0:0:0:0 | Inner<> | -| Test.java:38:29:38:42 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test | -| Test.java:39:29:39:42 | ...::... | java.lang.Object.hashCode | Test.java:1:7:1:10 | Test | -| Test.java:40:29:40:39 | ...::... | java.lang.Object.clone | Test.java:1:7:1:10 | Test | -| Test.java:41:40:41:64 | ...::... | java.lang.Object.toString | Test$Generic.class:0:0:0:0 | Generic | -| Test.java:43:23:43:36 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test | -| Test.java:44:23:44:36 | ...::... | java.lang.Object.hashCode | Test.java:1:7:1:10 | Test | -| Test.java:45:23:45:33 | ...::... | java.lang.Object.clone | Test.java:1:7:1:10 | Test | -| Test.java:48:22:48:35 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test | -| Test.java:51:13:51:21 | ...::... | Test.Test | Test.java:1:7:1:10 | Test | -| Test.java:52:13:52:32 | ...::... | Test$Generic.Generic | Test$Generic.class:0:0:0:0 | Generic | -| Test.java:56:13:56:22 | ...::... | | file://:0:0:0:0 | int[] | -| Test.java:57:13:57:26 | ...::... | | file://:0:0:0:0 | Generic<>[] | -| Test.java:61:31:61:47 | ...::... | Test.doSomething | Test.java:1:7:1:10 | Test | +getReferencedCallable +| Test.java:26:31:26:52 | ...::... | java.lang.Object.toString | +| Test.java:27:31:27:53 | ...::... | java.lang.Object.toString | +| Test.java:32:27:32:52 | ...::... | Test$Generic$Inner<>.Inner<> | +| Test.java:33:27:33:41 | ...::... | java.lang.Object.toString | +| Test.java:49:29:49:42 | ...::... | java.lang.Object.toString | +| Test.java:50:29:50:42 | ...::... | java.lang.Object.hashCode | +| Test.java:51:29:51:39 | ...::... | java.lang.Object.clone | +| Test.java:52:40:52:64 | ...::... | java.lang.Object.toString | +| Test.java:54:23:54:36 | ...::... | java.lang.Object.toString | +| Test.java:55:23:55:36 | ...::... | java.lang.Object.hashCode | +| Test.java:56:23:56:33 | ...::... | java.lang.Object.clone | +| Test.java:57:23:57:59 | ...::... | java.lang.Object.toString | +| Test.java:57:35:57:48 | ...::... | java.lang.Object.toString | +| Test.java:60:23:60:36 | ...::... | java.lang.Object.toString | +| Test.java:62:23:62:40 | ...::... | Test.staticMethod | +| Test.java:65:13:65:21 | ...::... | Test.Test | +| Test.java:66:13:66:32 | ...::... | Test$Generic.Generic | +| Test.java:75:31:75:47 | ...::... | Test.doSomething | +getReceiverExpr +| Test.java:26:31:26:52 | ...::... | Test.java:26:31:26:42 | Generic<>.this | +| Test.java:27:31:27:53 | ...::... | Test.java:27:31:27:43 | Generic<>.super | +| Test.java:32:27:32:52 | ...::... | Test.java:32:27:32:47 | Generic.Inner<> | +| Test.java:33:27:33:41 | ...::... | Test.java:33:27:33:31 | super | +| Test.java:54:23:54:36 | ...::... | Test.java:54:23:54:26 | this | +| Test.java:55:23:55:36 | ...::... | Test.java:55:23:55:26 | this | +| Test.java:56:23:56:33 | ...::... | Test.java:56:23:56:26 | this | +| Test.java:57:23:57:59 | ...::... | Test.java:57:24:57:48 | (...)... | +| Test.java:57:35:57:48 | ...::... | Test.java:57:35:57:38 | this | +| Test.java:60:23:60:36 | ...::... | Test.java:60:23:60:26 | this | +| Test.java:62:23:62:40 | ...::... | Test.java:62:23:62:26 | Test | +| Test.java:65:13:65:21 | ...::... | Test.java:65:13:65:16 | Test | +| Test.java:66:13:66:32 | ...::... | Test.java:66:13:66:27 | Generic | +getReceiverType +| Test.java:26:31:26:52 | ...::... | Test.java:19:18:19:24 | Generic | +| Test.java:27:31:27:53 | ...::... | Test.java:16:18:16:26 | BaseClass | +| Test.java:32:27:32:52 | ...::... | Test$Generic$Inner.class:0:0:0:0 | Inner<> | +| Test.java:33:27:33:41 | ...::... | Test.java:16:18:16:26 | BaseClass | +| Test.java:49:29:49:42 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:50:29:50:42 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:51:29:51:39 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:52:40:52:64 | ...::... | Test$Generic.class:0:0:0:0 | Generic | +| Test.java:54:23:54:36 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:55:23:55:36 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:56:23:56:33 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:57:23:57:59 | ...::... | Test.java:10:15:10:22 | Supplier | +| Test.java:57:35:57:48 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:60:23:60:36 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:62:23:62:40 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:65:13:65:21 | ...::... | Test.java:1:7:1:10 | Test | +| Test.java:66:13:66:32 | ...::... | Test$Generic.class:0:0:0:0 | Generic | +| Test.java:70:13:70:22 | ...::... | file://:0:0:0:0 | int[] | +| Test.java:71:13:71:26 | ...::... | file://:0:0:0:0 | Generic<>[] | +| Test.java:75:31:75:47 | ...::... | Test.java:1:7:1:10 | Test | diff --git a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql index 2f83916c50e..5270663a909 100644 --- a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql +++ b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql @@ -1,10 +1,10 @@ import java -string getReferencedCallable(MemberRefExpr e) { - if exists(e.getReferencedCallable()) - then result = e.getReferencedCallable().getQualifiedName() - else result = "" +query string getReferencedCallable(MemberRefExpr e) { + // Use qualified name because some callables don't have a source location (e.g. `Object.toString`) + result = e.getReferencedCallable().getQualifiedName() } -from MemberRefExpr e -select e, getReferencedCallable(e), e.getReceiverType() +query Expr getReceiverExpr(MemberRefExpr e) { result = e.getReceiverExpr() } + +query RefType getReceiverType(MemberRefExpr e) { result = e.getReceiverType() } diff --git a/java/ql/test/library-tests/MemberRefExpr/Test.java b/java/ql/test/library-tests/MemberRefExpr/Test.java index d477cf659a9..88997a7339b 100644 --- a/java/ql/test/library-tests/MemberRefExpr/Test.java +++ b/java/ql/test/library-tests/MemberRefExpr/Test.java @@ -13,20 +13,31 @@ class Test { public Test() { } - static class Generic { + static class BaseClass { + } + + static class Generic extends BaseClass { public Generic() { } class Inner { public Inner() { } + + void test() { + Supplier s0 = Generic.this::toString; + Supplier s1 = Generic.super::toString; + } } void test() { - Supplier s = Generic.Inner::new; + Supplier s0 = Generic.Inner::new; + Supplier s1 = super::toString; } } void doSomething() { } + static void staticMethod() { } + static class Sub extends Test { } @@ -43,9 +54,12 @@ class Test { Supplier s0 = this::toString; Supplier s1 = this::hashCode; Supplier s2 = this::clone; + Supplier s3 = ((Supplier) this::toString)::toString; // Discards result of method call - Runnable r = this::toString; + Runnable r0 = this::toString; + + Runnable r1 = Test::staticMethod; Supplier[] classInstances = { Test::new, diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql index 29d355671ec..c41024c029b 100644 --- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql +++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql @@ -9,7 +9,7 @@ class TestRemoteFlowSource extends RemoteFlowSource { } module TaintFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) diff --git a/java/ql/test/library-tests/dataflow/threat-models/Empty.java b/java/ql/test/library-tests/dataflow/threat-models/Empty.java deleted file mode 100644 index 5be35d3d2db..00000000000 --- a/java/ql/test/library-tests/dataflow/threat-models/Empty.java +++ /dev/null @@ -1 +0,0 @@ -class Empty { } diff --git a/java/ql/test/library-tests/dataflow/threat-models/Test.java b/java/ql/test/library-tests/dataflow/threat-models/Test.java new file mode 100644 index 00000000000..37b67d8ce86 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/Test.java @@ -0,0 +1,72 @@ +import java.sql.*; +import java.net.*; +import java.util.logging.*; +import java.nio.charset.StandardCharsets; +import testlib.TestSources; + +class Test { + private TestSources sources = new TestSources(); + + private String byteToString(byte[] data) { + return new String(data, StandardCharsets.UTF_8); + } + + public void M1(Statement handle) throws Exception { + // Only a source if "remote" is a selected threat model. + // This is included in the "default" threat model. + Socket sock = new Socket("localhost", 1234); + byte[] data = new byte[1024]; + sock.getInputStream().read(data); + + // Logging sink + Logger.getLogger("foo").severe(byteToString(data)); + + // SQL sink + handle.executeUpdate("INSERT INTO foo VALUES ('" + byteToString(data) + "')"); + } + + public void M2(Statement handle) throws Exception { + // Only a source if "database" is a selected threat model. + String result = sources.executeQuery("SELECT * FROM foo"); + + // SQL sink + handle.executeUpdate("INSERT INTO foo VALUES ('" + result + "')"); + + // Logging sink + Logger.getLogger("foo").severe(result); + } + + public void M3(Statement handle) throws Exception { + // Only a source if "environment" is a selected threat model. + String result = sources.readEnv("MY_ENV_VAR"); + + // SQL sink + handle.executeUpdate("INSERT INTO foo VALUES ('" + result + "')"); + + // Logging sink + Logger.getLogger("foo").severe(result); + } + + public void M4(Statement handle) throws Exception { + // Only a source if "custom" is a selected threat model. + String result = sources.getCustom("custom"); + + // SQL sink + handle.executeUpdate("INSERT INTO foo VALUES ('" + result + "')"); + + // Logging sink + Logger.getLogger("foo").severe(result); + } + + public void M5(Statement handle) throws Exception { + // Only a source if "commandargs" is a selected threat model. + byte[] data = new byte[1024]; + System.in.read(data); + + // SQL sink + handle.executeUpdate("INSERT INTO foo VALUES ('" + byteToString(data) + "')"); + + // Logging sink + Logger.getLogger("foo").severe(byteToString(data)); + } +} diff --git a/java/ql/test/library-tests/dataflow/threat-models/Test.qll b/java/ql/test/library-tests/dataflow/threat-models/Test.qll new file mode 100644 index 00000000000..a0d85680270 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/Test.qll @@ -0,0 +1,13 @@ +private import java +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.dataflow.TaintTracking + +private module ThreatModelConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + + predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) } +} + +module ThreatModel = TaintTracking::Global; diff --git a/java/ql/test/library-tests/dataflow/threat-models/TestSources.java b/java/ql/test/library-tests/dataflow/threat-models/TestSources.java new file mode 100644 index 00000000000..416357b8852 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/TestSources.java @@ -0,0 +1,9 @@ +package testlib; + +public class TestSources { + public String executeQuery(String query) { return null; } + + public String readEnv(String env) { return null; } + + public String getCustom(String s) { return null;} +} diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected new file mode 100644 index 00000000000..9dbde2c728d --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected @@ -0,0 +1,28 @@ +edges +| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | +nodes +| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | +| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | +| Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] | +| Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... | +| Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] | +subpaths +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String | +#select +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ext.yml new file mode 100644 index 00000000000..4cd172bd5f4 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ext.yml @@ -0,0 +1,14 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: [] + + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"] + - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"] + - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"] diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql new file mode 100644 index 00000000000..02205d61baa --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql @@ -0,0 +1,10 @@ +/** + * This is a dataflow test using the "default" threat model. + */ + +import Test +import ThreatModel::PathGraph + +from ThreatModel::PathNode source, ThreatModel::PathNode sink +where ThreatModel::flowPath(source, sink) +select source, sink diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected new file mode 100644 index 00000000000..69fad09766d --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -0,0 +1,35 @@ +edges +| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | +nodes +| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | +| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | +| Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] | +| Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... | +| Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String | +| Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... | +| Test.java:36:36:36:41 | result | semmle.label | result | +subpaths +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String | +#select +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ext.yml new file mode 100644 index 00000000000..f8cad9eff2f --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ext.yml @@ -0,0 +1,15 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: + - ["database"] + + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"] + - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"] + - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"] diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql new file mode 100644 index 00000000000..e312a90e981 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql @@ -0,0 +1,11 @@ +/** + * This is a dataflow test using the "default" threat model with the + * addition of "database". + */ + +import Test +import ThreatModel::PathGraph + +from ThreatModel::PathNode source, ThreatModel::PathNode sink +where ThreatModel::flowPath(source, sink) +select source, sink diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected new file mode 100644 index 00000000000..35b2d7049a2 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -0,0 +1,61 @@ +edges +| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | +nodes +| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | +| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | +| Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] | +| Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... | +| Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String | +| Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... | +| Test.java:36:36:36:41 | result | semmle.label | result | +| Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String | +| Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... | +| Test.java:47:36:47:41 | result | semmle.label | result | +| Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream | +| Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... | +| Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] | +subpaths +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) | +#select +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ext.yml new file mode 100644 index 00000000000..f7a5a63530a --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ext.yml @@ -0,0 +1,15 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: + - ["local"] + + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"] + - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"] + - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"] diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql new file mode 100644 index 00000000000..6d562e588bf --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql @@ -0,0 +1,11 @@ +/** + * This is a dataflow test using the "default" threat model with the + * addition of the threat model group "local". + */ + +import Test +import ThreatModel::PathGraph + +from ThreatModel::PathNode source, ThreatModel::PathNode sink +where ThreatModel::flowPath(source, sink) +select source, sink diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected new file mode 100644 index 00000000000..44f01c1485e --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -0,0 +1,68 @@ +edges +| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | +nodes +| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | +| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | +| Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] | +| Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... | +| Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String | +| Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... | +| Test.java:36:36:36:41 | result | semmle.label | result | +| Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String | +| Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... | +| Test.java:47:36:47:41 | result | semmle.label | result | +| Test.java:52:21:52:47 | getCustom(...) : String | semmle.label | getCustom(...) : String | +| Test.java:55:26:55:68 | ... + ... | semmle.label | ... + ... | +| Test.java:58:36:58:41 | result | semmle.label | result | +| Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream | +| Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... | +| Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] | +subpaths +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) | +#select +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | +| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | +| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ext.yml new file mode 100644 index 00000000000..4ce73dff484 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ext.yml @@ -0,0 +1,15 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: + - ["all"] + + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"] + - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"] + - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"] diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql new file mode 100644 index 00000000000..7694ddb66fd --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql @@ -0,0 +1,10 @@ +/** + * This is a dataflow test using "all" threat models. + */ + +import Test +import ThreatModel::PathGraph + +from ThreatModel::PathNode source, ThreatModel::PathNode sink +where ThreatModel::flowPath(source, sink) +select source, sink diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected new file mode 100644 index 00000000000..d535ba38f98 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -0,0 +1,54 @@ +edges +| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | +| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | +| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | +| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | +| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | +| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | +nodes +| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] | +| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String | +| Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] | +| Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... | +| Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String | +| Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... | +| Test.java:47:36:47:41 | result | semmle.label | result | +| Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream | +| Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] | +| Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... | +| Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] | +| Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) | +| Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] | +subpaths +| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String | +| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String | +| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) | +#select +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) | +| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | +| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... | +| Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ext.yml new file mode 100644 index 00000000000..9b6a3831713 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ext.yml @@ -0,0 +1,16 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: + - ["environment"] + - ["commandargs"] + + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"] + - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"] + - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"] diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql new file mode 100644 index 00000000000..4ffe24cc9b7 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql @@ -0,0 +1,11 @@ +/** + * This is a dataflow test using the "default" threat model with the + * addition of "environment" and "commandargs". + */ + +import Test +import ThreatModel::PathGraph + +from ThreatModel::PathNode source, ThreatModel::PathNode sink +where ThreatModel::flowPath(source, sink) +select source, sink diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected index d538019ccb7..c471a7cc912 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected @@ -2,4 +2,3 @@ | remote | | request | | response | -| uri-path | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql index 11371a749dd..dd8ed512f52 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql @@ -1,5 +1,5 @@ import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration query predicate supportedThreatModels(string kind) { - ExternalFlowConfiguration::sourceModelKindConfig(kind) + ExternalFlowConfiguration::currentThreatModel(kind) } diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected index 809a018e98e..395951c3b47 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected @@ -1,4 +1,4 @@ -| cli | +| commandargs | | database | | default | | environment | @@ -7,4 +7,3 @@ | remote | | request | | response | -| uri-path | diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql index 11371a749dd..dd8ed512f52 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql +++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql @@ -1,5 +1,5 @@ import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration query predicate supportedThreatModels(string kind) { - ExternalFlowConfiguration::sourceModelKindConfig(kind) + ExternalFlowConfiguration::currentThreatModel(kind) } diff --git a/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql b/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql index 93ab3fe066d..d7d94430486 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql +++ b/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { DefaultFlowConfig::isSource(node) or - node instanceof RemoteFlowSource + node instanceof ThreatModelFlowSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql index 2c6bd09dc40..8293f7f4ff4 100644 --- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql +++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module ProviderTaintFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) } diff --git a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql index 64ff27077df..89a353eedc9 100644 --- a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql +++ b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql @@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink") diff --git a/java/ql/test/library-tests/frameworks/android/slice/test.ql b/java/ql/test/library-tests/frameworks/android/slice/test.ql index 787f93df5a0..8540c0604a8 100644 --- a/java/ql/test/library-tests/frameworks/android/slice/test.ql +++ b/java/ql/test/library-tests/frameworks/android/slice/test.ql @@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources module SliceValueFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - DefaultFlowConfig::isSource(source) or source instanceof RemoteFlowSource + DefaultFlowConfig::isSource(source) or source instanceof ThreatModelFlowSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql index 5b163a81935..9b067cd00dd 100644 --- a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql +++ b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module SourceValueFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) } diff --git a/java/ql/test/library-tests/frameworks/apache-collections/options b/java/ql/test/library-tests/frameworks/apache-collections/options index 7b0b8433220..694c0bfe00d 100644 --- a/java/ql/test/library-tests/frameworks/apache-collections/options +++ b/java/ql/test/library-tests/frameworks/apache-collections/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-collections4-4.4 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-collections4-4.4 --release 11 diff --git a/java/ql/test/library-tests/frameworks/apache-http/flow.ql b/java/ql/test/library-tests/frameworks/apache-http/flow.ql index 540b4847ff3..0674c3d815f 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/flow.ql +++ b/java/ql/test/library-tests/frameworks/apache-http/flow.ql @@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") or - n instanceof RemoteFlowSource + n instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node n) { diff --git a/java/ql/test/library-tests/frameworks/guice/flow.ql b/java/ql/test/library-tests/frameworks/guice/flow.ql index e8e58e6cbb8..01f0eef9562 100644 --- a/java/ql/test/library-tests/frameworks/guice/flow.ql +++ b/java/ql/test/library-tests/frameworks/guice/flow.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | diff --git a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql index ef42c248189..062caadc795 100644 --- a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineExpectationsTest module TestConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { exists(MethodAccess call | diff --git a/java/ql/test/library-tests/frameworks/netty/manual/test.ql b/java/ql/test/library-tests/frameworks/netty/manual/test.ql index c67cf1835fa..70da9eb5f0f 100644 --- a/java/ql/test/library-tests/frameworks/netty/manual/test.ql +++ b/java/ql/test/library-tests/frameworks/netty/manual/test.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { DefaultFlowConfig::isSource(node) or - node instanceof RemoteFlowSource + node instanceof ThreatModelFlowSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql index 0adb5a87783..0d20d80bacd 100644 --- a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql @@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node node) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | node.asExpr() = ma.getAnArgument()) diff --git a/java/ql/test/library-tests/frameworks/ratpack/flow.ql b/java/ql/test/library-tests/frameworks/ratpack/flow.ql index eab631f0589..ce5b8252f55 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/flow.ql +++ b/java/ql/test/library-tests/frameworks/ratpack/flow.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") or - n instanceof RemoteFlowSource + n instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node n) { diff --git a/java/ql/test/library-tests/frameworks/spring/controller/test.ql b/java/ql/test/library-tests/frameworks/spring/controller/test.ql index 35b3d064e5a..d8f6b13e870 100644 --- a/java/ql/test/library-tests/frameworks/spring/controller/test.ql +++ b/java/ql/test/library-tests/frameworks/spring/controller/test.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module ValueFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink") diff --git a/java/ql/test/library-tests/sensitive-actions/test.expected b/java/ql/test/library-tests/sensitive-actions/test.expected index ea02eacb73b..118286cb7de 100644 --- a/java/ql/test/library-tests/sensitive-actions/test.expected +++ b/java/ql/test/library-tests/sensitive-actions/test.expected @@ -67,5 +67,3 @@ sensitiveDataMethod | Test.java:37:18:37:31 | aaCryptAccntaa | | Test.java:39:18:39:33 | aaCryptTrustedaa | | Test.java:41:18:41:40 | aaCryptRefreshaaTokenaa | -| file:///modules/java.base/java/lang/invoke/MemberName.class:0:0:0:0 | isTrustedFinalField | -| file:///modules/java.base/java/lang/reflect/Field.class:0:0:0:0 | isTrustedFinal | diff --git a/java/ql/test/library-tests/sensitive-actions/test.ql b/java/ql/test/library-tests/sensitive-actions/test.ql index 517d5d86fe4..0d3420eb1af 100644 --- a/java/ql/test/library-tests/sensitive-actions/test.ql +++ b/java/ql/test/library-tests/sensitive-actions/test.ql @@ -9,4 +9,4 @@ query predicate sensitiveVariable(Variable v) { v.getName().regexpMatch(getCommonSensitiveInfoRegex()) } -query predicate sensitiveDataMethod(SensitiveDataMethod m) { any() } +query predicate sensitiveDataMethod(SensitiveDataMethod m) { m.fromSource() } diff --git a/java/ql/test/library-tests/types/record-classes/RecordClasses.ql b/java/ql/test/library-tests/types/record-classes/RecordClasses.ql index ecc9f5e957c..71ac31d6031 100644 --- a/java/ql/test/library-tests/types/record-classes/RecordClasses.ql +++ b/java/ql/test/library-tests/types/record-classes/RecordClasses.ql @@ -2,6 +2,7 @@ import java from Record r, boolean isFinal, boolean isStatic, string superTypes where + r.fromSource() and (if r.isFinal() then isFinal = true else isFinal = false) and (if r.isStatic() then isStatic = true else isStatic = false) and superTypes = concat(RefType superType | superType = r.getASupertype() | superType.toString(), ",") diff --git a/java/ql/test/query-tests/security/CWE-352/CONSISTENCY/typeParametersInScope.expected b/java/ql/test/query-tests/security/CWE-352/CONSISTENCY/typeParametersInScope.expected new file mode 100644 index 00000000000..687ce674721 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-352/CONSISTENCY/typeParametersInScope.expected @@ -0,0 +1 @@ +| Type new Customizer>(...) { ... } uses out-of-scope type variable B. Note the Java extractor is known to sometimes do this; the Kotlin extractor should not. | diff --git a/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.expected b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.expected new file mode 100644 index 00000000000..a74f2c23cda --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.expected @@ -0,0 +1,2 @@ +testFailures +failures \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.java b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.java new file mode 100644 index 00000000000..7e1e92e4392 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.java @@ -0,0 +1,10 @@ +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; + +public class SpringCsrfProtectionTest { + protected void test(HttpSecurity http) throws Exception { + http.csrf(csrf -> csrf.disable()); // $ hasSpringCsrfProtectionDisabled + http.csrf().disable(); // $ hasSpringCsrfProtectionDisabled + http.csrf(AbstractHttpConfigurer::disable); // $ hasSpringCsrfProtectionDisabled + } +} diff --git a/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.ql b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.ql new file mode 100644 index 00000000000..df22aadd4e9 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-352/SpringCsrfProtectionTest.ql @@ -0,0 +1,18 @@ +import java +import semmle.code.java.security.SpringCsrfProtection +import TestUtilities.InlineExpectationsTest + +module SpringCsrfProtectionTest implements TestSig { + string getARelevantTag() { result = "hasSpringCsrfProtectionDisabled" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasSpringCsrfProtectionDisabled" and + exists(MethodAccess call | disablesSpringCsrfProtection(call) | + call.getLocation() = location and + element = call.toString() and + value = "" + ) + } +} + +import MakeTest diff --git a/java/ql/test/query-tests/security/CWE-352/options b/java/ql/test/query-tests/security/CWE-352/options new file mode 100644 index 00000000000..595ccc6b812 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-352/options @@ -0,0 +1 @@ +semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8 \ No newline at end of file diff --git a/java/ql/test/stubs/apache-mina-sshd-2.8.0/org/apache/sshd/common/util/threads/CloseableExecutorService.java b/java/ql/test/stubs/apache-mina-sshd-2.8.0/org/apache/sshd/common/util/threads/CloseableExecutorService.java index ac65788f3c8..406ee618544 100644 --- a/java/ql/test/stubs/apache-mina-sshd-2.8.0/org/apache/sshd/common/util/threads/CloseableExecutorService.java +++ b/java/ql/test/stubs/apache-mina-sshd-2.8.0/org/apache/sshd/common/util/threads/CloseableExecutorService.java @@ -9,4 +9,6 @@ import org.apache.sshd.common.Closeable; public interface CloseableExecutorService extends Closeable, ExecutorService { default boolean awaitTermination(Duration p0){ return false; } + + default void close() { } } diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 7e4f1dceed4..3dbe33cdeb9 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -3,9 +3,11 @@ package org.springframework.security.config.annotation.web.builders; import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder; import org.springframework.security.config.annotation.SecurityBuilder; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer; import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry; @@ -35,6 +37,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder csrf() { + return null; + } + + public HttpSecurity csrf(Customizer> csrfCustomizer) { + return null; + } + public final class MvcMatchersRequestMatcherConfigurer extends RequestMatcherConfigurer { } diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java index 7a1b56d5f3f..7125e82d437 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java @@ -5,4 +5,6 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.web.DefaultSecurityFilterChain; public abstract class AbstractHttpConfigurer, B extends HttpSecurityBuilder> - extends SecurityConfigurerAdapter {} + extends SecurityConfigurerAdapter { + public B disable() { return null; } +} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java new file mode 100644 index 00000000000..f4fcab29568 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java @@ -0,0 +1,8 @@ +package org.springframework.security.config.annotation.web.configurers; + +import org.springframework.security.config.annotation.web.HttpSecurityBuilder; + +public class CsrfConfigurer> + extends AbstractHttpConfigurer, H> { + +} diff --git a/javascript/BUILD.bazel b/javascript/BUILD.bazel new file mode 100644 index 00000000000..7ba94d09634 --- /dev/null +++ b/javascript/BUILD.bazel @@ -0,0 +1,11 @@ +package(default_visibility = ["//visibility:public"]) + +alias( + name = "dbscheme", + actual = "//javascript/ql/lib:dbscheme", +) + +alias( + name = "dbscheme-stats", + actual = "//javascript/ql/lib:dbscheme-stats", +) diff --git a/javascript/extractor/lib/typescript/src/main.ts b/javascript/extractor/lib/typescript/src/main.ts index 2594f4e35f5..e9849f42f5c 100644 --- a/javascript/extractor/lib/typescript/src/main.ts +++ b/javascript/extractor/lib/typescript/src/main.ts @@ -361,7 +361,10 @@ function handleParseCommand(command: ParseCommand, checkPending = true) { let filename = command.filename; let expectedFilename = state.pendingFiles[state.pendingFileIndex]; if (expectedFilename !== filename && checkPending) { - throw new Error("File requested out of order. Expected '" + expectedFilename + "' but got '" + filename + "'"); + // File was requested out of order. This happens in rare cases because the Java process decided against extracting it, + // for example because it was too large. Just recover and accept that some work was wasted. + state.pendingResponse = null; + state.pendingFileIndex = state.pendingFiles.indexOf(filename); } ++state.pendingFileIndex; let response = state.pendingResponse || extractFile(command.filename); diff --git a/javascript/extractor/src/com/semmle/jcorn/ESNextParser.java b/javascript/extractor/src/com/semmle/jcorn/ESNextParser.java index 245e0e81321..1eff68a3038 100644 --- a/javascript/extractor/src/com/semmle/jcorn/ESNextParser.java +++ b/javascript/extractor/src/com/semmle/jcorn/ESNextParser.java @@ -314,8 +314,9 @@ public class ESNextParser extends JSXParser { this.parseExportSpecifiersMaybe(specifiers, exports); } Literal source = (Literal) this.parseExportFrom(specifiers, null, true); - Expression assertion = this.parseImportOrExportAssertionAndSemicolon(); - return this.finishNode(new ExportNamedDeclaration(exportStart, null, specifiers, source, assertion)); + Expression attributes = this.parseImportOrExportAttributesAndSemicolon(); + return this.finishNode( + new ExportNamedDeclaration(exportStart, null, specifiers, source, attributes)); } return super.parseExportRest(exportStart, exports); @@ -331,8 +332,9 @@ public class ESNextParser extends JSXParser { List specifiers = CollectionUtil.makeList(nsSpec); this.parseExportSpecifiersMaybe(specifiers, exports); Literal source = (Literal) this.parseExportFrom(specifiers, null, true); - Expression assertion = this.parseImportOrExportAssertionAndSemicolon(); - return this.finishNode(new ExportNamedDeclaration(exportStart, null, specifiers, source, assertion)); + Expression attributes = this.parseImportOrExportAttributesAndSemicolon(); + return this.finishNode( + new ExportNamedDeclaration(exportStart, null, specifiers, source, attributes)); } return super.parseExportAll(exportStart, starLoc, exports); diff --git a/javascript/extractor/src/com/semmle/jcorn/Parser.java b/javascript/extractor/src/com/semmle/jcorn/Parser.java index 361d5e6f390..e12ab864d10 100644 --- a/javascript/extractor/src/com/semmle/jcorn/Parser.java +++ b/javascript/extractor/src/com/semmle/jcorn/Parser.java @@ -3447,7 +3447,7 @@ public class Parser { Statement declaration; List specifiers; Expression source = null; - Expression assertion = null; + Expression attributes = null; if (this.shouldParseExportStatement()) { declaration = this.parseStatement(true, false); if (declaration == null) return null; @@ -3463,10 +3463,10 @@ public class Parser { declaration = null; specifiers = this.parseExportSpecifiers(exports); source = parseExportFrom(specifiers, source, false); - assertion = parseImportOrExportAssertionAndSemicolon(); + attributes = parseImportOrExportAttributesAndSemicolon(); } return this.finishNode( - new ExportNamedDeclaration(loc, declaration, specifiers, (Literal) source, assertion)); + new ExportNamedDeclaration(loc, declaration, specifiers, (Literal) source, attributes)); } /** Parses the 'from' clause of an export, not including the assertion or semicolon. */ @@ -3494,8 +3494,8 @@ public class Parser { protected ExportDeclaration parseExportAll( SourceLocation loc, Position starLoc, Set exports) { Expression source = parseExportFrom(null, null, true); - Expression assertion = parseImportOrExportAssertionAndSemicolon(); - return this.finishNode(new ExportAllDeclaration(loc, (Literal) source, assertion)); + Expression attributes = parseImportOrExportAttributesAndSemicolon(); + return this.finishNode(new ExportAllDeclaration(loc, (Literal) source, attributes)); } private void checkExport(Set exports, String name, Position pos) { @@ -3560,10 +3560,12 @@ public class Parser { return parseImportRest(loc); } - protected Expression parseImportOrExportAssertionAndSemicolon() { + protected Expression parseImportOrExportAttributesAndSemicolon() { Expression result = null; if (!this.eagerlyTrySemicolon()) { - this.expectContextual("assert"); + if (!this.eatContextual("assert")) { + this.expect(TokenType._with); + } result = this.parseObj(false, null); this.semicolon(); } @@ -3583,9 +3585,9 @@ public class Parser { if (this.type != TokenType.string) this.unexpected(); source = (Literal) this.parseExprAtom(null); } - Expression assertion = this.parseImportOrExportAssertionAndSemicolon(); + Expression attributes = this.parseImportOrExportAttributesAndSemicolon(); if (specifiers == null) return null; - return this.finishNode(new ImportDeclaration(loc, specifiers, source, assertion)); + return this.finishNode(new ImportDeclaration(loc, specifiers, source, attributes)); } // Parses a comma-separated list of module imports. diff --git a/javascript/extractor/src/com/semmle/jcorn/flow/FlowParser.java b/javascript/extractor/src/com/semmle/jcorn/flow/FlowParser.java index 82a9c9eee49..1213c15d99f 100644 --- a/javascript/extractor/src/com/semmle/jcorn/flow/FlowParser.java +++ b/javascript/extractor/src/com/semmle/jcorn/flow/FlowParser.java @@ -943,12 +943,12 @@ public class FlowParser extends ESNextParser { // `export type { foo, bar };` List specifiers = this.parseExportSpecifiers(exports); this.parseExportFrom(specifiers, null, false); - this.parseImportOrExportAssertionAndSemicolon(); + this.parseImportOrExportAttributesAndSemicolon(); return null; } else if (this.eat(TokenType.star)) { if (this.eatContextual("as")) this.parseIdent(true); this.parseExportFrom(null, null, true); - this.parseImportOrExportAssertionAndSemicolon(); + this.parseImportOrExportAttributesAndSemicolon(); return null; } else { // `export type Foo = Bar;` diff --git a/javascript/extractor/src/com/semmle/js/ast/DynamicImport.java b/javascript/extractor/src/com/semmle/js/ast/DynamicImport.java index 8c1c3aed873..fb0e060e94c 100644 --- a/javascript/extractor/src/com/semmle/js/ast/DynamicImport.java +++ b/javascript/extractor/src/com/semmle/js/ast/DynamicImport.java @@ -14,7 +14,10 @@ public class DynamicImport extends Expression { return source; } - /** Returns the second "argument" provided to the import, such as { assert: { type: "json" }}. */ + /** + * Returns the second "argument" provided to the import, such as { "with": { type: "json" }} + * . + */ public Expression getAttributes() { return attributes; } diff --git a/javascript/extractor/src/com/semmle/js/ast/ExportAllDeclaration.java b/javascript/extractor/src/com/semmle/js/ast/ExportAllDeclaration.java index a726f31c9b1..bc0ab57c5b6 100644 --- a/javascript/extractor/src/com/semmle/js/ast/ExportAllDeclaration.java +++ b/javascript/extractor/src/com/semmle/js/ast/ExportAllDeclaration.java @@ -9,20 +9,20 @@ package com.semmle.js.ast; */ public class ExportAllDeclaration extends ExportDeclaration { private final Literal source; - private final Expression assertion; + private final Expression attributes; - public ExportAllDeclaration(SourceLocation loc, Literal source, Expression assertion) { + public ExportAllDeclaration(SourceLocation loc, Literal source, Expression attributes) { super("ExportAllDeclaration", loc); this.source = source; - this.assertion = assertion; + this.attributes = attributes; } public Literal getSource() { return source; } - public Expression getAssertion() { - return assertion; + public Expression getAttributes() { + return attributes; } @Override diff --git a/javascript/extractor/src/com/semmle/js/ast/ExportNamedDeclaration.java b/javascript/extractor/src/com/semmle/js/ast/ExportNamedDeclaration.java index eddca1273a3..c2d9f235e34 100644 --- a/javascript/extractor/src/com/semmle/js/ast/ExportNamedDeclaration.java +++ b/javascript/extractor/src/com/semmle/js/ast/ExportNamedDeclaration.java @@ -15,22 +15,30 @@ public class ExportNamedDeclaration extends ExportDeclaration { private final Statement declaration; private final List specifiers; private final Literal source; - private final Expression assertion; + private final Expression attributes; private final boolean hasTypeKeyword; public ExportNamedDeclaration( - SourceLocation loc, Statement declaration, List specifiers, Literal source, Expression assertion) { - this(loc, declaration, specifiers, source, assertion, false); + SourceLocation loc, + Statement declaration, + List specifiers, + Literal source, + Expression attributes) { + this(loc, declaration, specifiers, source, attributes, false); } public ExportNamedDeclaration( - SourceLocation loc, Statement declaration, List specifiers, Literal source, - Expression assertion, boolean hasTypeKeyword) { + SourceLocation loc, + Statement declaration, + List specifiers, + Literal source, + Expression attributes, + boolean hasTypeKeyword) { super("ExportNamedDeclaration", loc); this.declaration = declaration; this.specifiers = specifiers; this.source = source; - this.assertion = assertion; + this.attributes = attributes; this.hasTypeKeyword = hasTypeKeyword; } @@ -59,9 +67,12 @@ public class ExportNamedDeclaration extends ExportDeclaration { return v.visit(this, c); } - /** Returns the expression after the assert keyword, if any, such as { type: "json" }. */ - public Expression getAssertion() { - return assertion; + /** + * Returns the expression after the with keyword, if any, such as + * { type: "json" }. + */ + public Expression getAttributes() { + return attributes; } /** Returns true if this is an export type declaration. */ diff --git a/javascript/extractor/src/com/semmle/js/ast/ImportDeclaration.java b/javascript/extractor/src/com/semmle/js/ast/ImportDeclaration.java index 133266c0b34..e672afcb471 100644 --- a/javascript/extractor/src/com/semmle/js/ast/ImportDeclaration.java +++ b/javascript/extractor/src/com/semmle/js/ast/ImportDeclaration.java @@ -1,8 +1,7 @@ package com.semmle.js.ast; -import java.util.List; - import com.semmle.ts.ast.INodeWithSymbol; +import java.util.List; /** * An import declaration, which can be of one of the following forms: @@ -23,21 +22,27 @@ public class ImportDeclaration extends Statement implements INodeWithSymbol { /** The module from which declarations are imported. */ private final Literal source; - private final Expression assertion; + private final Expression attributes; private int symbol = -1; private boolean hasTypeKeyword; - public ImportDeclaration(SourceLocation loc, List specifiers, Literal source, Expression assertion) { - this(loc, specifiers, source, assertion, false); + public ImportDeclaration( + SourceLocation loc, List specifiers, Literal source, Expression attributes) { + this(loc, specifiers, source, attributes, false); } - public ImportDeclaration(SourceLocation loc, List specifiers, Literal source, Expression assertion, boolean hasTypeKeyword) { + public ImportDeclaration( + SourceLocation loc, + List specifiers, + Literal source, + Expression attributes, + boolean hasTypeKeyword) { super("ImportDeclaration", loc); this.specifiers = specifiers; this.source = source; - this.assertion = assertion; + this.attributes = attributes; this.hasTypeKeyword = hasTypeKeyword; } @@ -49,9 +54,12 @@ public class ImportDeclaration extends Statement implements INodeWithSymbol { return specifiers; } - /** Returns the expression after the assert keyword, if any, such as { type: "json" }. */ - public Expression getAssertion() { - return assertion; + /** + * Returns the expression after the with keyword, if any, such as + * { type: "json" }. + */ + public Expression getAttributes() { + return attributes; } @Override diff --git a/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java b/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java index 30b23d28a33..c216e0c1185 100644 --- a/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java +++ b/javascript/extractor/src/com/semmle/js/ast/NodeCopier.java @@ -1,8 +1,5 @@ package com.semmle.js.ast; -import java.util.ArrayList; -import java.util.List; - import com.semmle.js.ast.jsx.JSXAttribute; import com.semmle.js.ast.jsx.JSXClosingElement; import com.semmle.js.ast.jsx.JSXElement; @@ -42,16 +39,18 @@ import com.semmle.ts.ast.OptionalTypeExpr; import com.semmle.ts.ast.ParenthesizedTypeExpr; import com.semmle.ts.ast.PredicateTypeExpr; import com.semmle.ts.ast.RestTypeExpr; +import com.semmle.ts.ast.SatisfiesExpr; import com.semmle.ts.ast.TemplateLiteralTypeExpr; import com.semmle.ts.ast.TupleTypeExpr; import com.semmle.ts.ast.TypeAliasDeclaration; import com.semmle.ts.ast.TypeAssertion; -import com.semmle.ts.ast.SatisfiesExpr; import com.semmle.ts.ast.TypeParameter; import com.semmle.ts.ast.TypeofTypeExpr; import com.semmle.ts.ast.UnaryTypeExpr; import com.semmle.ts.ast.UnionTypeExpr; import com.semmle.util.data.IntList; +import java.util.ArrayList; +import java.util.List; /** Deep cloning of AST nodes. */ public class NodeCopier implements Visitor { @@ -429,7 +428,8 @@ public class NodeCopier implements Visitor { @Override public TemplateLiteralTypeExpr visit(TemplateLiteralTypeExpr nd, Void q) { - return new TemplateLiteralTypeExpr(visit(nd.getLoc()), copy(nd.getExpressions()), copy(nd.getQuasis())); + return new TemplateLiteralTypeExpr( + visit(nd.getLoc()), copy(nd.getExpressions()), copy(nd.getQuasis())); } @Override @@ -523,7 +523,8 @@ public class NodeCopier implements Visitor { @Override public ExportAllDeclaration visit(ExportAllDeclaration nd, Void c) { - return new ExportAllDeclaration(visit(nd.getLoc()), copy(nd.getSource()), copy(nd.getAssertion())); + return new ExportAllDeclaration( + visit(nd.getLoc()), copy(nd.getSource()), copy(nd.getAttributes())); } @Override @@ -538,7 +539,7 @@ public class NodeCopier implements Visitor { copy(nd.getDeclaration()), copy(nd.getSpecifiers()), copy(nd.getSource()), - copy(nd.getAssertion())); + copy(nd.getAttributes())); } @Override @@ -559,7 +560,11 @@ public class NodeCopier implements Visitor { @Override public ImportDeclaration visit(ImportDeclaration nd, Void c) { return new ImportDeclaration( - visit(nd.getLoc()), copy(nd.getSpecifiers()), copy(nd.getSource()), copy(nd.getAssertion()), nd.hasTypeKeyword()); + visit(nd.getLoc()), + copy(nd.getSpecifiers()), + copy(nd.getSource()), + copy(nd.getAttributes()), + nd.hasTypeKeyword()); } @Override @@ -725,7 +730,8 @@ public class NodeCopier implements Visitor { @Override public INode visit(TupleTypeExpr nd, Void c) { - return new TupleTypeExpr(visit(nd.getLoc()), copy(nd.getElementTypes()), copy(nd.getElementNames())); + return new TupleTypeExpr( + visit(nd.getLoc()), copy(nd.getElementTypes()), copy(nd.getElementNames())); } @Override @@ -787,9 +793,7 @@ public class NodeCopier implements Visitor { @Override public INode visit(SatisfiesExpr nd, Void c) { return new SatisfiesExpr( - visit(nd.getLoc()), - copy(nd.getExpression()), - copy(nd.getTypeAnnotation())); + visit(nd.getLoc()), copy(nd.getExpression()), copy(nd.getTypeAnnotation())); } @Override @@ -907,7 +911,8 @@ public class NodeCopier implements Visitor { @Override public INode visit(GeneratedCodeExpr nd, Void c) { - return new GeneratedCodeExpr(visit(nd.getLoc()), nd.getOpeningDelimiter(), nd.getClosingDelimiter(), nd.getBody()); + return new GeneratedCodeExpr( + visit(nd.getLoc()), nd.getOpeningDelimiter(), nd.getClosingDelimiter(), nd.getBody()); } @Override diff --git a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java index b0b88854239..0dc00f79ab0 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java @@ -1,15 +1,5 @@ package com.semmle.js.extractor; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashSet; -import java.util.Arrays; -import java.util.List; -import java.util.Set; -import java.util.Stack; -import java.util.regex.Matcher; - import com.semmle.js.ast.AClass; import com.semmle.js.ast.AFunction; import com.semmle.js.ast.AFunctionExpression; @@ -150,11 +140,11 @@ import com.semmle.ts.ast.OptionalTypeExpr; import com.semmle.ts.ast.ParenthesizedTypeExpr; import com.semmle.ts.ast.PredicateTypeExpr; import com.semmle.ts.ast.RestTypeExpr; +import com.semmle.ts.ast.SatisfiesExpr; import com.semmle.ts.ast.TemplateLiteralTypeExpr; import com.semmle.ts.ast.TupleTypeExpr; import com.semmle.ts.ast.TypeAliasDeclaration; import com.semmle.ts.ast.TypeAssertion; -import com.semmle.ts.ast.SatisfiesExpr; import com.semmle.ts.ast.TypeExpression; import com.semmle.ts.ast.TypeParameter; import com.semmle.ts.ast.TypeofTypeExpr; @@ -166,6 +156,13 @@ import com.semmle.util.locations.OffsetTranslation; import com.semmle.util.locations.SourceMap; import com.semmle.util.trap.TrapWriter; import com.semmle.util.trap.TrapWriter.Label; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Set; +import java.util.Stack; +import java.util.regex.Matcher; /** Extractor for AST-based information; invoked by the {@link JSExtractor}. */ public class ASTExtractor { @@ -387,7 +384,8 @@ public class ASTExtractor { return visit(child, parent, childIndex, IdContext.VAR_BIND, binopOperand); } - private Label visit(INode child, Label parent, int childIndex, IdContext idContext, boolean binopOperand) { + private Label visit( + INode child, Label parent, int childIndex, IdContext idContext, boolean binopOperand) { if (child == null) return null; return child.accept(this, new Context(parent, childIndex, idContext, binopOperand)); } @@ -590,15 +588,28 @@ public class ASTExtractor { trapwriter.addTuple("literals", valueString, source, key); Position start = nd.getLoc().getStart(); - com.semmle.util.locations.Position startPos = new com.semmle.util.locations.Position(start.getLine(), start.getColumn() + 1 /* Convert from 0-based to 1-based. */, start.getOffset()); + com.semmle.util.locations.Position startPos = + new com.semmle.util.locations.Position( + start.getLine(), + start.getColumn() + 1 /* Convert from 0-based to 1-based. */, + start.getOffset()); if (nd.isRegExp()) { OffsetTranslation offsets = new OffsetTranslation(); offsets.set(0, 1); // skip the initial '/' - SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getRaw()).offsetBy(0, offsets), startPos); + SourceMap sourceMap = + SourceMap.legacyWithStartPos( + SourceMap.fromString(nd.getRaw()).offsetBy(0, offsets), startPos); regexpExtractor.extract(source.substring(1, source.lastIndexOf('/')), sourceMap, nd, false); - } else if (nd.isStringLiteral() && !c.isInsideType() && nd.getRaw().length() < 1000 && !c.isBinopOperand()) { - SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getRaw()).offsetBy(0, makeStringLiteralOffsets(nd.getRaw())), startPos); + } else if (nd.isStringLiteral() + && !c.isInsideType() + && nd.getRaw().length() < 1000 + && !c.isBinopOperand()) { + SourceMap sourceMap = + SourceMap.legacyWithStartPos( + SourceMap.fromString(nd.getRaw()) + .offsetBy(0, makeStringLiteralOffsets(nd.getRaw())), + startPos); regexpExtractor.extract(valueString, sourceMap, nd, true); // Scan the string for template tags, if we're in a context where such tags are relevant. @@ -621,8 +632,8 @@ public class ASTExtractor { } /** - * Constant-folds simple string concatenations in `exp` while keeping an offset translation - * that tracks back to the original source. + * Constant-folds simple string concatenations in `exp` while keeping an offset translation that + * tracks back to the original source. */ private Pair getStringConcatResult(Expression exp) { if (exp instanceof BinaryExpression) { @@ -638,7 +649,9 @@ public class ASTExtractor { return null; } - int delta = be.getRight().getLoc().getStart().getOffset() - be.getLeft().getLoc().getStart().getOffset(); + int delta = + be.getRight().getLoc().getStart().getOffset() + - be.getLeft().getLoc().getStart().getOffset(); int offset = left.fst().length(); return Pair.make(str, left.snd().append(right.snd(), offset, delta)); } @@ -748,7 +761,9 @@ public class ASTExtractor { visit(nd.getProperty(), key, 1, IdContext.TYPE_LABEL); } else { IdContext baseIdContext = - (c.idcontext == IdContext.EXPORT || c.idcontext == IdContext.EXPORT_BASE) ? IdContext.EXPORT_BASE : IdContext.VAR_BIND; + (c.idcontext == IdContext.EXPORT || c.idcontext == IdContext.EXPORT_BASE) + ? IdContext.EXPORT_BASE + : IdContext.VAR_BIND; visit(nd.getObject(), key, 0, baseIdContext); visit(nd.getProperty(), key, 1, nd.isComputed() ? IdContext.VAR_BIND : IdContext.LABEL); } @@ -848,8 +863,11 @@ public class ASTExtractor { @Override public Label visit(BinaryExpression nd, Context c) { Label key = super.visit(nd, c); - if (nd.getOperator().equals("in") && nd.getLeft() instanceof Identifier && ((Identifier)nd.getLeft()).getName().startsWith("#")) { - // this happens with Ergonomic brand checks for Private Fields (see https://github.com/tc39/proposal-private-fields-in-in). + if (nd.getOperator().equals("in") + && nd.getLeft() instanceof Identifier + && ((Identifier) nd.getLeft()).getName().startsWith("#")) { + // this happens with Ergonomic brand checks for Private Fields (see + // https://github.com/tc39/proposal-private-fields-in-in). // it's the only case where private field identifiers are used not as a field. visit(nd.getLeft(), key, 0, IdContext.LABEL, true); } else { @@ -875,8 +893,14 @@ public class ASTExtractor { } OffsetTranslation offsets = concatResult.snd(); Position start = nd.getLoc().getStart(); - com.semmle.util.locations.Position startPos = new com.semmle.util.locations.Position(start.getLine(), start.getColumn() + 1 /* Convert from 0-based to 1-based. */, start.getOffset()); - SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getLoc().getSource()).offsetBy(0, offsets), startPos); + com.semmle.util.locations.Position startPos = + new com.semmle.util.locations.Position( + start.getLine(), + start.getColumn() + 1 /* Convert from 0-based to 1-based. */, + start.getOffset()); + SourceMap sourceMap = + SourceMap.legacyWithStartPos( + SourceMap.fromString(nd.getLoc().getSource()).offsetBy(0, offsets), startPos); regexpExtractor.extract(foldedString, sourceMap, nd, true); return; } @@ -1759,7 +1783,7 @@ public class ASTExtractor { public Label visit(ExportAllDeclaration nd, Context c) { Label lbl = super.visit(nd, c); visit(nd.getSource(), lbl, 0); - visit(nd.getAssertion(), lbl, -10); + visit(nd.getAttributes(), lbl, -10); return lbl; } @@ -1775,7 +1799,7 @@ public class ASTExtractor { Label lbl = super.visit(nd, c); visit(nd.getDeclaration(), lbl, -1); visit(nd.getSource(), lbl, -2); - visit(nd.getAssertion(), lbl, -10); + visit(nd.getAttributes(), lbl, -10); IdContext childContext = nd.hasSource() ? IdContext.LABEL @@ -1799,7 +1823,7 @@ public class ASTExtractor { public Label visit(ImportDeclaration nd, Context c) { Label lbl = super.visit(nd, c); visit(nd.getSource(), lbl, -1); - visit(nd.getAssertion(), lbl, -10); + visit(nd.getAttributes(), lbl, -10); IdContext childContext = nd.hasTypeKeyword() ? IdContext.TYPE_ONLY_IMPORT diff --git a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java index d08252f5c12..398f7e6de68 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java +++ b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java @@ -153,7 +153,7 @@ import com.semmle.util.trap.TrapWriter; *
  • All JavaScript files, that is, files with one of the extensions supported by {@link * FileType#JS} (currently ".js", ".jsx", ".mjs", ".cjs", ".es6", ".es"). *
  • All HTML files, that is, files with with one of the extensions supported by {@link - * FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue", ".html.erb"). + * FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue", ".html.erb", ".jsp"). *
  • All YAML files, that is, files with one of the extensions supported by {@link * FileType#YAML} (currently ".raml", ".yaml", ".yml"). *
  • Files with base name "package.json" or "tsconfig.json", and files whose base name diff --git a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java index 5ac4ac5ea44..4455c84d92c 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java @@ -103,7 +103,7 @@ public class FileExtractor { /** Information about supported file types. */ public static enum FileType { - HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb") { + HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb", ".jsp") { @Override public IExtractor mkExtractor(ExtractorConfig config, ExtractorState state) { return new HTMLExtractor(config, state); diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java index 72156e94927..5b4b6a2494e 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/Main.java +++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java @@ -41,7 +41,7 @@ public class Main { * A version identifier that should be updated every time the extractor changes in such a way that * it may produce different tuples for the same file under the same {@link ExtractorConfig}. */ - public static final String EXTRACTOR_VERSION = "2023-08-10"; + public static final String EXTRACTOR_VERSION = "2023-10-13"; public static final Pattern NEWLINE = Pattern.compile("\n"); diff --git a/javascript/extractor/tests/esnext/input/import-assertion.js b/javascript/extractor/tests/esnext/input/import-attributes.js similarity index 56% rename from javascript/extractor/tests/esnext/input/import-assertion.js rename to javascript/extractor/tests/esnext/input/import-attributes.js index 23c030be511..6f196a0ca6c 100644 --- a/javascript/extractor/tests/esnext/input/import-assertion.js +++ b/javascript/extractor/tests/esnext/input/import-attributes.js @@ -1,3 +1,17 @@ +import "module" with { type: "json" }; +import * as v1 from "module" with { type: "json" }; +import { v2 } from "module" with { type: "json" }; +import v3 from "module" with { type: "json" }; + +export { v4 } from "module" with { type: "json" }; +export * from "module" with { type: "json" }; +export * as v5 from "module" with { type: "json" }; + +const v6 = import("module", { with: { type: "json" } }); + +import "module" // missing semicolon +assert({type: "json"}); // function call, not import assertion + import "module" assert { type: "json" }; import * as v1 from "module" assert { type: "json" }; import { v2 } from "module" assert { type: "json" }; @@ -8,6 +22,3 @@ export * from "module" assert { type: "json" }; export * as v5 from "module" assert { type: "json" }; const v6 = import("module", { assert: { type: "json" } }); - -import "module" // missing semicolon -assert({type: "json"}); // function call, not import assertion diff --git a/javascript/extractor/tests/esnext/output/trap/import-assertion.js.trap b/javascript/extractor/tests/esnext/output/trap/import-assertion.js.trap deleted file mode 100644 index 88f32abcfbf..00000000000 --- a/javascript/extractor/tests/esnext/output/trap/import-assertion.js.trap +++ /dev/null @@ -1,1305 +0,0 @@ -#10000=@"/import-assertion.js;sourcefile" -files(#10000,"/import-assertion.js") -#10001=@"/;folder" -folders(#10001,"/") -containerparent(#10001,#10000) -#10002=@"loc,{#10000},0,0,0,0" -locations_default(#10002,#10000,0,0,0,0) -hasLocation(#10000,#10002) -#20000=@"global_scope" -scopes(#20000,0) -#20001=@"script;{#10000},1,1" -#20002=* -comments(#20002,0,#20001," missing semicolon","// missing semicolon") -#20003=@"loc,{#10000},12,17,12,36" -locations_default(#20003,#10000,12,17,12,36) -hasLocation(#20002,#20003) -#20004=* -comments(#20004,0,#20001," function call, not import assertion","// func ... sertion") -#20005=@"loc,{#10000},13,25,13,62" -locations_default(#20005,#10000,13,25,13,62) -hasLocation(#20004,#20005) -#20006=* -lines(#20006,#20001,"import ""module"" assert { type: ""json"" };"," -") -#20007=@"loc,{#10000},1,1,1,40" -locations_default(#20007,#10000,1,1,1,40) -hasLocation(#20006,#20007) -#20008=* -lines(#20008,#20001,"import * as v1 from ""module"" assert { type: ""json"" };"," -") -#20009=@"loc,{#10000},2,1,2,53" -locations_default(#20009,#10000,2,1,2,53) -hasLocation(#20008,#20009) -#20010=* -lines(#20010,#20001,"import { v2 } from ""module"" assert { type: ""json"" };"," -") -#20011=@"loc,{#10000},3,1,3,52" -locations_default(#20011,#10000,3,1,3,52) -hasLocation(#20010,#20011) -#20012=* -lines(#20012,#20001,"import v3 from ""module"" assert { type: ""json"" };"," -") -#20013=@"loc,{#10000},4,1,4,48" -locations_default(#20013,#10000,4,1,4,48) -hasLocation(#20012,#20013) -#20014=* -lines(#20014,#20001,""," -") -#20015=@"loc,{#10000},5,1,5,0" -locations_default(#20015,#10000,5,1,5,0) -hasLocation(#20014,#20015) -#20016=* -lines(#20016,#20001,"export { v4 } from ""module"" assert { type: ""json"" };"," -") -#20017=@"loc,{#10000},6,1,6,52" -locations_default(#20017,#10000,6,1,6,52) -hasLocation(#20016,#20017) -#20018=* -lines(#20018,#20001,"export * from ""module"" assert { type: ""json"" };"," -") -#20019=@"loc,{#10000},7,1,7,47" -locations_default(#20019,#10000,7,1,7,47) -hasLocation(#20018,#20019) -#20020=* -lines(#20020,#20001,"export * as v5 from ""module"" assert { type: ""json"" };"," -") -#20021=@"loc,{#10000},8,1,8,53" -locations_default(#20021,#10000,8,1,8,53) -hasLocation(#20020,#20021) -#20022=* -lines(#20022,#20001,""," -") -#20023=@"loc,{#10000},9,1,9,0" -locations_default(#20023,#10000,9,1,9,0) -hasLocation(#20022,#20023) -#20024=* -lines(#20024,#20001,"const v6 = import(""module"", { assert: { type: ""json"" } });"," -") -#20025=@"loc,{#10000},10,1,10,58" -locations_default(#20025,#10000,10,1,10,58) -hasLocation(#20024,#20025) -#20026=* -lines(#20026,#20001,""," -") -#20027=@"loc,{#10000},11,1,11,0" -locations_default(#20027,#10000,11,1,11,0) -hasLocation(#20026,#20027) -#20028=* -lines(#20028,#20001,"import ""module"" // missing semicolon"," -") -#20029=@"loc,{#10000},12,1,12,36" -locations_default(#20029,#10000,12,1,12,36) -hasLocation(#20028,#20029) -#20030=* -lines(#20030,#20001,"assert({type: ""json""}); // function call, not import assertion"," -") -#20031=@"loc,{#10000},13,1,13,62" -locations_default(#20031,#10000,13,1,13,62) -hasLocation(#20030,#20031) -numlines(#20001,13,10,2) -#20032=* -tokeninfo(#20032,7,#20001,0,"import") -#20033=@"loc,{#10000},1,1,1,6" -locations_default(#20033,#10000,1,1,1,6) -hasLocation(#20032,#20033) -#20034=* -tokeninfo(#20034,4,#20001,1,"""module""") -#20035=@"loc,{#10000},1,8,1,15" -locations_default(#20035,#10000,1,8,1,15) -hasLocation(#20034,#20035) -#20036=* -tokeninfo(#20036,6,#20001,2,"assert") -#20037=@"loc,{#10000},1,17,1,22" -locations_default(#20037,#10000,1,17,1,22) -hasLocation(#20036,#20037) -#20038=* -tokeninfo(#20038,8,#20001,3,"{") -#20039=@"loc,{#10000},1,24,1,24" -locations_default(#20039,#10000,1,24,1,24) -hasLocation(#20038,#20039) -#20040=* -tokeninfo(#20040,6,#20001,4,"type") -#20041=@"loc,{#10000},1,26,1,29" -locations_default(#20041,#10000,1,26,1,29) -hasLocation(#20040,#20041) -#20042=* -tokeninfo(#20042,8,#20001,5,":") -#20043=@"loc,{#10000},1,30,1,30" -locations_default(#20043,#10000,1,30,1,30) -hasLocation(#20042,#20043) -#20044=* -tokeninfo(#20044,4,#20001,6,"""json""") -#20045=@"loc,{#10000},1,32,1,37" -locations_default(#20045,#10000,1,32,1,37) -hasLocation(#20044,#20045) -#20046=* -tokeninfo(#20046,8,#20001,7,"}") -#20047=@"loc,{#10000},1,39,1,39" -locations_default(#20047,#10000,1,39,1,39) -hasLocation(#20046,#20047) -#20048=* -tokeninfo(#20048,8,#20001,8,";") -#20049=@"loc,{#10000},1,40,1,40" -locations_default(#20049,#10000,1,40,1,40) -hasLocation(#20048,#20049) -#20050=* -tokeninfo(#20050,7,#20001,9,"import") -#20051=@"loc,{#10000},2,1,2,6" -locations_default(#20051,#10000,2,1,2,6) -hasLocation(#20050,#20051) -#20052=* -tokeninfo(#20052,8,#20001,10,"*") -#20053=@"loc,{#10000},2,8,2,8" -locations_default(#20053,#10000,2,8,2,8) -hasLocation(#20052,#20053) -#20054=* -tokeninfo(#20054,6,#20001,11,"as") -#20055=@"loc,{#10000},2,10,2,11" -locations_default(#20055,#10000,2,10,2,11) -hasLocation(#20054,#20055) -#20056=* -tokeninfo(#20056,6,#20001,12,"v1") -#20057=@"loc,{#10000},2,13,2,14" -locations_default(#20057,#10000,2,13,2,14) -hasLocation(#20056,#20057) -#20058=* -tokeninfo(#20058,6,#20001,13,"from") -#20059=@"loc,{#10000},2,16,2,19" -locations_default(#20059,#10000,2,16,2,19) -hasLocation(#20058,#20059) -#20060=* -tokeninfo(#20060,4,#20001,14,"""module""") -#20061=@"loc,{#10000},2,21,2,28" -locations_default(#20061,#10000,2,21,2,28) -hasLocation(#20060,#20061) -#20062=* -tokeninfo(#20062,6,#20001,15,"assert") -#20063=@"loc,{#10000},2,30,2,35" -locations_default(#20063,#10000,2,30,2,35) -hasLocation(#20062,#20063) -#20064=* -tokeninfo(#20064,8,#20001,16,"{") -#20065=@"loc,{#10000},2,37,2,37" -locations_default(#20065,#10000,2,37,2,37) -hasLocation(#20064,#20065) -#20066=* -tokeninfo(#20066,6,#20001,17,"type") -#20067=@"loc,{#10000},2,39,2,42" -locations_default(#20067,#10000,2,39,2,42) -hasLocation(#20066,#20067) -#20068=* -tokeninfo(#20068,8,#20001,18,":") -#20069=@"loc,{#10000},2,43,2,43" -locations_default(#20069,#10000,2,43,2,43) -hasLocation(#20068,#20069) -#20070=* -tokeninfo(#20070,4,#20001,19,"""json""") -#20071=@"loc,{#10000},2,45,2,50" -locations_default(#20071,#10000,2,45,2,50) -hasLocation(#20070,#20071) -#20072=* -tokeninfo(#20072,8,#20001,20,"}") -#20073=@"loc,{#10000},2,52,2,52" -locations_default(#20073,#10000,2,52,2,52) -hasLocation(#20072,#20073) -#20074=* -tokeninfo(#20074,8,#20001,21,";") -#20075=@"loc,{#10000},2,53,2,53" -locations_default(#20075,#10000,2,53,2,53) -hasLocation(#20074,#20075) -#20076=* -tokeninfo(#20076,7,#20001,22,"import") -#20077=@"loc,{#10000},3,1,3,6" -locations_default(#20077,#10000,3,1,3,6) -hasLocation(#20076,#20077) -#20078=* -tokeninfo(#20078,8,#20001,23,"{") -#20079=@"loc,{#10000},3,8,3,8" -locations_default(#20079,#10000,3,8,3,8) -hasLocation(#20078,#20079) -#20080=* -tokeninfo(#20080,6,#20001,24,"v2") -#20081=@"loc,{#10000},3,10,3,11" -locations_default(#20081,#10000,3,10,3,11) -hasLocation(#20080,#20081) -#20082=* -tokeninfo(#20082,8,#20001,25,"}") -#20083=@"loc,{#10000},3,13,3,13" -locations_default(#20083,#10000,3,13,3,13) -hasLocation(#20082,#20083) -#20084=* -tokeninfo(#20084,6,#20001,26,"from") -#20085=@"loc,{#10000},3,15,3,18" -locations_default(#20085,#10000,3,15,3,18) -hasLocation(#20084,#20085) -#20086=* -tokeninfo(#20086,4,#20001,27,"""module""") -#20087=@"loc,{#10000},3,20,3,27" -locations_default(#20087,#10000,3,20,3,27) -hasLocation(#20086,#20087) -#20088=* -tokeninfo(#20088,6,#20001,28,"assert") -#20089=@"loc,{#10000},3,29,3,34" -locations_default(#20089,#10000,3,29,3,34) -hasLocation(#20088,#20089) -#20090=* -tokeninfo(#20090,8,#20001,29,"{") -#20091=@"loc,{#10000},3,36,3,36" -locations_default(#20091,#10000,3,36,3,36) -hasLocation(#20090,#20091) -#20092=* -tokeninfo(#20092,6,#20001,30,"type") -#20093=@"loc,{#10000},3,38,3,41" -locations_default(#20093,#10000,3,38,3,41) -hasLocation(#20092,#20093) -#20094=* -tokeninfo(#20094,8,#20001,31,":") -#20095=@"loc,{#10000},3,42,3,42" -locations_default(#20095,#10000,3,42,3,42) -hasLocation(#20094,#20095) -#20096=* -tokeninfo(#20096,4,#20001,32,"""json""") -#20097=@"loc,{#10000},3,44,3,49" -locations_default(#20097,#10000,3,44,3,49) -hasLocation(#20096,#20097) -#20098=* -tokeninfo(#20098,8,#20001,33,"}") -#20099=@"loc,{#10000},3,51,3,51" -locations_default(#20099,#10000,3,51,3,51) -hasLocation(#20098,#20099) -#20100=* -tokeninfo(#20100,8,#20001,34,";") -#20101=@"loc,{#10000},3,52,3,52" -locations_default(#20101,#10000,3,52,3,52) -hasLocation(#20100,#20101) -#20102=* -tokeninfo(#20102,7,#20001,35,"import") -#20103=@"loc,{#10000},4,1,4,6" -locations_default(#20103,#10000,4,1,4,6) -hasLocation(#20102,#20103) -#20104=* -tokeninfo(#20104,6,#20001,36,"v3") -#20105=@"loc,{#10000},4,8,4,9" -locations_default(#20105,#10000,4,8,4,9) -hasLocation(#20104,#20105) -#20106=* -tokeninfo(#20106,6,#20001,37,"from") -#20107=@"loc,{#10000},4,11,4,14" -locations_default(#20107,#10000,4,11,4,14) -hasLocation(#20106,#20107) -#20108=* -tokeninfo(#20108,4,#20001,38,"""module""") -#20109=@"loc,{#10000},4,16,4,23" -locations_default(#20109,#10000,4,16,4,23) -hasLocation(#20108,#20109) -#20110=* -tokeninfo(#20110,6,#20001,39,"assert") -#20111=@"loc,{#10000},4,25,4,30" -locations_default(#20111,#10000,4,25,4,30) -hasLocation(#20110,#20111) -#20112=* -tokeninfo(#20112,8,#20001,40,"{") -#20113=@"loc,{#10000},4,32,4,32" -locations_default(#20113,#10000,4,32,4,32) -hasLocation(#20112,#20113) -#20114=* -tokeninfo(#20114,6,#20001,41,"type") -#20115=@"loc,{#10000},4,34,4,37" -locations_default(#20115,#10000,4,34,4,37) -hasLocation(#20114,#20115) -#20116=* -tokeninfo(#20116,8,#20001,42,":") -#20117=@"loc,{#10000},4,38,4,38" -locations_default(#20117,#10000,4,38,4,38) -hasLocation(#20116,#20117) -#20118=* -tokeninfo(#20118,4,#20001,43,"""json""") -#20119=@"loc,{#10000},4,40,4,45" -locations_default(#20119,#10000,4,40,4,45) -hasLocation(#20118,#20119) -#20120=* -tokeninfo(#20120,8,#20001,44,"}") -#20121=@"loc,{#10000},4,47,4,47" -locations_default(#20121,#10000,4,47,4,47) -hasLocation(#20120,#20121) -#20122=* -tokeninfo(#20122,8,#20001,45,";") -#20123=@"loc,{#10000},4,48,4,48" -locations_default(#20123,#10000,4,48,4,48) -hasLocation(#20122,#20123) -#20124=* -tokeninfo(#20124,7,#20001,46,"export") -#20125=@"loc,{#10000},6,1,6,6" -locations_default(#20125,#10000,6,1,6,6) -hasLocation(#20124,#20125) -#20126=* -tokeninfo(#20126,8,#20001,47,"{") -#20127=@"loc,{#10000},6,8,6,8" -locations_default(#20127,#10000,6,8,6,8) -hasLocation(#20126,#20127) -#20128=* -tokeninfo(#20128,6,#20001,48,"v4") -#20129=@"loc,{#10000},6,10,6,11" -locations_default(#20129,#10000,6,10,6,11) -hasLocation(#20128,#20129) -#20130=* -tokeninfo(#20130,8,#20001,49,"}") -#20131=@"loc,{#10000},6,13,6,13" -locations_default(#20131,#10000,6,13,6,13) -hasLocation(#20130,#20131) -#20132=* -tokeninfo(#20132,6,#20001,50,"from") -#20133=@"loc,{#10000},6,15,6,18" -locations_default(#20133,#10000,6,15,6,18) -hasLocation(#20132,#20133) -#20134=* -tokeninfo(#20134,4,#20001,51,"""module""") -#20135=@"loc,{#10000},6,20,6,27" -locations_default(#20135,#10000,6,20,6,27) -hasLocation(#20134,#20135) -#20136=* -tokeninfo(#20136,6,#20001,52,"assert") -#20137=@"loc,{#10000},6,29,6,34" -locations_default(#20137,#10000,6,29,6,34) -hasLocation(#20136,#20137) -#20138=* -tokeninfo(#20138,8,#20001,53,"{") -#20139=@"loc,{#10000},6,36,6,36" -locations_default(#20139,#10000,6,36,6,36) -hasLocation(#20138,#20139) -#20140=* -tokeninfo(#20140,6,#20001,54,"type") -#20141=@"loc,{#10000},6,38,6,41" -locations_default(#20141,#10000,6,38,6,41) -hasLocation(#20140,#20141) -#20142=* -tokeninfo(#20142,8,#20001,55,":") -#20143=@"loc,{#10000},6,42,6,42" -locations_default(#20143,#10000,6,42,6,42) -hasLocation(#20142,#20143) -#20144=* -tokeninfo(#20144,4,#20001,56,"""json""") -#20145=@"loc,{#10000},6,44,6,49" -locations_default(#20145,#10000,6,44,6,49) -hasLocation(#20144,#20145) -#20146=* -tokeninfo(#20146,8,#20001,57,"}") -#20147=@"loc,{#10000},6,51,6,51" -locations_default(#20147,#10000,6,51,6,51) -hasLocation(#20146,#20147) -#20148=* -tokeninfo(#20148,8,#20001,58,";") -#20149=@"loc,{#10000},6,52,6,52" -locations_default(#20149,#10000,6,52,6,52) -hasLocation(#20148,#20149) -#20150=* -tokeninfo(#20150,7,#20001,59,"export") -#20151=@"loc,{#10000},7,1,7,6" -locations_default(#20151,#10000,7,1,7,6) -hasLocation(#20150,#20151) -#20152=* -tokeninfo(#20152,8,#20001,60,"*") -#20153=@"loc,{#10000},7,8,7,8" -locations_default(#20153,#10000,7,8,7,8) -hasLocation(#20152,#20153) -#20154=* -tokeninfo(#20154,6,#20001,61,"from") -#20155=@"loc,{#10000},7,10,7,13" -locations_default(#20155,#10000,7,10,7,13) -hasLocation(#20154,#20155) -#20156=* -tokeninfo(#20156,4,#20001,62,"""module""") -#20157=@"loc,{#10000},7,15,7,22" -locations_default(#20157,#10000,7,15,7,22) -hasLocation(#20156,#20157) -#20158=* -tokeninfo(#20158,6,#20001,63,"assert") -#20159=@"loc,{#10000},7,24,7,29" -locations_default(#20159,#10000,7,24,7,29) -hasLocation(#20158,#20159) -#20160=* -tokeninfo(#20160,8,#20001,64,"{") -#20161=@"loc,{#10000},7,31,7,31" -locations_default(#20161,#10000,7,31,7,31) -hasLocation(#20160,#20161) -#20162=* -tokeninfo(#20162,6,#20001,65,"type") -#20163=@"loc,{#10000},7,33,7,36" -locations_default(#20163,#10000,7,33,7,36) -hasLocation(#20162,#20163) -#20164=* -tokeninfo(#20164,8,#20001,66,":") -#20165=@"loc,{#10000},7,37,7,37" -locations_default(#20165,#10000,7,37,7,37) -hasLocation(#20164,#20165) -#20166=* -tokeninfo(#20166,4,#20001,67,"""json""") -#20167=@"loc,{#10000},7,39,7,44" -locations_default(#20167,#10000,7,39,7,44) -hasLocation(#20166,#20167) -#20168=* -tokeninfo(#20168,8,#20001,68,"}") -#20169=@"loc,{#10000},7,46,7,46" -locations_default(#20169,#10000,7,46,7,46) -hasLocation(#20168,#20169) -#20170=* -tokeninfo(#20170,8,#20001,69,";") -#20171=@"loc,{#10000},7,47,7,47" -locations_default(#20171,#10000,7,47,7,47) -hasLocation(#20170,#20171) -#20172=* -tokeninfo(#20172,7,#20001,70,"export") -#20173=@"loc,{#10000},8,1,8,6" -locations_default(#20173,#10000,8,1,8,6) -hasLocation(#20172,#20173) -#20174=* -tokeninfo(#20174,8,#20001,71,"*") -#20175=@"loc,{#10000},8,8,8,8" -locations_default(#20175,#10000,8,8,8,8) -hasLocation(#20174,#20175) -#20176=* -tokeninfo(#20176,6,#20001,72,"as") -#20177=@"loc,{#10000},8,10,8,11" -locations_default(#20177,#10000,8,10,8,11) -hasLocation(#20176,#20177) -#20178=* -tokeninfo(#20178,6,#20001,73,"v5") -#20179=@"loc,{#10000},8,13,8,14" -locations_default(#20179,#10000,8,13,8,14) -hasLocation(#20178,#20179) -#20180=* -tokeninfo(#20180,6,#20001,74,"from") -#20181=@"loc,{#10000},8,16,8,19" -locations_default(#20181,#10000,8,16,8,19) -hasLocation(#20180,#20181) -#20182=* -tokeninfo(#20182,4,#20001,75,"""module""") -#20183=@"loc,{#10000},8,21,8,28" -locations_default(#20183,#10000,8,21,8,28) -hasLocation(#20182,#20183) -#20184=* -tokeninfo(#20184,6,#20001,76,"assert") -#20185=@"loc,{#10000},8,30,8,35" -locations_default(#20185,#10000,8,30,8,35) -hasLocation(#20184,#20185) -#20186=* -tokeninfo(#20186,8,#20001,77,"{") -#20187=@"loc,{#10000},8,37,8,37" -locations_default(#20187,#10000,8,37,8,37) -hasLocation(#20186,#20187) -#20188=* -tokeninfo(#20188,6,#20001,78,"type") -#20189=@"loc,{#10000},8,39,8,42" -locations_default(#20189,#10000,8,39,8,42) -hasLocation(#20188,#20189) -#20190=* -tokeninfo(#20190,8,#20001,79,":") -#20191=@"loc,{#10000},8,43,8,43" -locations_default(#20191,#10000,8,43,8,43) -hasLocation(#20190,#20191) -#20192=* -tokeninfo(#20192,4,#20001,80,"""json""") -#20193=@"loc,{#10000},8,45,8,50" -locations_default(#20193,#10000,8,45,8,50) -hasLocation(#20192,#20193) -#20194=* -tokeninfo(#20194,8,#20001,81,"}") -#20195=@"loc,{#10000},8,52,8,52" -locations_default(#20195,#10000,8,52,8,52) -hasLocation(#20194,#20195) -#20196=* -tokeninfo(#20196,8,#20001,82,";") -#20197=@"loc,{#10000},8,53,8,53" -locations_default(#20197,#10000,8,53,8,53) -hasLocation(#20196,#20197) -#20198=* -tokeninfo(#20198,7,#20001,83,"const") -#20199=@"loc,{#10000},10,1,10,5" -locations_default(#20199,#10000,10,1,10,5) -hasLocation(#20198,#20199) -#20200=* -tokeninfo(#20200,6,#20001,84,"v6") -#20201=@"loc,{#10000},10,7,10,8" -locations_default(#20201,#10000,10,7,10,8) -hasLocation(#20200,#20201) -#20202=* -tokeninfo(#20202,8,#20001,85,"=") -#20203=@"loc,{#10000},10,10,10,10" -locations_default(#20203,#10000,10,10,10,10) -hasLocation(#20202,#20203) -#20204=* -tokeninfo(#20204,7,#20001,86,"import") -#20205=@"loc,{#10000},10,12,10,17" -locations_default(#20205,#10000,10,12,10,17) -hasLocation(#20204,#20205) -#20206=* -tokeninfo(#20206,8,#20001,87,"(") -#20207=@"loc,{#10000},10,18,10,18" -locations_default(#20207,#10000,10,18,10,18) -hasLocation(#20206,#20207) -#20208=* -tokeninfo(#20208,4,#20001,88,"""module""") -#20209=@"loc,{#10000},10,19,10,26" -locations_default(#20209,#10000,10,19,10,26) -hasLocation(#20208,#20209) -#20210=* -tokeninfo(#20210,8,#20001,89,",") -#20211=@"loc,{#10000},10,27,10,27" -locations_default(#20211,#10000,10,27,10,27) -hasLocation(#20210,#20211) -#20212=* -tokeninfo(#20212,8,#20001,90,"{") -#20213=@"loc,{#10000},10,29,10,29" -locations_default(#20213,#10000,10,29,10,29) -hasLocation(#20212,#20213) -#20214=* -tokeninfo(#20214,6,#20001,91,"assert") -#20215=@"loc,{#10000},10,31,10,36" -locations_default(#20215,#10000,10,31,10,36) -hasLocation(#20214,#20215) -#20216=* -tokeninfo(#20216,8,#20001,92,":") -#20217=@"loc,{#10000},10,37,10,37" -locations_default(#20217,#10000,10,37,10,37) -hasLocation(#20216,#20217) -#20218=* -tokeninfo(#20218,8,#20001,93,"{") -#20219=@"loc,{#10000},10,39,10,39" -locations_default(#20219,#10000,10,39,10,39) -hasLocation(#20218,#20219) -#20220=* -tokeninfo(#20220,6,#20001,94,"type") -#20221=@"loc,{#10000},10,41,10,44" -locations_default(#20221,#10000,10,41,10,44) -hasLocation(#20220,#20221) -#20222=* -tokeninfo(#20222,8,#20001,95,":") -#20223=@"loc,{#10000},10,45,10,45" -locations_default(#20223,#10000,10,45,10,45) -hasLocation(#20222,#20223) -#20224=* -tokeninfo(#20224,4,#20001,96,"""json""") -#20225=@"loc,{#10000},10,47,10,52" -locations_default(#20225,#10000,10,47,10,52) -hasLocation(#20224,#20225) -#20226=* -tokeninfo(#20226,8,#20001,97,"}") -#20227=@"loc,{#10000},10,54,10,54" -locations_default(#20227,#10000,10,54,10,54) -hasLocation(#20226,#20227) -#20228=* -tokeninfo(#20228,8,#20001,98,"}") -#20229=@"loc,{#10000},10,56,10,56" -locations_default(#20229,#10000,10,56,10,56) -hasLocation(#20228,#20229) -#20230=* -tokeninfo(#20230,8,#20001,99,")") -#20231=@"loc,{#10000},10,57,10,57" -locations_default(#20231,#10000,10,57,10,57) -hasLocation(#20230,#20231) -#20232=* -tokeninfo(#20232,8,#20001,100,";") -#20233=@"loc,{#10000},10,58,10,58" -locations_default(#20233,#10000,10,58,10,58) -hasLocation(#20232,#20233) -#20234=* -tokeninfo(#20234,7,#20001,101,"import") -#20235=@"loc,{#10000},12,1,12,6" -locations_default(#20235,#10000,12,1,12,6) -hasLocation(#20234,#20235) -#20236=* -tokeninfo(#20236,4,#20001,102,"""module""") -#20237=@"loc,{#10000},12,8,12,15" -locations_default(#20237,#10000,12,8,12,15) -hasLocation(#20236,#20237) -#20238=* -tokeninfo(#20238,6,#20001,103,"assert") -#20239=@"loc,{#10000},13,1,13,6" -locations_default(#20239,#10000,13,1,13,6) -hasLocation(#20238,#20239) -next_token(#20002,#20238) -#20240=* -tokeninfo(#20240,8,#20001,104,"(") -#20241=@"loc,{#10000},13,7,13,7" -locations_default(#20241,#10000,13,7,13,7) -hasLocation(#20240,#20241) -#20242=* -tokeninfo(#20242,8,#20001,105,"{") -#20243=@"loc,{#10000},13,8,13,8" -locations_default(#20243,#10000,13,8,13,8) -hasLocation(#20242,#20243) -#20244=* -tokeninfo(#20244,6,#20001,106,"type") -#20245=@"loc,{#10000},13,9,13,12" -locations_default(#20245,#10000,13,9,13,12) -hasLocation(#20244,#20245) -#20246=* -tokeninfo(#20246,8,#20001,107,":") -#20247=@"loc,{#10000},13,13,13,13" -locations_default(#20247,#10000,13,13,13,13) -hasLocation(#20246,#20247) -#20248=* -tokeninfo(#20248,4,#20001,108,"""json""") -#20249=@"loc,{#10000},13,15,13,20" -locations_default(#20249,#10000,13,15,13,20) -hasLocation(#20248,#20249) -#20250=* -tokeninfo(#20250,8,#20001,109,"}") -#20251=@"loc,{#10000},13,21,13,21" -locations_default(#20251,#10000,13,21,13,21) -hasLocation(#20250,#20251) -#20252=* -tokeninfo(#20252,8,#20001,110,")") -#20253=@"loc,{#10000},13,22,13,22" -locations_default(#20253,#10000,13,22,13,22) -hasLocation(#20252,#20253) -#20254=* -tokeninfo(#20254,8,#20001,111,";") -#20255=@"loc,{#10000},13,23,13,23" -locations_default(#20255,#10000,13,23,13,23) -hasLocation(#20254,#20255) -#20256=* -tokeninfo(#20256,0,#20001,112,"") -#20257=@"loc,{#10000},14,1,14,0" -locations_default(#20257,#10000,14,1,14,0) -hasLocation(#20256,#20257) -next_token(#20004,#20256) -toplevels(#20001,0) -#20258=@"loc,{#10000},1,1,14,0" -locations_default(#20258,#10000,1,1,14,0) -hasLocation(#20001,#20258) -#20259=@"module;{#10000},1,1" -scopes(#20259,3) -scopenodes(#20001,#20259) -scopenesting(#20259,#20000) -is_module(#20001) -is_es2015_module(#20001) -#20260=@"var;{v1};{#20259}" -variables(#20260,"v1",#20259) -#20261=@"var;{v2};{#20259}" -variables(#20261,"v2",#20259) -#20262=@"var;{v3};{#20259}" -variables(#20262,"v3",#20259) -#20263=@"local_type_name;{v1};{#20259}" -local_type_names(#20263,"v1",#20259) -#20264=@"local_type_name;{v2};{#20259}" -local_type_names(#20264,"v2",#20259) -#20265=@"local_type_name;{v3};{#20259}" -local_type_names(#20265,"v3",#20259) -#20266=@"local_namespace_name;{v1};{#20259}" -local_namespace_names(#20266,"v1",#20259) -#20267=@"local_namespace_name;{v2};{#20259}" -local_namespace_names(#20267,"v2",#20259) -#20268=@"local_namespace_name;{v3};{#20259}" -local_namespace_names(#20268,"v3",#20259) -variables(#20260,"v1",#20259) -variables(#20261,"v2",#20259) -variables(#20262,"v3",#20259) -#20269=@"var;{v6};{#20259}" -variables(#20269,"v6",#20259) -local_type_names(#20263,"v1",#20259) -local_type_names(#20264,"v2",#20259) -local_type_names(#20265,"v3",#20259) -local_namespace_names(#20266,"v1",#20259) -local_namespace_names(#20267,"v2",#20259) -local_namespace_names(#20268,"v3",#20259) -#20270=* -stmts(#20270,27,#20001,0,"import ... son"" };") -hasLocation(#20270,#20007) -stmt_containers(#20270,#20001) -#20271=* -exprs(#20271,4,#20270,-1,"""module""") -hasLocation(#20271,#20035) -enclosing_stmt(#20271,#20270) -expr_containers(#20271,#20001) -literals("module","""module""",#20271) -#20272=* -regexpterm(#20272,14,#20271,0,"module") -#20273=@"loc,{#10000},1,9,1,14" -locations_default(#20273,#10000,1,9,1,14) -hasLocation(#20272,#20273) -regexp_const_value(#20272,"module") -#20274=* -exprs(#20274,8,#20270,-10,"{ type: ""json"" }") -#20275=@"loc,{#10000},1,24,1,39" -locations_default(#20275,#10000,1,24,1,39) -hasLocation(#20274,#20275) -enclosing_stmt(#20274,#20270) -expr_containers(#20274,#20001) -#20276=* -properties(#20276,#20274,0,0,"type: ""json""") -#20277=@"loc,{#10000},1,26,1,37" -locations_default(#20277,#10000,1,26,1,37) -hasLocation(#20276,#20277) -#20278=* -exprs(#20278,0,#20276,0,"type") -hasLocation(#20278,#20041) -enclosing_stmt(#20278,#20270) -expr_containers(#20278,#20001) -literals("type","type",#20278) -#20279=* -exprs(#20279,4,#20276,1,"""json""") -hasLocation(#20279,#20045) -enclosing_stmt(#20279,#20270) -expr_containers(#20279,#20001) -literals("json","""json""",#20279) -#20280=* -regexpterm(#20280,14,#20279,0,"json") -#20281=@"loc,{#10000},1,33,1,36" -locations_default(#20281,#10000,1,33,1,36) -hasLocation(#20280,#20281) -regexp_const_value(#20280,"json") -#20282=* -stmts(#20282,27,#20001,1,"import ... son"" };") -hasLocation(#20282,#20009) -stmt_containers(#20282,#20001) -#20283=* -exprs(#20283,4,#20282,-1,"""module""") -hasLocation(#20283,#20061) -enclosing_stmt(#20283,#20282) -expr_containers(#20283,#20001) -literals("module","""module""",#20283) -#20284=* -regexpterm(#20284,14,#20283,0,"module") -#20285=@"loc,{#10000},2,22,2,27" -locations_default(#20285,#10000,2,22,2,27) -hasLocation(#20284,#20285) -regexp_const_value(#20284,"module") -#20286=* -exprs(#20286,8,#20282,-10,"{ type: ""json"" }") -#20287=@"loc,{#10000},2,37,2,52" -locations_default(#20287,#10000,2,37,2,52) -hasLocation(#20286,#20287) -enclosing_stmt(#20286,#20282) -expr_containers(#20286,#20001) -#20288=* -properties(#20288,#20286,0,0,"type: ""json""") -#20289=@"loc,{#10000},2,39,2,50" -locations_default(#20289,#10000,2,39,2,50) -hasLocation(#20288,#20289) -#20290=* -exprs(#20290,0,#20288,0,"type") -hasLocation(#20290,#20067) -enclosing_stmt(#20290,#20282) -expr_containers(#20290,#20001) -literals("type","type",#20290) -#20291=* -exprs(#20291,4,#20288,1,"""json""") -hasLocation(#20291,#20071) -enclosing_stmt(#20291,#20282) -expr_containers(#20291,#20001) -literals("json","""json""",#20291) -#20292=* -regexpterm(#20292,14,#20291,0,"json") -#20293=@"loc,{#10000},2,46,2,49" -locations_default(#20293,#10000,2,46,2,49) -hasLocation(#20292,#20293) -regexp_const_value(#20292,"json") -#20294=* -exprs(#20294,85,#20282,0,"* as v1") -#20295=@"loc,{#10000},2,8,2,14" -locations_default(#20295,#10000,2,8,2,14) -hasLocation(#20294,#20295) -enclosing_stmt(#20294,#20282) -expr_containers(#20294,#20001) -#20296=* -exprs(#20296,78,#20294,1,"v1") -hasLocation(#20296,#20057) -enclosing_stmt(#20296,#20282) -expr_containers(#20296,#20001) -literals("v1","v1",#20296) -decl(#20296,#20260) -typedecl(#20296,#20263) -namespacedecl(#20296,#20266) -#20297=* -stmts(#20297,27,#20001,2,"import ... son"" };") -hasLocation(#20297,#20011) -stmt_containers(#20297,#20001) -#20298=* -exprs(#20298,4,#20297,-1,"""module""") -hasLocation(#20298,#20087) -enclosing_stmt(#20298,#20297) -expr_containers(#20298,#20001) -literals("module","""module""",#20298) -#20299=* -regexpterm(#20299,14,#20298,0,"module") -#20300=@"loc,{#10000},3,21,3,26" -locations_default(#20300,#10000,3,21,3,26) -hasLocation(#20299,#20300) -regexp_const_value(#20299,"module") -#20301=* -exprs(#20301,8,#20297,-10,"{ type: ""json"" }") -#20302=@"loc,{#10000},3,36,3,51" -locations_default(#20302,#10000,3,36,3,51) -hasLocation(#20301,#20302) -enclosing_stmt(#20301,#20297) -expr_containers(#20301,#20001) -#20303=* -properties(#20303,#20301,0,0,"type: ""json""") -#20304=@"loc,{#10000},3,38,3,49" -locations_default(#20304,#10000,3,38,3,49) -hasLocation(#20303,#20304) -#20305=* -exprs(#20305,0,#20303,0,"type") -hasLocation(#20305,#20093) -enclosing_stmt(#20305,#20297) -expr_containers(#20305,#20001) -literals("type","type",#20305) -#20306=* -exprs(#20306,4,#20303,1,"""json""") -hasLocation(#20306,#20097) -enclosing_stmt(#20306,#20297) -expr_containers(#20306,#20001) -literals("json","""json""",#20306) -#20307=* -regexpterm(#20307,14,#20306,0,"json") -#20308=@"loc,{#10000},3,45,3,48" -locations_default(#20308,#10000,3,45,3,48) -hasLocation(#20307,#20308) -regexp_const_value(#20307,"json") -#20309=* -exprs(#20309,83,#20297,0,"v2") -hasLocation(#20309,#20081) -enclosing_stmt(#20309,#20297) -expr_containers(#20309,#20001) -#20310=* -exprs(#20310,0,#20309,0,"v2") -hasLocation(#20310,#20081) -enclosing_stmt(#20310,#20297) -expr_containers(#20310,#20001) -literals("v2","v2",#20310) -#20311=* -exprs(#20311,78,#20309,1,"v2") -hasLocation(#20311,#20081) -enclosing_stmt(#20311,#20297) -expr_containers(#20311,#20001) -literals("v2","v2",#20311) -decl(#20311,#20261) -typedecl(#20311,#20264) -namespacedecl(#20311,#20267) -#20312=* -stmts(#20312,27,#20001,3,"import ... son"" };") -hasLocation(#20312,#20013) -stmt_containers(#20312,#20001) -#20313=* -exprs(#20313,4,#20312,-1,"""module""") -hasLocation(#20313,#20109) -enclosing_stmt(#20313,#20312) -expr_containers(#20313,#20001) -literals("module","""module""",#20313) -#20314=* -regexpterm(#20314,14,#20313,0,"module") -#20315=@"loc,{#10000},4,17,4,22" -locations_default(#20315,#10000,4,17,4,22) -hasLocation(#20314,#20315) -regexp_const_value(#20314,"module") -#20316=* -exprs(#20316,8,#20312,-10,"{ type: ""json"" }") -#20317=@"loc,{#10000},4,32,4,47" -locations_default(#20317,#10000,4,32,4,47) -hasLocation(#20316,#20317) -enclosing_stmt(#20316,#20312) -expr_containers(#20316,#20001) -#20318=* -properties(#20318,#20316,0,0,"type: ""json""") -#20319=@"loc,{#10000},4,34,4,45" -locations_default(#20319,#10000,4,34,4,45) -hasLocation(#20318,#20319) -#20320=* -exprs(#20320,0,#20318,0,"type") -hasLocation(#20320,#20115) -enclosing_stmt(#20320,#20312) -expr_containers(#20320,#20001) -literals("type","type",#20320) -#20321=* -exprs(#20321,4,#20318,1,"""json""") -hasLocation(#20321,#20119) -enclosing_stmt(#20321,#20312) -expr_containers(#20321,#20001) -literals("json","""json""",#20321) -#20322=* -regexpterm(#20322,14,#20321,0,"json") -#20323=@"loc,{#10000},4,41,4,44" -locations_default(#20323,#10000,4,41,4,44) -hasLocation(#20322,#20323) -regexp_const_value(#20322,"json") -#20324=* -exprs(#20324,84,#20312,0,"v3") -hasLocation(#20324,#20105) -enclosing_stmt(#20324,#20312) -expr_containers(#20324,#20001) -#20325=* -exprs(#20325,78,#20324,1,"v3") -hasLocation(#20325,#20105) -enclosing_stmt(#20325,#20312) -expr_containers(#20325,#20001) -literals("v3","v3",#20325) -decl(#20325,#20262) -typedecl(#20325,#20265) -namespacedecl(#20325,#20268) -#20326=* -stmts(#20326,30,#20001,4,"export ... son"" };") -hasLocation(#20326,#20017) -stmt_containers(#20326,#20001) -#20327=* -exprs(#20327,4,#20326,-2,"""module""") -hasLocation(#20327,#20135) -enclosing_stmt(#20327,#20326) -expr_containers(#20327,#20001) -literals("module","""module""",#20327) -#20328=* -regexpterm(#20328,14,#20327,0,"module") -#20329=@"loc,{#10000},6,21,6,26" -locations_default(#20329,#10000,6,21,6,26) -hasLocation(#20328,#20329) -regexp_const_value(#20328,"module") -#20330=* -exprs(#20330,8,#20326,-10,"{ type: ""json"" }") -#20331=@"loc,{#10000},6,36,6,51" -locations_default(#20331,#10000,6,36,6,51) -hasLocation(#20330,#20331) -enclosing_stmt(#20330,#20326) -expr_containers(#20330,#20001) -#20332=* -properties(#20332,#20330,0,0,"type: ""json""") -#20333=@"loc,{#10000},6,38,6,49" -locations_default(#20333,#10000,6,38,6,49) -hasLocation(#20332,#20333) -#20334=* -exprs(#20334,0,#20332,0,"type") -hasLocation(#20334,#20141) -enclosing_stmt(#20334,#20326) -expr_containers(#20334,#20001) -literals("type","type",#20334) -#20335=* -exprs(#20335,4,#20332,1,"""json""") -hasLocation(#20335,#20145) -enclosing_stmt(#20335,#20326) -expr_containers(#20335,#20001) -literals("json","""json""",#20335) -#20336=* -regexpterm(#20336,14,#20335,0,"json") -#20337=@"loc,{#10000},6,45,6,48" -locations_default(#20337,#10000,6,45,6,48) -hasLocation(#20336,#20337) -regexp_const_value(#20336,"json") -#20338=* -exprs(#20338,86,#20326,0,"v4") -hasLocation(#20338,#20129) -enclosing_stmt(#20338,#20326) -expr_containers(#20338,#20001) -#20339=* -exprs(#20339,0,#20338,0,"v4") -hasLocation(#20339,#20129) -enclosing_stmt(#20339,#20326) -expr_containers(#20339,#20001) -literals("v4","v4",#20339) -#20340=* -exprs(#20340,0,#20338,1,"v4") -hasLocation(#20340,#20129) -enclosing_stmt(#20340,#20326) -expr_containers(#20340,#20001) -literals("v4","v4",#20340) -#20341=* -stmts(#20341,28,#20001,5,"export ... son"" };") -hasLocation(#20341,#20019) -stmt_containers(#20341,#20001) -#20342=* -exprs(#20342,4,#20341,0,"""module""") -hasLocation(#20342,#20157) -enclosing_stmt(#20342,#20341) -expr_containers(#20342,#20001) -literals("module","""module""",#20342) -#20343=* -regexpterm(#20343,14,#20342,0,"module") -#20344=@"loc,{#10000},7,16,7,21" -locations_default(#20344,#10000,7,16,7,21) -hasLocation(#20343,#20344) -regexp_const_value(#20343,"module") -#20345=* -exprs(#20345,8,#20341,-10,"{ type: ""json"" }") -#20346=@"loc,{#10000},7,31,7,46" -locations_default(#20346,#10000,7,31,7,46) -hasLocation(#20345,#20346) -enclosing_stmt(#20345,#20341) -expr_containers(#20345,#20001) -#20347=* -properties(#20347,#20345,0,0,"type: ""json""") -#20348=@"loc,{#10000},7,33,7,44" -locations_default(#20348,#10000,7,33,7,44) -hasLocation(#20347,#20348) -#20349=* -exprs(#20349,0,#20347,0,"type") -hasLocation(#20349,#20163) -enclosing_stmt(#20349,#20341) -expr_containers(#20349,#20001) -literals("type","type",#20349) -#20350=* -exprs(#20350,4,#20347,1,"""json""") -hasLocation(#20350,#20167) -enclosing_stmt(#20350,#20341) -expr_containers(#20350,#20001) -literals("json","""json""",#20350) -#20351=* -regexpterm(#20351,14,#20350,0,"json") -#20352=@"loc,{#10000},7,40,7,43" -locations_default(#20352,#10000,7,40,7,43) -hasLocation(#20351,#20352) -regexp_const_value(#20351,"json") -#20353=* -stmts(#20353,30,#20001,6,"export ... son"" };") -hasLocation(#20353,#20021) -stmt_containers(#20353,#20001) -#20354=* -exprs(#20354,4,#20353,-2,"""module""") -hasLocation(#20354,#20183) -enclosing_stmt(#20354,#20353) -expr_containers(#20354,#20001) -literals("module","""module""",#20354) -#20355=* -regexpterm(#20355,14,#20354,0,"module") -#20356=@"loc,{#10000},8,22,8,27" -locations_default(#20356,#10000,8,22,8,27) -hasLocation(#20355,#20356) -regexp_const_value(#20355,"module") -#20357=* -exprs(#20357,8,#20353,-10,"{ type: ""json"" }") -#20358=@"loc,{#10000},8,37,8,52" -locations_default(#20358,#10000,8,37,8,52) -hasLocation(#20357,#20358) -enclosing_stmt(#20357,#20353) -expr_containers(#20357,#20001) -#20359=* -properties(#20359,#20357,0,0,"type: ""json""") -#20360=@"loc,{#10000},8,39,8,50" -locations_default(#20360,#10000,8,39,8,50) -hasLocation(#20359,#20360) -#20361=* -exprs(#20361,0,#20359,0,"type") -hasLocation(#20361,#20189) -enclosing_stmt(#20361,#20353) -expr_containers(#20361,#20001) -literals("type","type",#20361) -#20362=* -exprs(#20362,4,#20359,1,"""json""") -hasLocation(#20362,#20193) -enclosing_stmt(#20362,#20353) -expr_containers(#20362,#20001) -literals("json","""json""",#20362) -#20363=* -regexpterm(#20363,14,#20362,0,"json") -#20364=@"loc,{#10000},8,46,8,49" -locations_default(#20364,#10000,8,46,8,49) -hasLocation(#20363,#20364) -regexp_const_value(#20363,"json") -#20365=* -exprs(#20365,96,#20353,0,"* as v5") -#20366=@"loc,{#10000},8,8,8,14" -locations_default(#20366,#10000,8,8,8,14) -hasLocation(#20365,#20366) -enclosing_stmt(#20365,#20353) -expr_containers(#20365,#20001) -#20367=* -exprs(#20367,0,#20365,1,"v5") -hasLocation(#20367,#20179) -enclosing_stmt(#20367,#20353) -expr_containers(#20367,#20001) -literals("v5","v5",#20367) -#20368=* -stmts(#20368,22,#20001,7,"const v ... "" } });") -hasLocation(#20368,#20025) -stmt_containers(#20368,#20001) -#20369=* -exprs(#20369,64,#20368,0,"v6 = im ... n"" } })") -#20370=@"loc,{#10000},10,7,10,57" -locations_default(#20370,#10000,10,7,10,57) -hasLocation(#20369,#20370) -enclosing_stmt(#20369,#20368) -expr_containers(#20369,#20001) -#20371=* -exprs(#20371,78,#20369,0,"v6") -hasLocation(#20371,#20201) -enclosing_stmt(#20371,#20368) -expr_containers(#20371,#20001) -literals("v6","v6",#20371) -decl(#20371,#20269) -#20372=* -exprs(#20372,99,#20369,1,"import( ... n"" } })") -#20373=@"loc,{#10000},10,12,10,57" -locations_default(#20373,#10000,10,12,10,57) -hasLocation(#20372,#20373) -enclosing_stmt(#20372,#20368) -expr_containers(#20372,#20001) -#20374=* -exprs(#20374,4,#20372,0,"""module""") -hasLocation(#20374,#20209) -enclosing_stmt(#20374,#20368) -expr_containers(#20374,#20001) -literals("module","""module""",#20374) -#20375=* -regexpterm(#20375,14,#20374,0,"module") -#20376=@"loc,{#10000},10,20,10,25" -locations_default(#20376,#10000,10,20,10,25) -hasLocation(#20375,#20376) -regexp_const_value(#20375,"module") -#20377=* -exprs(#20377,8,#20372,1,"{ asser ... on"" } }") -#20378=@"loc,{#10000},10,29,10,56" -locations_default(#20378,#10000,10,29,10,56) -hasLocation(#20377,#20378) -enclosing_stmt(#20377,#20368) -expr_containers(#20377,#20001) -#20379=* -properties(#20379,#20377,0,0,"assert: ... json"" }") -#20380=@"loc,{#10000},10,31,10,54" -locations_default(#20380,#10000,10,31,10,54) -hasLocation(#20379,#20380) -#20381=* -exprs(#20381,0,#20379,0,"assert") -hasLocation(#20381,#20215) -enclosing_stmt(#20381,#20368) -expr_containers(#20381,#20001) -literals("assert","assert",#20381) -#20382=* -exprs(#20382,8,#20379,1,"{ type: ""json"" }") -#20383=@"loc,{#10000},10,39,10,54" -locations_default(#20383,#10000,10,39,10,54) -hasLocation(#20382,#20383) -enclosing_stmt(#20382,#20368) -expr_containers(#20382,#20001) -#20384=* -properties(#20384,#20382,0,0,"type: ""json""") -#20385=@"loc,{#10000},10,41,10,52" -locations_default(#20385,#10000,10,41,10,52) -hasLocation(#20384,#20385) -#20386=* -exprs(#20386,0,#20384,0,"type") -hasLocation(#20386,#20221) -enclosing_stmt(#20386,#20368) -expr_containers(#20386,#20001) -literals("type","type",#20386) -#20387=* -exprs(#20387,4,#20384,1,"""json""") -hasLocation(#20387,#20225) -enclosing_stmt(#20387,#20368) -expr_containers(#20387,#20001) -literals("json","""json""",#20387) -#20388=* -regexpterm(#20388,14,#20387,0,"json") -#20389=@"loc,{#10000},10,48,10,51" -locations_default(#20389,#10000,10,48,10,51) -hasLocation(#20388,#20389) -regexp_const_value(#20388,"json") -#20390=* -stmts(#20390,27,#20001,8,"import ""module""") -#20391=@"loc,{#10000},12,1,12,15" -locations_default(#20391,#10000,12,1,12,15) -hasLocation(#20390,#20391) -stmt_containers(#20390,#20001) -#20392=* -exprs(#20392,4,#20390,-1,"""module""") -hasLocation(#20392,#20237) -enclosing_stmt(#20392,#20390) -expr_containers(#20392,#20001) -literals("module","""module""",#20392) -#20393=* -regexpterm(#20393,14,#20392,0,"module") -#20394=@"loc,{#10000},12,9,12,14" -locations_default(#20394,#10000,12,9,12,14) -hasLocation(#20393,#20394) -regexp_const_value(#20393,"module") -#20395=* -stmts(#20395,2,#20001,9,"assert( ... son""});") -#20396=@"loc,{#10000},13,1,13,23" -locations_default(#20396,#10000,13,1,13,23) -hasLocation(#20395,#20396) -stmt_containers(#20395,#20001) -#20397=* -exprs(#20397,13,#20395,0,"assert( ... json""})") -#20398=@"loc,{#10000},13,1,13,22" -locations_default(#20398,#10000,13,1,13,22) -hasLocation(#20397,#20398) -enclosing_stmt(#20397,#20395) -expr_containers(#20397,#20001) -#20399=* -exprs(#20399,79,#20397,-1,"assert") -hasLocation(#20399,#20239) -enclosing_stmt(#20399,#20395) -expr_containers(#20399,#20001) -literals("assert","assert",#20399) -#20400=@"var;{assert};{#20000}" -variables(#20400,"assert",#20000) -bind(#20399,#20400) -#20401=* -exprs(#20401,8,#20397,0,"{type: ""json""}") -#20402=@"loc,{#10000},13,8,13,21" -locations_default(#20402,#10000,13,8,13,21) -hasLocation(#20401,#20402) -enclosing_stmt(#20401,#20395) -expr_containers(#20401,#20001) -#20403=* -properties(#20403,#20401,0,0,"type: ""json""") -#20404=@"loc,{#10000},13,9,13,20" -locations_default(#20404,#10000,13,9,13,20) -hasLocation(#20403,#20404) -#20405=* -exprs(#20405,0,#20403,0,"type") -hasLocation(#20405,#20245) -enclosing_stmt(#20405,#20395) -expr_containers(#20405,#20001) -literals("type","type",#20405) -#20406=* -exprs(#20406,4,#20403,1,"""json""") -hasLocation(#20406,#20249) -enclosing_stmt(#20406,#20395) -expr_containers(#20406,#20001) -literals("json","""json""",#20406) -#20407=* -regexpterm(#20407,14,#20406,0,"json") -#20408=@"loc,{#10000},13,16,13,19" -locations_default(#20408,#10000,13,16,13,19) -hasLocation(#20407,#20408) -regexp_const_value(#20407,"json") -#20409=* -entry_cfg_node(#20409,#20001) -#20410=@"loc,{#10000},1,1,1,0" -locations_default(#20410,#10000,1,1,1,0) -hasLocation(#20409,#20410) -#20411=* -exit_cfg_node(#20411,#20001) -hasLocation(#20411,#20257) -successor(#20395,#20399) -successor(#20401,#20405) -successor(#20406,#20403) -successor(#20405,#20406) -successor(#20403,#20397) -successor(#20399,#20401) -successor(#20397,#20411) -successor(#20390,#20395) -successor(#20368,#20371) -successor(#20374,#20372) -successor(#20372,#20369) -successor(#20371,#20374) -successor(#20369,#20390) -successor(#20353,#20354) -successor(#20365,#20367) -successor(#20367,#20368) -successor(#20354,#20365) -successor(#20341,#20342) -successor(#20342,#20353) -successor(#20326,#20327) -successor(#20338,#20339) -successor(#20340,#20341) -successor(#20339,#20340) -successor(#20327,#20338) -successor(#20312,#20326) -successor(#20297,#20312) -successor(#20282,#20297) -successor(#20270,#20282) -successor(#20324,#20270) -successor(#20309,#20324) -successor(#20294,#20309) -successor(#20409,#20294) -numlines(#10000,13,10,2) -filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/esnext/output/trap/import-attributes.js.trap b/javascript/extractor/tests/esnext/output/trap/import-attributes.js.trap new file mode 100644 index 00000000000..57d48206e41 --- /dev/null +++ b/javascript/extractor/tests/esnext/output/trap/import-attributes.js.trap @@ -0,0 +1,2489 @@ +#10000=@"/import-attributes.js;sourcefile" +files(#10000,"/import-attributes.js") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=@"script;{#10000},1,1" +#20002=* +comments(#20002,0,#20001," missing semicolon","// missing semicolon") +#20003=@"loc,{#10000},12,17,12,36" +locations_default(#20003,#10000,12,17,12,36) +hasLocation(#20002,#20003) +#20004=* +comments(#20004,0,#20001," function call, not import assertion","// func ... sertion") +#20005=@"loc,{#10000},13,25,13,62" +locations_default(#20005,#10000,13,25,13,62) +hasLocation(#20004,#20005) +#20006=* +lines(#20006,#20001,"import ""module"" with { type: ""json"" };"," +") +#20007=@"loc,{#10000},1,1,1,38" +locations_default(#20007,#10000,1,1,1,38) +hasLocation(#20006,#20007) +#20008=* +lines(#20008,#20001,"import * as v1 from ""module"" with { type: ""json"" };"," +") +#20009=@"loc,{#10000},2,1,2,51" +locations_default(#20009,#10000,2,1,2,51) +hasLocation(#20008,#20009) +#20010=* +lines(#20010,#20001,"import { v2 } from ""module"" with { type: ""json"" };"," +") +#20011=@"loc,{#10000},3,1,3,50" +locations_default(#20011,#10000,3,1,3,50) +hasLocation(#20010,#20011) +#20012=* +lines(#20012,#20001,"import v3 from ""module"" with { type: ""json"" };"," +") +#20013=@"loc,{#10000},4,1,4,46" +locations_default(#20013,#10000,4,1,4,46) +hasLocation(#20012,#20013) +#20014=* +lines(#20014,#20001,""," +") +#20015=@"loc,{#10000},5,1,5,0" +locations_default(#20015,#10000,5,1,5,0) +hasLocation(#20014,#20015) +#20016=* +lines(#20016,#20001,"export { v4 } from ""module"" with { type: ""json"" };"," +") +#20017=@"loc,{#10000},6,1,6,50" +locations_default(#20017,#10000,6,1,6,50) +hasLocation(#20016,#20017) +#20018=* +lines(#20018,#20001,"export * from ""module"" with { type: ""json"" };"," +") +#20019=@"loc,{#10000},7,1,7,45" +locations_default(#20019,#10000,7,1,7,45) +hasLocation(#20018,#20019) +#20020=* +lines(#20020,#20001,"export * as v5 from ""module"" with { type: ""json"" };"," +") +#20021=@"loc,{#10000},8,1,8,51" +locations_default(#20021,#10000,8,1,8,51) +hasLocation(#20020,#20021) +#20022=* +lines(#20022,#20001,""," +") +#20023=@"loc,{#10000},9,1,9,0" +locations_default(#20023,#10000,9,1,9,0) +hasLocation(#20022,#20023) +#20024=* +lines(#20024,#20001,"const v6 = import(""module"", { with: { type: ""json"" } });"," +") +#20025=@"loc,{#10000},10,1,10,56" +locations_default(#20025,#10000,10,1,10,56) +hasLocation(#20024,#20025) +#20026=* +lines(#20026,#20001,""," +") +#20027=@"loc,{#10000},11,1,11,0" +locations_default(#20027,#10000,11,1,11,0) +hasLocation(#20026,#20027) +#20028=* +lines(#20028,#20001,"import ""module"" // missing semicolon"," +") +#20029=@"loc,{#10000},12,1,12,36" +locations_default(#20029,#10000,12,1,12,36) +hasLocation(#20028,#20029) +#20030=* +lines(#20030,#20001,"assert({type: ""json""}); // function call, not import assertion"," +") +#20031=@"loc,{#10000},13,1,13,62" +locations_default(#20031,#10000,13,1,13,62) +hasLocation(#20030,#20031) +#20032=* +lines(#20032,#20001,""," +") +#20033=@"loc,{#10000},14,1,14,0" +locations_default(#20033,#10000,14,1,14,0) +hasLocation(#20032,#20033) +#20034=* +lines(#20034,#20001,"import ""module"" assert { type: ""json"" };"," +") +#20035=@"loc,{#10000},15,1,15,40" +locations_default(#20035,#10000,15,1,15,40) +hasLocation(#20034,#20035) +#20036=* +lines(#20036,#20001,"import * as v1 from ""module"" assert { type: ""json"" };"," +") +#20037=@"loc,{#10000},16,1,16,53" +locations_default(#20037,#10000,16,1,16,53) +hasLocation(#20036,#20037) +#20038=* +lines(#20038,#20001,"import { v2 } from ""module"" assert { type: ""json"" };"," +") +#20039=@"loc,{#10000},17,1,17,52" +locations_default(#20039,#10000,17,1,17,52) +hasLocation(#20038,#20039) +#20040=* +lines(#20040,#20001,"import v3 from ""module"" assert { type: ""json"" };"," +") +#20041=@"loc,{#10000},18,1,18,48" +locations_default(#20041,#10000,18,1,18,48) +hasLocation(#20040,#20041) +#20042=* +lines(#20042,#20001,""," +") +#20043=@"loc,{#10000},19,1,19,0" +locations_default(#20043,#10000,19,1,19,0) +hasLocation(#20042,#20043) +#20044=* +lines(#20044,#20001,"export { v4 } from ""module"" assert { type: ""json"" };"," +") +#20045=@"loc,{#10000},20,1,20,52" +locations_default(#20045,#10000,20,1,20,52) +hasLocation(#20044,#20045) +#20046=* +lines(#20046,#20001,"export * from ""module"" assert { type: ""json"" };"," +") +#20047=@"loc,{#10000},21,1,21,47" +locations_default(#20047,#10000,21,1,21,47) +hasLocation(#20046,#20047) +#20048=* +lines(#20048,#20001,"export * as v5 from ""module"" assert { type: ""json"" };"," +") +#20049=@"loc,{#10000},22,1,22,53" +locations_default(#20049,#10000,22,1,22,53) +hasLocation(#20048,#20049) +#20050=* +lines(#20050,#20001,""," +") +#20051=@"loc,{#10000},23,1,23,0" +locations_default(#20051,#10000,23,1,23,0) +hasLocation(#20050,#20051) +#20052=* +lines(#20052,#20001,"const v6 = import(""module"", { assert: { type: ""json"" } });"," +") +#20053=@"loc,{#10000},24,1,24,58" +locations_default(#20053,#10000,24,1,24,58) +hasLocation(#20052,#20053) +numlines(#20001,24,18,2) +#20054=* +tokeninfo(#20054,7,#20001,0,"import") +#20055=@"loc,{#10000},1,1,1,6" +locations_default(#20055,#10000,1,1,1,6) +hasLocation(#20054,#20055) +#20056=* +tokeninfo(#20056,4,#20001,1,"""module""") +#20057=@"loc,{#10000},1,8,1,15" +locations_default(#20057,#10000,1,8,1,15) +hasLocation(#20056,#20057) +#20058=* +tokeninfo(#20058,7,#20001,2,"with") +#20059=@"loc,{#10000},1,17,1,20" +locations_default(#20059,#10000,1,17,1,20) +hasLocation(#20058,#20059) +#20060=* +tokeninfo(#20060,8,#20001,3,"{") +#20061=@"loc,{#10000},1,22,1,22" +locations_default(#20061,#10000,1,22,1,22) +hasLocation(#20060,#20061) +#20062=* +tokeninfo(#20062,6,#20001,4,"type") +#20063=@"loc,{#10000},1,24,1,27" +locations_default(#20063,#10000,1,24,1,27) +hasLocation(#20062,#20063) +#20064=* +tokeninfo(#20064,8,#20001,5,":") +#20065=@"loc,{#10000},1,28,1,28" +locations_default(#20065,#10000,1,28,1,28) +hasLocation(#20064,#20065) +#20066=* +tokeninfo(#20066,4,#20001,6,"""json""") +#20067=@"loc,{#10000},1,30,1,35" +locations_default(#20067,#10000,1,30,1,35) +hasLocation(#20066,#20067) +#20068=* +tokeninfo(#20068,8,#20001,7,"}") +#20069=@"loc,{#10000},1,37,1,37" +locations_default(#20069,#10000,1,37,1,37) +hasLocation(#20068,#20069) +#20070=* +tokeninfo(#20070,8,#20001,8,";") +#20071=@"loc,{#10000},1,38,1,38" +locations_default(#20071,#10000,1,38,1,38) +hasLocation(#20070,#20071) +#20072=* +tokeninfo(#20072,7,#20001,9,"import") +#20073=@"loc,{#10000},2,1,2,6" +locations_default(#20073,#10000,2,1,2,6) +hasLocation(#20072,#20073) +#20074=* +tokeninfo(#20074,8,#20001,10,"*") +#20075=@"loc,{#10000},2,8,2,8" +locations_default(#20075,#10000,2,8,2,8) +hasLocation(#20074,#20075) +#20076=* +tokeninfo(#20076,6,#20001,11,"as") +#20077=@"loc,{#10000},2,10,2,11" +locations_default(#20077,#10000,2,10,2,11) +hasLocation(#20076,#20077) +#20078=* +tokeninfo(#20078,6,#20001,12,"v1") +#20079=@"loc,{#10000},2,13,2,14" +locations_default(#20079,#10000,2,13,2,14) +hasLocation(#20078,#20079) +#20080=* +tokeninfo(#20080,6,#20001,13,"from") +#20081=@"loc,{#10000},2,16,2,19" +locations_default(#20081,#10000,2,16,2,19) +hasLocation(#20080,#20081) +#20082=* +tokeninfo(#20082,4,#20001,14,"""module""") +#20083=@"loc,{#10000},2,21,2,28" +locations_default(#20083,#10000,2,21,2,28) +hasLocation(#20082,#20083) +#20084=* +tokeninfo(#20084,7,#20001,15,"with") +#20085=@"loc,{#10000},2,30,2,33" +locations_default(#20085,#10000,2,30,2,33) +hasLocation(#20084,#20085) +#20086=* +tokeninfo(#20086,8,#20001,16,"{") +#20087=@"loc,{#10000},2,35,2,35" +locations_default(#20087,#10000,2,35,2,35) +hasLocation(#20086,#20087) +#20088=* +tokeninfo(#20088,6,#20001,17,"type") +#20089=@"loc,{#10000},2,37,2,40" +locations_default(#20089,#10000,2,37,2,40) +hasLocation(#20088,#20089) +#20090=* +tokeninfo(#20090,8,#20001,18,":") +#20091=@"loc,{#10000},2,41,2,41" +locations_default(#20091,#10000,2,41,2,41) +hasLocation(#20090,#20091) +#20092=* +tokeninfo(#20092,4,#20001,19,"""json""") +#20093=@"loc,{#10000},2,43,2,48" +locations_default(#20093,#10000,2,43,2,48) +hasLocation(#20092,#20093) +#20094=* +tokeninfo(#20094,8,#20001,20,"}") +#20095=@"loc,{#10000},2,50,2,50" +locations_default(#20095,#10000,2,50,2,50) +hasLocation(#20094,#20095) +#20096=* +tokeninfo(#20096,8,#20001,21,";") +#20097=@"loc,{#10000},2,51,2,51" +locations_default(#20097,#10000,2,51,2,51) +hasLocation(#20096,#20097) +#20098=* +tokeninfo(#20098,7,#20001,22,"import") +#20099=@"loc,{#10000},3,1,3,6" +locations_default(#20099,#10000,3,1,3,6) +hasLocation(#20098,#20099) +#20100=* +tokeninfo(#20100,8,#20001,23,"{") +#20101=@"loc,{#10000},3,8,3,8" +locations_default(#20101,#10000,3,8,3,8) +hasLocation(#20100,#20101) +#20102=* +tokeninfo(#20102,6,#20001,24,"v2") +#20103=@"loc,{#10000},3,10,3,11" +locations_default(#20103,#10000,3,10,3,11) +hasLocation(#20102,#20103) +#20104=* +tokeninfo(#20104,8,#20001,25,"}") +#20105=@"loc,{#10000},3,13,3,13" +locations_default(#20105,#10000,3,13,3,13) +hasLocation(#20104,#20105) +#20106=* +tokeninfo(#20106,6,#20001,26,"from") +#20107=@"loc,{#10000},3,15,3,18" +locations_default(#20107,#10000,3,15,3,18) +hasLocation(#20106,#20107) +#20108=* +tokeninfo(#20108,4,#20001,27,"""module""") +#20109=@"loc,{#10000},3,20,3,27" +locations_default(#20109,#10000,3,20,3,27) +hasLocation(#20108,#20109) +#20110=* +tokeninfo(#20110,7,#20001,28,"with") +#20111=@"loc,{#10000},3,29,3,32" +locations_default(#20111,#10000,3,29,3,32) +hasLocation(#20110,#20111) +#20112=* +tokeninfo(#20112,8,#20001,29,"{") +#20113=@"loc,{#10000},3,34,3,34" +locations_default(#20113,#10000,3,34,3,34) +hasLocation(#20112,#20113) +#20114=* +tokeninfo(#20114,6,#20001,30,"type") +#20115=@"loc,{#10000},3,36,3,39" +locations_default(#20115,#10000,3,36,3,39) +hasLocation(#20114,#20115) +#20116=* +tokeninfo(#20116,8,#20001,31,":") +#20117=@"loc,{#10000},3,40,3,40" +locations_default(#20117,#10000,3,40,3,40) +hasLocation(#20116,#20117) +#20118=* +tokeninfo(#20118,4,#20001,32,"""json""") +#20119=@"loc,{#10000},3,42,3,47" +locations_default(#20119,#10000,3,42,3,47) +hasLocation(#20118,#20119) +#20120=* +tokeninfo(#20120,8,#20001,33,"}") +#20121=@"loc,{#10000},3,49,3,49" +locations_default(#20121,#10000,3,49,3,49) +hasLocation(#20120,#20121) +#20122=* +tokeninfo(#20122,8,#20001,34,";") +#20123=@"loc,{#10000},3,50,3,50" +locations_default(#20123,#10000,3,50,3,50) +hasLocation(#20122,#20123) +#20124=* +tokeninfo(#20124,7,#20001,35,"import") +#20125=@"loc,{#10000},4,1,4,6" +locations_default(#20125,#10000,4,1,4,6) +hasLocation(#20124,#20125) +#20126=* +tokeninfo(#20126,6,#20001,36,"v3") +#20127=@"loc,{#10000},4,8,4,9" +locations_default(#20127,#10000,4,8,4,9) +hasLocation(#20126,#20127) +#20128=* +tokeninfo(#20128,6,#20001,37,"from") +#20129=@"loc,{#10000},4,11,4,14" +locations_default(#20129,#10000,4,11,4,14) +hasLocation(#20128,#20129) +#20130=* +tokeninfo(#20130,4,#20001,38,"""module""") +#20131=@"loc,{#10000},4,16,4,23" +locations_default(#20131,#10000,4,16,4,23) +hasLocation(#20130,#20131) +#20132=* +tokeninfo(#20132,7,#20001,39,"with") +#20133=@"loc,{#10000},4,25,4,28" +locations_default(#20133,#10000,4,25,4,28) +hasLocation(#20132,#20133) +#20134=* +tokeninfo(#20134,8,#20001,40,"{") +#20135=@"loc,{#10000},4,30,4,30" +locations_default(#20135,#10000,4,30,4,30) +hasLocation(#20134,#20135) +#20136=* +tokeninfo(#20136,6,#20001,41,"type") +#20137=@"loc,{#10000},4,32,4,35" +locations_default(#20137,#10000,4,32,4,35) +hasLocation(#20136,#20137) +#20138=* +tokeninfo(#20138,8,#20001,42,":") +#20139=@"loc,{#10000},4,36,4,36" +locations_default(#20139,#10000,4,36,4,36) +hasLocation(#20138,#20139) +#20140=* +tokeninfo(#20140,4,#20001,43,"""json""") +#20141=@"loc,{#10000},4,38,4,43" +locations_default(#20141,#10000,4,38,4,43) +hasLocation(#20140,#20141) +#20142=* +tokeninfo(#20142,8,#20001,44,"}") +#20143=@"loc,{#10000},4,45,4,45" +locations_default(#20143,#10000,4,45,4,45) +hasLocation(#20142,#20143) +#20144=* +tokeninfo(#20144,8,#20001,45,";") +#20145=@"loc,{#10000},4,46,4,46" +locations_default(#20145,#10000,4,46,4,46) +hasLocation(#20144,#20145) +#20146=* +tokeninfo(#20146,7,#20001,46,"export") +#20147=@"loc,{#10000},6,1,6,6" +locations_default(#20147,#10000,6,1,6,6) +hasLocation(#20146,#20147) +#20148=* +tokeninfo(#20148,8,#20001,47,"{") +#20149=@"loc,{#10000},6,8,6,8" +locations_default(#20149,#10000,6,8,6,8) +hasLocation(#20148,#20149) +#20150=* +tokeninfo(#20150,6,#20001,48,"v4") +#20151=@"loc,{#10000},6,10,6,11" +locations_default(#20151,#10000,6,10,6,11) +hasLocation(#20150,#20151) +#20152=* +tokeninfo(#20152,8,#20001,49,"}") +#20153=@"loc,{#10000},6,13,6,13" +locations_default(#20153,#10000,6,13,6,13) +hasLocation(#20152,#20153) +#20154=* +tokeninfo(#20154,6,#20001,50,"from") +#20155=@"loc,{#10000},6,15,6,18" +locations_default(#20155,#10000,6,15,6,18) +hasLocation(#20154,#20155) +#20156=* +tokeninfo(#20156,4,#20001,51,"""module""") +#20157=@"loc,{#10000},6,20,6,27" +locations_default(#20157,#10000,6,20,6,27) +hasLocation(#20156,#20157) +#20158=* +tokeninfo(#20158,7,#20001,52,"with") +#20159=@"loc,{#10000},6,29,6,32" +locations_default(#20159,#10000,6,29,6,32) +hasLocation(#20158,#20159) +#20160=* +tokeninfo(#20160,8,#20001,53,"{") +#20161=@"loc,{#10000},6,34,6,34" +locations_default(#20161,#10000,6,34,6,34) +hasLocation(#20160,#20161) +#20162=* +tokeninfo(#20162,6,#20001,54,"type") +#20163=@"loc,{#10000},6,36,6,39" +locations_default(#20163,#10000,6,36,6,39) +hasLocation(#20162,#20163) +#20164=* +tokeninfo(#20164,8,#20001,55,":") +#20165=@"loc,{#10000},6,40,6,40" +locations_default(#20165,#10000,6,40,6,40) +hasLocation(#20164,#20165) +#20166=* +tokeninfo(#20166,4,#20001,56,"""json""") +#20167=@"loc,{#10000},6,42,6,47" +locations_default(#20167,#10000,6,42,6,47) +hasLocation(#20166,#20167) +#20168=* +tokeninfo(#20168,8,#20001,57,"}") +#20169=@"loc,{#10000},6,49,6,49" +locations_default(#20169,#10000,6,49,6,49) +hasLocation(#20168,#20169) +#20170=* +tokeninfo(#20170,8,#20001,58,";") +#20171=@"loc,{#10000},6,50,6,50" +locations_default(#20171,#10000,6,50,6,50) +hasLocation(#20170,#20171) +#20172=* +tokeninfo(#20172,7,#20001,59,"export") +#20173=@"loc,{#10000},7,1,7,6" +locations_default(#20173,#10000,7,1,7,6) +hasLocation(#20172,#20173) +#20174=* +tokeninfo(#20174,8,#20001,60,"*") +#20175=@"loc,{#10000},7,8,7,8" +locations_default(#20175,#10000,7,8,7,8) +hasLocation(#20174,#20175) +#20176=* +tokeninfo(#20176,6,#20001,61,"from") +#20177=@"loc,{#10000},7,10,7,13" +locations_default(#20177,#10000,7,10,7,13) +hasLocation(#20176,#20177) +#20178=* +tokeninfo(#20178,4,#20001,62,"""module""") +#20179=@"loc,{#10000},7,15,7,22" +locations_default(#20179,#10000,7,15,7,22) +hasLocation(#20178,#20179) +#20180=* +tokeninfo(#20180,7,#20001,63,"with") +#20181=@"loc,{#10000},7,24,7,27" +locations_default(#20181,#10000,7,24,7,27) +hasLocation(#20180,#20181) +#20182=* +tokeninfo(#20182,8,#20001,64,"{") +#20183=@"loc,{#10000},7,29,7,29" +locations_default(#20183,#10000,7,29,7,29) +hasLocation(#20182,#20183) +#20184=* +tokeninfo(#20184,6,#20001,65,"type") +#20185=@"loc,{#10000},7,31,7,34" +locations_default(#20185,#10000,7,31,7,34) +hasLocation(#20184,#20185) +#20186=* +tokeninfo(#20186,8,#20001,66,":") +#20187=@"loc,{#10000},7,35,7,35" +locations_default(#20187,#10000,7,35,7,35) +hasLocation(#20186,#20187) +#20188=* +tokeninfo(#20188,4,#20001,67,"""json""") +#20189=@"loc,{#10000},7,37,7,42" +locations_default(#20189,#10000,7,37,7,42) +hasLocation(#20188,#20189) +#20190=* +tokeninfo(#20190,8,#20001,68,"}") +#20191=@"loc,{#10000},7,44,7,44" +locations_default(#20191,#10000,7,44,7,44) +hasLocation(#20190,#20191) +#20192=* +tokeninfo(#20192,8,#20001,69,";") +#20193=@"loc,{#10000},7,45,7,45" +locations_default(#20193,#10000,7,45,7,45) +hasLocation(#20192,#20193) +#20194=* +tokeninfo(#20194,7,#20001,70,"export") +#20195=@"loc,{#10000},8,1,8,6" +locations_default(#20195,#10000,8,1,8,6) +hasLocation(#20194,#20195) +#20196=* +tokeninfo(#20196,8,#20001,71,"*") +#20197=@"loc,{#10000},8,8,8,8" +locations_default(#20197,#10000,8,8,8,8) +hasLocation(#20196,#20197) +#20198=* +tokeninfo(#20198,6,#20001,72,"as") +#20199=@"loc,{#10000},8,10,8,11" +locations_default(#20199,#10000,8,10,8,11) +hasLocation(#20198,#20199) +#20200=* +tokeninfo(#20200,6,#20001,73,"v5") +#20201=@"loc,{#10000},8,13,8,14" +locations_default(#20201,#10000,8,13,8,14) +hasLocation(#20200,#20201) +#20202=* +tokeninfo(#20202,6,#20001,74,"from") +#20203=@"loc,{#10000},8,16,8,19" +locations_default(#20203,#10000,8,16,8,19) +hasLocation(#20202,#20203) +#20204=* +tokeninfo(#20204,4,#20001,75,"""module""") +#20205=@"loc,{#10000},8,21,8,28" +locations_default(#20205,#10000,8,21,8,28) +hasLocation(#20204,#20205) +#20206=* +tokeninfo(#20206,7,#20001,76,"with") +#20207=@"loc,{#10000},8,30,8,33" +locations_default(#20207,#10000,8,30,8,33) +hasLocation(#20206,#20207) +#20208=* +tokeninfo(#20208,8,#20001,77,"{") +#20209=@"loc,{#10000},8,35,8,35" +locations_default(#20209,#10000,8,35,8,35) +hasLocation(#20208,#20209) +#20210=* +tokeninfo(#20210,6,#20001,78,"type") +#20211=@"loc,{#10000},8,37,8,40" +locations_default(#20211,#10000,8,37,8,40) +hasLocation(#20210,#20211) +#20212=* +tokeninfo(#20212,8,#20001,79,":") +#20213=@"loc,{#10000},8,41,8,41" +locations_default(#20213,#10000,8,41,8,41) +hasLocation(#20212,#20213) +#20214=* +tokeninfo(#20214,4,#20001,80,"""json""") +#20215=@"loc,{#10000},8,43,8,48" +locations_default(#20215,#10000,8,43,8,48) +hasLocation(#20214,#20215) +#20216=* +tokeninfo(#20216,8,#20001,81,"}") +#20217=@"loc,{#10000},8,50,8,50" +locations_default(#20217,#10000,8,50,8,50) +hasLocation(#20216,#20217) +#20218=* +tokeninfo(#20218,8,#20001,82,";") +#20219=@"loc,{#10000},8,51,8,51" +locations_default(#20219,#10000,8,51,8,51) +hasLocation(#20218,#20219) +#20220=* +tokeninfo(#20220,7,#20001,83,"const") +#20221=@"loc,{#10000},10,1,10,5" +locations_default(#20221,#10000,10,1,10,5) +hasLocation(#20220,#20221) +#20222=* +tokeninfo(#20222,6,#20001,84,"v6") +#20223=@"loc,{#10000},10,7,10,8" +locations_default(#20223,#10000,10,7,10,8) +hasLocation(#20222,#20223) +#20224=* +tokeninfo(#20224,8,#20001,85,"=") +#20225=@"loc,{#10000},10,10,10,10" +locations_default(#20225,#10000,10,10,10,10) +hasLocation(#20224,#20225) +#20226=* +tokeninfo(#20226,7,#20001,86,"import") +#20227=@"loc,{#10000},10,12,10,17" +locations_default(#20227,#10000,10,12,10,17) +hasLocation(#20226,#20227) +#20228=* +tokeninfo(#20228,8,#20001,87,"(") +#20229=@"loc,{#10000},10,18,10,18" +locations_default(#20229,#10000,10,18,10,18) +hasLocation(#20228,#20229) +#20230=* +tokeninfo(#20230,4,#20001,88,"""module""") +#20231=@"loc,{#10000},10,19,10,26" +locations_default(#20231,#10000,10,19,10,26) +hasLocation(#20230,#20231) +#20232=* +tokeninfo(#20232,8,#20001,89,",") +#20233=@"loc,{#10000},10,27,10,27" +locations_default(#20233,#10000,10,27,10,27) +hasLocation(#20232,#20233) +#20234=* +tokeninfo(#20234,8,#20001,90,"{") +#20235=@"loc,{#10000},10,29,10,29" +locations_default(#20235,#10000,10,29,10,29) +hasLocation(#20234,#20235) +#20236=* +tokeninfo(#20236,7,#20001,91,"with") +#20237=@"loc,{#10000},10,31,10,34" +locations_default(#20237,#10000,10,31,10,34) +hasLocation(#20236,#20237) +#20238=* +tokeninfo(#20238,8,#20001,92,":") +#20239=@"loc,{#10000},10,35,10,35" +locations_default(#20239,#10000,10,35,10,35) +hasLocation(#20238,#20239) +#20240=* +tokeninfo(#20240,8,#20001,93,"{") +#20241=@"loc,{#10000},10,37,10,37" +locations_default(#20241,#10000,10,37,10,37) +hasLocation(#20240,#20241) +#20242=* +tokeninfo(#20242,6,#20001,94,"type") +#20243=@"loc,{#10000},10,39,10,42" +locations_default(#20243,#10000,10,39,10,42) +hasLocation(#20242,#20243) +#20244=* +tokeninfo(#20244,8,#20001,95,":") +#20245=@"loc,{#10000},10,43,10,43" +locations_default(#20245,#10000,10,43,10,43) +hasLocation(#20244,#20245) +#20246=* +tokeninfo(#20246,4,#20001,96,"""json""") +#20247=@"loc,{#10000},10,45,10,50" +locations_default(#20247,#10000,10,45,10,50) +hasLocation(#20246,#20247) +#20248=* +tokeninfo(#20248,8,#20001,97,"}") +#20249=@"loc,{#10000},10,52,10,52" +locations_default(#20249,#10000,10,52,10,52) +hasLocation(#20248,#20249) +#20250=* +tokeninfo(#20250,8,#20001,98,"}") +#20251=@"loc,{#10000},10,54,10,54" +locations_default(#20251,#10000,10,54,10,54) +hasLocation(#20250,#20251) +#20252=* +tokeninfo(#20252,8,#20001,99,")") +#20253=@"loc,{#10000},10,55,10,55" +locations_default(#20253,#10000,10,55,10,55) +hasLocation(#20252,#20253) +#20254=* +tokeninfo(#20254,8,#20001,100,";") +#20255=@"loc,{#10000},10,56,10,56" +locations_default(#20255,#10000,10,56,10,56) +hasLocation(#20254,#20255) +#20256=* +tokeninfo(#20256,7,#20001,101,"import") +#20257=@"loc,{#10000},12,1,12,6" +locations_default(#20257,#10000,12,1,12,6) +hasLocation(#20256,#20257) +#20258=* +tokeninfo(#20258,4,#20001,102,"""module""") +#20259=@"loc,{#10000},12,8,12,15" +locations_default(#20259,#10000,12,8,12,15) +hasLocation(#20258,#20259) +#20260=* +tokeninfo(#20260,6,#20001,103,"assert") +#20261=@"loc,{#10000},13,1,13,6" +locations_default(#20261,#10000,13,1,13,6) +hasLocation(#20260,#20261) +next_token(#20002,#20260) +#20262=* +tokeninfo(#20262,8,#20001,104,"(") +#20263=@"loc,{#10000},13,7,13,7" +locations_default(#20263,#10000,13,7,13,7) +hasLocation(#20262,#20263) +#20264=* +tokeninfo(#20264,8,#20001,105,"{") +#20265=@"loc,{#10000},13,8,13,8" +locations_default(#20265,#10000,13,8,13,8) +hasLocation(#20264,#20265) +#20266=* +tokeninfo(#20266,6,#20001,106,"type") +#20267=@"loc,{#10000},13,9,13,12" +locations_default(#20267,#10000,13,9,13,12) +hasLocation(#20266,#20267) +#20268=* +tokeninfo(#20268,8,#20001,107,":") +#20269=@"loc,{#10000},13,13,13,13" +locations_default(#20269,#10000,13,13,13,13) +hasLocation(#20268,#20269) +#20270=* +tokeninfo(#20270,4,#20001,108,"""json""") +#20271=@"loc,{#10000},13,15,13,20" +locations_default(#20271,#10000,13,15,13,20) +hasLocation(#20270,#20271) +#20272=* +tokeninfo(#20272,8,#20001,109,"}") +#20273=@"loc,{#10000},13,21,13,21" +locations_default(#20273,#10000,13,21,13,21) +hasLocation(#20272,#20273) +#20274=* +tokeninfo(#20274,8,#20001,110,")") +#20275=@"loc,{#10000},13,22,13,22" +locations_default(#20275,#10000,13,22,13,22) +hasLocation(#20274,#20275) +#20276=* +tokeninfo(#20276,8,#20001,111,";") +#20277=@"loc,{#10000},13,23,13,23" +locations_default(#20277,#10000,13,23,13,23) +hasLocation(#20276,#20277) +#20278=* +tokeninfo(#20278,7,#20001,112,"import") +#20279=@"loc,{#10000},15,1,15,6" +locations_default(#20279,#10000,15,1,15,6) +hasLocation(#20278,#20279) +next_token(#20004,#20278) +#20280=* +tokeninfo(#20280,4,#20001,113,"""module""") +#20281=@"loc,{#10000},15,8,15,15" +locations_default(#20281,#10000,15,8,15,15) +hasLocation(#20280,#20281) +#20282=* +tokeninfo(#20282,6,#20001,114,"assert") +#20283=@"loc,{#10000},15,17,15,22" +locations_default(#20283,#10000,15,17,15,22) +hasLocation(#20282,#20283) +#20284=* +tokeninfo(#20284,8,#20001,115,"{") +#20285=@"loc,{#10000},15,24,15,24" +locations_default(#20285,#10000,15,24,15,24) +hasLocation(#20284,#20285) +#20286=* +tokeninfo(#20286,6,#20001,116,"type") +#20287=@"loc,{#10000},15,26,15,29" +locations_default(#20287,#10000,15,26,15,29) +hasLocation(#20286,#20287) +#20288=* +tokeninfo(#20288,8,#20001,117,":") +#20289=@"loc,{#10000},15,30,15,30" +locations_default(#20289,#10000,15,30,15,30) +hasLocation(#20288,#20289) +#20290=* +tokeninfo(#20290,4,#20001,118,"""json""") +#20291=@"loc,{#10000},15,32,15,37" +locations_default(#20291,#10000,15,32,15,37) +hasLocation(#20290,#20291) +#20292=* +tokeninfo(#20292,8,#20001,119,"}") +#20293=@"loc,{#10000},15,39,15,39" +locations_default(#20293,#10000,15,39,15,39) +hasLocation(#20292,#20293) +#20294=* +tokeninfo(#20294,8,#20001,120,";") +#20295=@"loc,{#10000},15,40,15,40" +locations_default(#20295,#10000,15,40,15,40) +hasLocation(#20294,#20295) +#20296=* +tokeninfo(#20296,7,#20001,121,"import") +#20297=@"loc,{#10000},16,1,16,6" +locations_default(#20297,#10000,16,1,16,6) +hasLocation(#20296,#20297) +#20298=* +tokeninfo(#20298,8,#20001,122,"*") +#20299=@"loc,{#10000},16,8,16,8" +locations_default(#20299,#10000,16,8,16,8) +hasLocation(#20298,#20299) +#20300=* +tokeninfo(#20300,6,#20001,123,"as") +#20301=@"loc,{#10000},16,10,16,11" +locations_default(#20301,#10000,16,10,16,11) +hasLocation(#20300,#20301) +#20302=* +tokeninfo(#20302,6,#20001,124,"v1") +#20303=@"loc,{#10000},16,13,16,14" +locations_default(#20303,#10000,16,13,16,14) +hasLocation(#20302,#20303) +#20304=* +tokeninfo(#20304,6,#20001,125,"from") +#20305=@"loc,{#10000},16,16,16,19" +locations_default(#20305,#10000,16,16,16,19) +hasLocation(#20304,#20305) +#20306=* +tokeninfo(#20306,4,#20001,126,"""module""") +#20307=@"loc,{#10000},16,21,16,28" +locations_default(#20307,#10000,16,21,16,28) +hasLocation(#20306,#20307) +#20308=* +tokeninfo(#20308,6,#20001,127,"assert") +#20309=@"loc,{#10000},16,30,16,35" +locations_default(#20309,#10000,16,30,16,35) +hasLocation(#20308,#20309) +#20310=* +tokeninfo(#20310,8,#20001,128,"{") +#20311=@"loc,{#10000},16,37,16,37" +locations_default(#20311,#10000,16,37,16,37) +hasLocation(#20310,#20311) +#20312=* +tokeninfo(#20312,6,#20001,129,"type") +#20313=@"loc,{#10000},16,39,16,42" +locations_default(#20313,#10000,16,39,16,42) +hasLocation(#20312,#20313) +#20314=* +tokeninfo(#20314,8,#20001,130,":") +#20315=@"loc,{#10000},16,43,16,43" +locations_default(#20315,#10000,16,43,16,43) +hasLocation(#20314,#20315) +#20316=* +tokeninfo(#20316,4,#20001,131,"""json""") +#20317=@"loc,{#10000},16,45,16,50" +locations_default(#20317,#10000,16,45,16,50) +hasLocation(#20316,#20317) +#20318=* +tokeninfo(#20318,8,#20001,132,"}") +#20319=@"loc,{#10000},16,52,16,52" +locations_default(#20319,#10000,16,52,16,52) +hasLocation(#20318,#20319) +#20320=* +tokeninfo(#20320,8,#20001,133,";") +#20321=@"loc,{#10000},16,53,16,53" +locations_default(#20321,#10000,16,53,16,53) +hasLocation(#20320,#20321) +#20322=* +tokeninfo(#20322,7,#20001,134,"import") +#20323=@"loc,{#10000},17,1,17,6" +locations_default(#20323,#10000,17,1,17,6) +hasLocation(#20322,#20323) +#20324=* +tokeninfo(#20324,8,#20001,135,"{") +#20325=@"loc,{#10000},17,8,17,8" +locations_default(#20325,#10000,17,8,17,8) +hasLocation(#20324,#20325) +#20326=* +tokeninfo(#20326,6,#20001,136,"v2") +#20327=@"loc,{#10000},17,10,17,11" +locations_default(#20327,#10000,17,10,17,11) +hasLocation(#20326,#20327) +#20328=* +tokeninfo(#20328,8,#20001,137,"}") +#20329=@"loc,{#10000},17,13,17,13" +locations_default(#20329,#10000,17,13,17,13) +hasLocation(#20328,#20329) +#20330=* +tokeninfo(#20330,6,#20001,138,"from") +#20331=@"loc,{#10000},17,15,17,18" +locations_default(#20331,#10000,17,15,17,18) +hasLocation(#20330,#20331) +#20332=* +tokeninfo(#20332,4,#20001,139,"""module""") +#20333=@"loc,{#10000},17,20,17,27" +locations_default(#20333,#10000,17,20,17,27) +hasLocation(#20332,#20333) +#20334=* +tokeninfo(#20334,6,#20001,140,"assert") +#20335=@"loc,{#10000},17,29,17,34" +locations_default(#20335,#10000,17,29,17,34) +hasLocation(#20334,#20335) +#20336=* +tokeninfo(#20336,8,#20001,141,"{") +#20337=@"loc,{#10000},17,36,17,36" +locations_default(#20337,#10000,17,36,17,36) +hasLocation(#20336,#20337) +#20338=* +tokeninfo(#20338,6,#20001,142,"type") +#20339=@"loc,{#10000},17,38,17,41" +locations_default(#20339,#10000,17,38,17,41) +hasLocation(#20338,#20339) +#20340=* +tokeninfo(#20340,8,#20001,143,":") +#20341=@"loc,{#10000},17,42,17,42" +locations_default(#20341,#10000,17,42,17,42) +hasLocation(#20340,#20341) +#20342=* +tokeninfo(#20342,4,#20001,144,"""json""") +#20343=@"loc,{#10000},17,44,17,49" +locations_default(#20343,#10000,17,44,17,49) +hasLocation(#20342,#20343) +#20344=* +tokeninfo(#20344,8,#20001,145,"}") +#20345=@"loc,{#10000},17,51,17,51" +locations_default(#20345,#10000,17,51,17,51) +hasLocation(#20344,#20345) +#20346=* +tokeninfo(#20346,8,#20001,146,";") +#20347=@"loc,{#10000},17,52,17,52" +locations_default(#20347,#10000,17,52,17,52) +hasLocation(#20346,#20347) +#20348=* +tokeninfo(#20348,7,#20001,147,"import") +#20349=@"loc,{#10000},18,1,18,6" +locations_default(#20349,#10000,18,1,18,6) +hasLocation(#20348,#20349) +#20350=* +tokeninfo(#20350,6,#20001,148,"v3") +#20351=@"loc,{#10000},18,8,18,9" +locations_default(#20351,#10000,18,8,18,9) +hasLocation(#20350,#20351) +#20352=* +tokeninfo(#20352,6,#20001,149,"from") +#20353=@"loc,{#10000},18,11,18,14" +locations_default(#20353,#10000,18,11,18,14) +hasLocation(#20352,#20353) +#20354=* +tokeninfo(#20354,4,#20001,150,"""module""") +#20355=@"loc,{#10000},18,16,18,23" +locations_default(#20355,#10000,18,16,18,23) +hasLocation(#20354,#20355) +#20356=* +tokeninfo(#20356,6,#20001,151,"assert") +#20357=@"loc,{#10000},18,25,18,30" +locations_default(#20357,#10000,18,25,18,30) +hasLocation(#20356,#20357) +#20358=* +tokeninfo(#20358,8,#20001,152,"{") +#20359=@"loc,{#10000},18,32,18,32" +locations_default(#20359,#10000,18,32,18,32) +hasLocation(#20358,#20359) +#20360=* +tokeninfo(#20360,6,#20001,153,"type") +#20361=@"loc,{#10000},18,34,18,37" +locations_default(#20361,#10000,18,34,18,37) +hasLocation(#20360,#20361) +#20362=* +tokeninfo(#20362,8,#20001,154,":") +#20363=@"loc,{#10000},18,38,18,38" +locations_default(#20363,#10000,18,38,18,38) +hasLocation(#20362,#20363) +#20364=* +tokeninfo(#20364,4,#20001,155,"""json""") +#20365=@"loc,{#10000},18,40,18,45" +locations_default(#20365,#10000,18,40,18,45) +hasLocation(#20364,#20365) +#20366=* +tokeninfo(#20366,8,#20001,156,"}") +#20367=@"loc,{#10000},18,47,18,47" +locations_default(#20367,#10000,18,47,18,47) +hasLocation(#20366,#20367) +#20368=* +tokeninfo(#20368,8,#20001,157,";") +#20369=@"loc,{#10000},18,48,18,48" +locations_default(#20369,#10000,18,48,18,48) +hasLocation(#20368,#20369) +#20370=* +tokeninfo(#20370,7,#20001,158,"export") +#20371=@"loc,{#10000},20,1,20,6" +locations_default(#20371,#10000,20,1,20,6) +hasLocation(#20370,#20371) +#20372=* +tokeninfo(#20372,8,#20001,159,"{") +#20373=@"loc,{#10000},20,8,20,8" +locations_default(#20373,#10000,20,8,20,8) +hasLocation(#20372,#20373) +#20374=* +tokeninfo(#20374,6,#20001,160,"v4") +#20375=@"loc,{#10000},20,10,20,11" +locations_default(#20375,#10000,20,10,20,11) +hasLocation(#20374,#20375) +#20376=* +tokeninfo(#20376,8,#20001,161,"}") +#20377=@"loc,{#10000},20,13,20,13" +locations_default(#20377,#10000,20,13,20,13) +hasLocation(#20376,#20377) +#20378=* +tokeninfo(#20378,6,#20001,162,"from") +#20379=@"loc,{#10000},20,15,20,18" +locations_default(#20379,#10000,20,15,20,18) +hasLocation(#20378,#20379) +#20380=* +tokeninfo(#20380,4,#20001,163,"""module""") +#20381=@"loc,{#10000},20,20,20,27" +locations_default(#20381,#10000,20,20,20,27) +hasLocation(#20380,#20381) +#20382=* +tokeninfo(#20382,6,#20001,164,"assert") +#20383=@"loc,{#10000},20,29,20,34" +locations_default(#20383,#10000,20,29,20,34) +hasLocation(#20382,#20383) +#20384=* +tokeninfo(#20384,8,#20001,165,"{") +#20385=@"loc,{#10000},20,36,20,36" +locations_default(#20385,#10000,20,36,20,36) +hasLocation(#20384,#20385) +#20386=* +tokeninfo(#20386,6,#20001,166,"type") +#20387=@"loc,{#10000},20,38,20,41" +locations_default(#20387,#10000,20,38,20,41) +hasLocation(#20386,#20387) +#20388=* +tokeninfo(#20388,8,#20001,167,":") +#20389=@"loc,{#10000},20,42,20,42" +locations_default(#20389,#10000,20,42,20,42) +hasLocation(#20388,#20389) +#20390=* +tokeninfo(#20390,4,#20001,168,"""json""") +#20391=@"loc,{#10000},20,44,20,49" +locations_default(#20391,#10000,20,44,20,49) +hasLocation(#20390,#20391) +#20392=* +tokeninfo(#20392,8,#20001,169,"}") +#20393=@"loc,{#10000},20,51,20,51" +locations_default(#20393,#10000,20,51,20,51) +hasLocation(#20392,#20393) +#20394=* +tokeninfo(#20394,8,#20001,170,";") +#20395=@"loc,{#10000},20,52,20,52" +locations_default(#20395,#10000,20,52,20,52) +hasLocation(#20394,#20395) +#20396=* +tokeninfo(#20396,7,#20001,171,"export") +#20397=@"loc,{#10000},21,1,21,6" +locations_default(#20397,#10000,21,1,21,6) +hasLocation(#20396,#20397) +#20398=* +tokeninfo(#20398,8,#20001,172,"*") +#20399=@"loc,{#10000},21,8,21,8" +locations_default(#20399,#10000,21,8,21,8) +hasLocation(#20398,#20399) +#20400=* +tokeninfo(#20400,6,#20001,173,"from") +#20401=@"loc,{#10000},21,10,21,13" +locations_default(#20401,#10000,21,10,21,13) +hasLocation(#20400,#20401) +#20402=* +tokeninfo(#20402,4,#20001,174,"""module""") +#20403=@"loc,{#10000},21,15,21,22" +locations_default(#20403,#10000,21,15,21,22) +hasLocation(#20402,#20403) +#20404=* +tokeninfo(#20404,6,#20001,175,"assert") +#20405=@"loc,{#10000},21,24,21,29" +locations_default(#20405,#10000,21,24,21,29) +hasLocation(#20404,#20405) +#20406=* +tokeninfo(#20406,8,#20001,176,"{") +#20407=@"loc,{#10000},21,31,21,31" +locations_default(#20407,#10000,21,31,21,31) +hasLocation(#20406,#20407) +#20408=* +tokeninfo(#20408,6,#20001,177,"type") +#20409=@"loc,{#10000},21,33,21,36" +locations_default(#20409,#10000,21,33,21,36) +hasLocation(#20408,#20409) +#20410=* +tokeninfo(#20410,8,#20001,178,":") +#20411=@"loc,{#10000},21,37,21,37" +locations_default(#20411,#10000,21,37,21,37) +hasLocation(#20410,#20411) +#20412=* +tokeninfo(#20412,4,#20001,179,"""json""") +#20413=@"loc,{#10000},21,39,21,44" +locations_default(#20413,#10000,21,39,21,44) +hasLocation(#20412,#20413) +#20414=* +tokeninfo(#20414,8,#20001,180,"}") +#20415=@"loc,{#10000},21,46,21,46" +locations_default(#20415,#10000,21,46,21,46) +hasLocation(#20414,#20415) +#20416=* +tokeninfo(#20416,8,#20001,181,";") +#20417=@"loc,{#10000},21,47,21,47" +locations_default(#20417,#10000,21,47,21,47) +hasLocation(#20416,#20417) +#20418=* +tokeninfo(#20418,7,#20001,182,"export") +#20419=@"loc,{#10000},22,1,22,6" +locations_default(#20419,#10000,22,1,22,6) +hasLocation(#20418,#20419) +#20420=* +tokeninfo(#20420,8,#20001,183,"*") +#20421=@"loc,{#10000},22,8,22,8" +locations_default(#20421,#10000,22,8,22,8) +hasLocation(#20420,#20421) +#20422=* +tokeninfo(#20422,6,#20001,184,"as") +#20423=@"loc,{#10000},22,10,22,11" +locations_default(#20423,#10000,22,10,22,11) +hasLocation(#20422,#20423) +#20424=* +tokeninfo(#20424,6,#20001,185,"v5") +#20425=@"loc,{#10000},22,13,22,14" +locations_default(#20425,#10000,22,13,22,14) +hasLocation(#20424,#20425) +#20426=* +tokeninfo(#20426,6,#20001,186,"from") +#20427=@"loc,{#10000},22,16,22,19" +locations_default(#20427,#10000,22,16,22,19) +hasLocation(#20426,#20427) +#20428=* +tokeninfo(#20428,4,#20001,187,"""module""") +#20429=@"loc,{#10000},22,21,22,28" +locations_default(#20429,#10000,22,21,22,28) +hasLocation(#20428,#20429) +#20430=* +tokeninfo(#20430,6,#20001,188,"assert") +#20431=@"loc,{#10000},22,30,22,35" +locations_default(#20431,#10000,22,30,22,35) +hasLocation(#20430,#20431) +#20432=* +tokeninfo(#20432,8,#20001,189,"{") +#20433=@"loc,{#10000},22,37,22,37" +locations_default(#20433,#10000,22,37,22,37) +hasLocation(#20432,#20433) +#20434=* +tokeninfo(#20434,6,#20001,190,"type") +#20435=@"loc,{#10000},22,39,22,42" +locations_default(#20435,#10000,22,39,22,42) +hasLocation(#20434,#20435) +#20436=* +tokeninfo(#20436,8,#20001,191,":") +#20437=@"loc,{#10000},22,43,22,43" +locations_default(#20437,#10000,22,43,22,43) +hasLocation(#20436,#20437) +#20438=* +tokeninfo(#20438,4,#20001,192,"""json""") +#20439=@"loc,{#10000},22,45,22,50" +locations_default(#20439,#10000,22,45,22,50) +hasLocation(#20438,#20439) +#20440=* +tokeninfo(#20440,8,#20001,193,"}") +#20441=@"loc,{#10000},22,52,22,52" +locations_default(#20441,#10000,22,52,22,52) +hasLocation(#20440,#20441) +#20442=* +tokeninfo(#20442,8,#20001,194,";") +#20443=@"loc,{#10000},22,53,22,53" +locations_default(#20443,#10000,22,53,22,53) +hasLocation(#20442,#20443) +#20444=* +tokeninfo(#20444,7,#20001,195,"const") +#20445=@"loc,{#10000},24,1,24,5" +locations_default(#20445,#10000,24,1,24,5) +hasLocation(#20444,#20445) +#20446=* +tokeninfo(#20446,6,#20001,196,"v6") +#20447=@"loc,{#10000},24,7,24,8" +locations_default(#20447,#10000,24,7,24,8) +hasLocation(#20446,#20447) +#20448=* +tokeninfo(#20448,8,#20001,197,"=") +#20449=@"loc,{#10000},24,10,24,10" +locations_default(#20449,#10000,24,10,24,10) +hasLocation(#20448,#20449) +#20450=* +tokeninfo(#20450,7,#20001,198,"import") +#20451=@"loc,{#10000},24,12,24,17" +locations_default(#20451,#10000,24,12,24,17) +hasLocation(#20450,#20451) +#20452=* +tokeninfo(#20452,8,#20001,199,"(") +#20453=@"loc,{#10000},24,18,24,18" +locations_default(#20453,#10000,24,18,24,18) +hasLocation(#20452,#20453) +#20454=* +tokeninfo(#20454,4,#20001,200,"""module""") +#20455=@"loc,{#10000},24,19,24,26" +locations_default(#20455,#10000,24,19,24,26) +hasLocation(#20454,#20455) +#20456=* +tokeninfo(#20456,8,#20001,201,",") +#20457=@"loc,{#10000},24,27,24,27" +locations_default(#20457,#10000,24,27,24,27) +hasLocation(#20456,#20457) +#20458=* +tokeninfo(#20458,8,#20001,202,"{") +#20459=@"loc,{#10000},24,29,24,29" +locations_default(#20459,#10000,24,29,24,29) +hasLocation(#20458,#20459) +#20460=* +tokeninfo(#20460,6,#20001,203,"assert") +#20461=@"loc,{#10000},24,31,24,36" +locations_default(#20461,#10000,24,31,24,36) +hasLocation(#20460,#20461) +#20462=* +tokeninfo(#20462,8,#20001,204,":") +#20463=@"loc,{#10000},24,37,24,37" +locations_default(#20463,#10000,24,37,24,37) +hasLocation(#20462,#20463) +#20464=* +tokeninfo(#20464,8,#20001,205,"{") +#20465=@"loc,{#10000},24,39,24,39" +locations_default(#20465,#10000,24,39,24,39) +hasLocation(#20464,#20465) +#20466=* +tokeninfo(#20466,6,#20001,206,"type") +#20467=@"loc,{#10000},24,41,24,44" +locations_default(#20467,#10000,24,41,24,44) +hasLocation(#20466,#20467) +#20468=* +tokeninfo(#20468,8,#20001,207,":") +#20469=@"loc,{#10000},24,45,24,45" +locations_default(#20469,#10000,24,45,24,45) +hasLocation(#20468,#20469) +#20470=* +tokeninfo(#20470,4,#20001,208,"""json""") +#20471=@"loc,{#10000},24,47,24,52" +locations_default(#20471,#10000,24,47,24,52) +hasLocation(#20470,#20471) +#20472=* +tokeninfo(#20472,8,#20001,209,"}") +#20473=@"loc,{#10000},24,54,24,54" +locations_default(#20473,#10000,24,54,24,54) +hasLocation(#20472,#20473) +#20474=* +tokeninfo(#20474,8,#20001,210,"}") +#20475=@"loc,{#10000},24,56,24,56" +locations_default(#20475,#10000,24,56,24,56) +hasLocation(#20474,#20475) +#20476=* +tokeninfo(#20476,8,#20001,211,")") +#20477=@"loc,{#10000},24,57,24,57" +locations_default(#20477,#10000,24,57,24,57) +hasLocation(#20476,#20477) +#20478=* +tokeninfo(#20478,8,#20001,212,";") +#20479=@"loc,{#10000},24,58,24,58" +locations_default(#20479,#10000,24,58,24,58) +hasLocation(#20478,#20479) +#20480=* +tokeninfo(#20480,0,#20001,213,"") +#20481=@"loc,{#10000},25,1,25,0" +locations_default(#20481,#10000,25,1,25,0) +hasLocation(#20480,#20481) +toplevels(#20001,0) +#20482=@"loc,{#10000},1,1,25,0" +locations_default(#20482,#10000,1,1,25,0) +hasLocation(#20001,#20482) +#20483=@"module;{#10000},1,1" +scopes(#20483,3) +scopenodes(#20001,#20483) +scopenesting(#20483,#20000) +is_module(#20001) +is_es2015_module(#20001) +#20484=@"var;{v1};{#20483}" +variables(#20484,"v1",#20483) +#20485=@"var;{v2};{#20483}" +variables(#20485,"v2",#20483) +#20486=@"var;{v3};{#20483}" +variables(#20486,"v3",#20483) +#20487=@"local_type_name;{v1};{#20483}" +local_type_names(#20487,"v1",#20483) +#20488=@"local_type_name;{v2};{#20483}" +local_type_names(#20488,"v2",#20483) +#20489=@"local_type_name;{v3};{#20483}" +local_type_names(#20489,"v3",#20483) +#20490=@"local_namespace_name;{v1};{#20483}" +local_namespace_names(#20490,"v1",#20483) +#20491=@"local_namespace_name;{v2};{#20483}" +local_namespace_names(#20491,"v2",#20483) +#20492=@"local_namespace_name;{v3};{#20483}" +local_namespace_names(#20492,"v3",#20483) +variables(#20484,"v1",#20483) +variables(#20485,"v2",#20483) +variables(#20486,"v3",#20483) +#20493=@"var;{v6};{#20483}" +variables(#20493,"v6",#20483) +local_type_names(#20487,"v1",#20483) +local_type_names(#20488,"v2",#20483) +local_type_names(#20489,"v3",#20483) +local_namespace_names(#20490,"v1",#20483) +local_namespace_names(#20491,"v2",#20483) +local_namespace_names(#20492,"v3",#20483) +#20494=* +stmts(#20494,27,#20001,0,"import ... son"" };") +hasLocation(#20494,#20007) +stmt_containers(#20494,#20001) +#20495=* +exprs(#20495,4,#20494,-1,"""module""") +hasLocation(#20495,#20057) +enclosing_stmt(#20495,#20494) +expr_containers(#20495,#20001) +literals("module","""module""",#20495) +#20496=* +regexpterm(#20496,14,#20495,0,"module") +#20497=@"loc,{#10000},1,9,1,14" +locations_default(#20497,#10000,1,9,1,14) +hasLocation(#20496,#20497) +regexp_const_value(#20496,"module") +#20498=* +exprs(#20498,8,#20494,-10,"{ type: ""json"" }") +#20499=@"loc,{#10000},1,22,1,37" +locations_default(#20499,#10000,1,22,1,37) +hasLocation(#20498,#20499) +enclosing_stmt(#20498,#20494) +expr_containers(#20498,#20001) +#20500=* +properties(#20500,#20498,0,0,"type: ""json""") +#20501=@"loc,{#10000},1,24,1,35" +locations_default(#20501,#10000,1,24,1,35) +hasLocation(#20500,#20501) +#20502=* +exprs(#20502,0,#20500,0,"type") +hasLocation(#20502,#20063) +enclosing_stmt(#20502,#20494) +expr_containers(#20502,#20001) +literals("type","type",#20502) +#20503=* +exprs(#20503,4,#20500,1,"""json""") +hasLocation(#20503,#20067) +enclosing_stmt(#20503,#20494) +expr_containers(#20503,#20001) +literals("json","""json""",#20503) +#20504=* +regexpterm(#20504,14,#20503,0,"json") +#20505=@"loc,{#10000},1,31,1,34" +locations_default(#20505,#10000,1,31,1,34) +hasLocation(#20504,#20505) +regexp_const_value(#20504,"json") +#20506=* +stmts(#20506,27,#20001,1,"import ... son"" };") +hasLocation(#20506,#20009) +stmt_containers(#20506,#20001) +#20507=* +exprs(#20507,4,#20506,-1,"""module""") +hasLocation(#20507,#20083) +enclosing_stmt(#20507,#20506) +expr_containers(#20507,#20001) +literals("module","""module""",#20507) +#20508=* +regexpterm(#20508,14,#20507,0,"module") +#20509=@"loc,{#10000},2,22,2,27" +locations_default(#20509,#10000,2,22,2,27) +hasLocation(#20508,#20509) +regexp_const_value(#20508,"module") +#20510=* +exprs(#20510,8,#20506,-10,"{ type: ""json"" }") +#20511=@"loc,{#10000},2,35,2,50" +locations_default(#20511,#10000,2,35,2,50) +hasLocation(#20510,#20511) +enclosing_stmt(#20510,#20506) +expr_containers(#20510,#20001) +#20512=* +properties(#20512,#20510,0,0,"type: ""json""") +#20513=@"loc,{#10000},2,37,2,48" +locations_default(#20513,#10000,2,37,2,48) +hasLocation(#20512,#20513) +#20514=* +exprs(#20514,0,#20512,0,"type") +hasLocation(#20514,#20089) +enclosing_stmt(#20514,#20506) +expr_containers(#20514,#20001) +literals("type","type",#20514) +#20515=* +exprs(#20515,4,#20512,1,"""json""") +hasLocation(#20515,#20093) +enclosing_stmt(#20515,#20506) +expr_containers(#20515,#20001) +literals("json","""json""",#20515) +#20516=* +regexpterm(#20516,14,#20515,0,"json") +#20517=@"loc,{#10000},2,44,2,47" +locations_default(#20517,#10000,2,44,2,47) +hasLocation(#20516,#20517) +regexp_const_value(#20516,"json") +#20518=* +exprs(#20518,85,#20506,0,"* as v1") +#20519=@"loc,{#10000},2,8,2,14" +locations_default(#20519,#10000,2,8,2,14) +hasLocation(#20518,#20519) +enclosing_stmt(#20518,#20506) +expr_containers(#20518,#20001) +#20520=* +exprs(#20520,78,#20518,1,"v1") +hasLocation(#20520,#20079) +enclosing_stmt(#20520,#20506) +expr_containers(#20520,#20001) +literals("v1","v1",#20520) +decl(#20520,#20484) +typedecl(#20520,#20487) +namespacedecl(#20520,#20490) +#20521=* +stmts(#20521,27,#20001,2,"import ... son"" };") +hasLocation(#20521,#20011) +stmt_containers(#20521,#20001) +#20522=* +exprs(#20522,4,#20521,-1,"""module""") +hasLocation(#20522,#20109) +enclosing_stmt(#20522,#20521) +expr_containers(#20522,#20001) +literals("module","""module""",#20522) +#20523=* +regexpterm(#20523,14,#20522,0,"module") +#20524=@"loc,{#10000},3,21,3,26" +locations_default(#20524,#10000,3,21,3,26) +hasLocation(#20523,#20524) +regexp_const_value(#20523,"module") +#20525=* +exprs(#20525,8,#20521,-10,"{ type: ""json"" }") +#20526=@"loc,{#10000},3,34,3,49" +locations_default(#20526,#10000,3,34,3,49) +hasLocation(#20525,#20526) +enclosing_stmt(#20525,#20521) +expr_containers(#20525,#20001) +#20527=* +properties(#20527,#20525,0,0,"type: ""json""") +#20528=@"loc,{#10000},3,36,3,47" +locations_default(#20528,#10000,3,36,3,47) +hasLocation(#20527,#20528) +#20529=* +exprs(#20529,0,#20527,0,"type") +hasLocation(#20529,#20115) +enclosing_stmt(#20529,#20521) +expr_containers(#20529,#20001) +literals("type","type",#20529) +#20530=* +exprs(#20530,4,#20527,1,"""json""") +hasLocation(#20530,#20119) +enclosing_stmt(#20530,#20521) +expr_containers(#20530,#20001) +literals("json","""json""",#20530) +#20531=* +regexpterm(#20531,14,#20530,0,"json") +#20532=@"loc,{#10000},3,43,3,46" +locations_default(#20532,#10000,3,43,3,46) +hasLocation(#20531,#20532) +regexp_const_value(#20531,"json") +#20533=* +exprs(#20533,83,#20521,0,"v2") +hasLocation(#20533,#20103) +enclosing_stmt(#20533,#20521) +expr_containers(#20533,#20001) +#20534=* +exprs(#20534,0,#20533,0,"v2") +hasLocation(#20534,#20103) +enclosing_stmt(#20534,#20521) +expr_containers(#20534,#20001) +literals("v2","v2",#20534) +#20535=* +exprs(#20535,78,#20533,1,"v2") +hasLocation(#20535,#20103) +enclosing_stmt(#20535,#20521) +expr_containers(#20535,#20001) +literals("v2","v2",#20535) +decl(#20535,#20485) +typedecl(#20535,#20488) +namespacedecl(#20535,#20491) +#20536=* +stmts(#20536,27,#20001,3,"import ... son"" };") +hasLocation(#20536,#20013) +stmt_containers(#20536,#20001) +#20537=* +exprs(#20537,4,#20536,-1,"""module""") +hasLocation(#20537,#20131) +enclosing_stmt(#20537,#20536) +expr_containers(#20537,#20001) +literals("module","""module""",#20537) +#20538=* +regexpterm(#20538,14,#20537,0,"module") +#20539=@"loc,{#10000},4,17,4,22" +locations_default(#20539,#10000,4,17,4,22) +hasLocation(#20538,#20539) +regexp_const_value(#20538,"module") +#20540=* +exprs(#20540,8,#20536,-10,"{ type: ""json"" }") +#20541=@"loc,{#10000},4,30,4,45" +locations_default(#20541,#10000,4,30,4,45) +hasLocation(#20540,#20541) +enclosing_stmt(#20540,#20536) +expr_containers(#20540,#20001) +#20542=* +properties(#20542,#20540,0,0,"type: ""json""") +#20543=@"loc,{#10000},4,32,4,43" +locations_default(#20543,#10000,4,32,4,43) +hasLocation(#20542,#20543) +#20544=* +exprs(#20544,0,#20542,0,"type") +hasLocation(#20544,#20137) +enclosing_stmt(#20544,#20536) +expr_containers(#20544,#20001) +literals("type","type",#20544) +#20545=* +exprs(#20545,4,#20542,1,"""json""") +hasLocation(#20545,#20141) +enclosing_stmt(#20545,#20536) +expr_containers(#20545,#20001) +literals("json","""json""",#20545) +#20546=* +regexpterm(#20546,14,#20545,0,"json") +#20547=@"loc,{#10000},4,39,4,42" +locations_default(#20547,#10000,4,39,4,42) +hasLocation(#20546,#20547) +regexp_const_value(#20546,"json") +#20548=* +exprs(#20548,84,#20536,0,"v3") +hasLocation(#20548,#20127) +enclosing_stmt(#20548,#20536) +expr_containers(#20548,#20001) +#20549=* +exprs(#20549,78,#20548,1,"v3") +hasLocation(#20549,#20127) +enclosing_stmt(#20549,#20536) +expr_containers(#20549,#20001) +literals("v3","v3",#20549) +decl(#20549,#20486) +typedecl(#20549,#20489) +namespacedecl(#20549,#20492) +#20550=* +stmts(#20550,30,#20001,4,"export ... son"" };") +hasLocation(#20550,#20017) +stmt_containers(#20550,#20001) +#20551=* +exprs(#20551,4,#20550,-2,"""module""") +hasLocation(#20551,#20157) +enclosing_stmt(#20551,#20550) +expr_containers(#20551,#20001) +literals("module","""module""",#20551) +#20552=* +regexpterm(#20552,14,#20551,0,"module") +#20553=@"loc,{#10000},6,21,6,26" +locations_default(#20553,#10000,6,21,6,26) +hasLocation(#20552,#20553) +regexp_const_value(#20552,"module") +#20554=* +exprs(#20554,8,#20550,-10,"{ type: ""json"" }") +#20555=@"loc,{#10000},6,34,6,49" +locations_default(#20555,#10000,6,34,6,49) +hasLocation(#20554,#20555) +enclosing_stmt(#20554,#20550) +expr_containers(#20554,#20001) +#20556=* +properties(#20556,#20554,0,0,"type: ""json""") +#20557=@"loc,{#10000},6,36,6,47" +locations_default(#20557,#10000,6,36,6,47) +hasLocation(#20556,#20557) +#20558=* +exprs(#20558,0,#20556,0,"type") +hasLocation(#20558,#20163) +enclosing_stmt(#20558,#20550) +expr_containers(#20558,#20001) +literals("type","type",#20558) +#20559=* +exprs(#20559,4,#20556,1,"""json""") +hasLocation(#20559,#20167) +enclosing_stmt(#20559,#20550) +expr_containers(#20559,#20001) +literals("json","""json""",#20559) +#20560=* +regexpterm(#20560,14,#20559,0,"json") +#20561=@"loc,{#10000},6,43,6,46" +locations_default(#20561,#10000,6,43,6,46) +hasLocation(#20560,#20561) +regexp_const_value(#20560,"json") +#20562=* +exprs(#20562,86,#20550,0,"v4") +hasLocation(#20562,#20151) +enclosing_stmt(#20562,#20550) +expr_containers(#20562,#20001) +#20563=* +exprs(#20563,0,#20562,0,"v4") +hasLocation(#20563,#20151) +enclosing_stmt(#20563,#20550) +expr_containers(#20563,#20001) +literals("v4","v4",#20563) +#20564=* +exprs(#20564,0,#20562,1,"v4") +hasLocation(#20564,#20151) +enclosing_stmt(#20564,#20550) +expr_containers(#20564,#20001) +literals("v4","v4",#20564) +#20565=* +stmts(#20565,28,#20001,5,"export ... son"" };") +hasLocation(#20565,#20019) +stmt_containers(#20565,#20001) +#20566=* +exprs(#20566,4,#20565,0,"""module""") +hasLocation(#20566,#20179) +enclosing_stmt(#20566,#20565) +expr_containers(#20566,#20001) +literals("module","""module""",#20566) +#20567=* +regexpterm(#20567,14,#20566,0,"module") +#20568=@"loc,{#10000},7,16,7,21" +locations_default(#20568,#10000,7,16,7,21) +hasLocation(#20567,#20568) +regexp_const_value(#20567,"module") +#20569=* +exprs(#20569,8,#20565,-10,"{ type: ""json"" }") +#20570=@"loc,{#10000},7,29,7,44" +locations_default(#20570,#10000,7,29,7,44) +hasLocation(#20569,#20570) +enclosing_stmt(#20569,#20565) +expr_containers(#20569,#20001) +#20571=* +properties(#20571,#20569,0,0,"type: ""json""") +#20572=@"loc,{#10000},7,31,7,42" +locations_default(#20572,#10000,7,31,7,42) +hasLocation(#20571,#20572) +#20573=* +exprs(#20573,0,#20571,0,"type") +hasLocation(#20573,#20185) +enclosing_stmt(#20573,#20565) +expr_containers(#20573,#20001) +literals("type","type",#20573) +#20574=* +exprs(#20574,4,#20571,1,"""json""") +hasLocation(#20574,#20189) +enclosing_stmt(#20574,#20565) +expr_containers(#20574,#20001) +literals("json","""json""",#20574) +#20575=* +regexpterm(#20575,14,#20574,0,"json") +#20576=@"loc,{#10000},7,38,7,41" +locations_default(#20576,#10000,7,38,7,41) +hasLocation(#20575,#20576) +regexp_const_value(#20575,"json") +#20577=* +stmts(#20577,30,#20001,6,"export ... son"" };") +hasLocation(#20577,#20021) +stmt_containers(#20577,#20001) +#20578=* +exprs(#20578,4,#20577,-2,"""module""") +hasLocation(#20578,#20205) +enclosing_stmt(#20578,#20577) +expr_containers(#20578,#20001) +literals("module","""module""",#20578) +#20579=* +regexpterm(#20579,14,#20578,0,"module") +#20580=@"loc,{#10000},8,22,8,27" +locations_default(#20580,#10000,8,22,8,27) +hasLocation(#20579,#20580) +regexp_const_value(#20579,"module") +#20581=* +exprs(#20581,8,#20577,-10,"{ type: ""json"" }") +#20582=@"loc,{#10000},8,35,8,50" +locations_default(#20582,#10000,8,35,8,50) +hasLocation(#20581,#20582) +enclosing_stmt(#20581,#20577) +expr_containers(#20581,#20001) +#20583=* +properties(#20583,#20581,0,0,"type: ""json""") +#20584=@"loc,{#10000},8,37,8,48" +locations_default(#20584,#10000,8,37,8,48) +hasLocation(#20583,#20584) +#20585=* +exprs(#20585,0,#20583,0,"type") +hasLocation(#20585,#20211) +enclosing_stmt(#20585,#20577) +expr_containers(#20585,#20001) +literals("type","type",#20585) +#20586=* +exprs(#20586,4,#20583,1,"""json""") +hasLocation(#20586,#20215) +enclosing_stmt(#20586,#20577) +expr_containers(#20586,#20001) +literals("json","""json""",#20586) +#20587=* +regexpterm(#20587,14,#20586,0,"json") +#20588=@"loc,{#10000},8,44,8,47" +locations_default(#20588,#10000,8,44,8,47) +hasLocation(#20587,#20588) +regexp_const_value(#20587,"json") +#20589=* +exprs(#20589,96,#20577,0,"* as v5") +#20590=@"loc,{#10000},8,8,8,14" +locations_default(#20590,#10000,8,8,8,14) +hasLocation(#20589,#20590) +enclosing_stmt(#20589,#20577) +expr_containers(#20589,#20001) +#20591=* +exprs(#20591,0,#20589,1,"v5") +hasLocation(#20591,#20201) +enclosing_stmt(#20591,#20577) +expr_containers(#20591,#20001) +literals("v5","v5",#20591) +#20592=* +stmts(#20592,22,#20001,7,"const v ... "" } });") +hasLocation(#20592,#20025) +stmt_containers(#20592,#20001) +#20593=* +exprs(#20593,64,#20592,0,"v6 = im ... n"" } })") +#20594=@"loc,{#10000},10,7,10,55" +locations_default(#20594,#10000,10,7,10,55) +hasLocation(#20593,#20594) +enclosing_stmt(#20593,#20592) +expr_containers(#20593,#20001) +#20595=* +exprs(#20595,78,#20593,0,"v6") +hasLocation(#20595,#20223) +enclosing_stmt(#20595,#20592) +expr_containers(#20595,#20001) +literals("v6","v6",#20595) +decl(#20595,#20493) +#20596=* +exprs(#20596,99,#20593,1,"import( ... n"" } })") +#20597=@"loc,{#10000},10,12,10,55" +locations_default(#20597,#10000,10,12,10,55) +hasLocation(#20596,#20597) +enclosing_stmt(#20596,#20592) +expr_containers(#20596,#20001) +#20598=* +exprs(#20598,4,#20596,0,"""module""") +hasLocation(#20598,#20231) +enclosing_stmt(#20598,#20592) +expr_containers(#20598,#20001) +literals("module","""module""",#20598) +#20599=* +regexpterm(#20599,14,#20598,0,"module") +#20600=@"loc,{#10000},10,20,10,25" +locations_default(#20600,#10000,10,20,10,25) +hasLocation(#20599,#20600) +regexp_const_value(#20599,"module") +#20601=* +exprs(#20601,8,#20596,1,"{ with: ... on"" } }") +#20602=@"loc,{#10000},10,29,10,54" +locations_default(#20602,#10000,10,29,10,54) +hasLocation(#20601,#20602) +enclosing_stmt(#20601,#20592) +expr_containers(#20601,#20001) +#20603=* +properties(#20603,#20601,0,0,"with: { ... json"" }") +#20604=@"loc,{#10000},10,31,10,52" +locations_default(#20604,#10000,10,31,10,52) +hasLocation(#20603,#20604) +#20605=* +exprs(#20605,0,#20603,0,"with") +hasLocation(#20605,#20237) +enclosing_stmt(#20605,#20592) +expr_containers(#20605,#20001) +literals("with","with",#20605) +#20606=* +exprs(#20606,8,#20603,1,"{ type: ""json"" }") +#20607=@"loc,{#10000},10,37,10,52" +locations_default(#20607,#10000,10,37,10,52) +hasLocation(#20606,#20607) +enclosing_stmt(#20606,#20592) +expr_containers(#20606,#20001) +#20608=* +properties(#20608,#20606,0,0,"type: ""json""") +#20609=@"loc,{#10000},10,39,10,50" +locations_default(#20609,#10000,10,39,10,50) +hasLocation(#20608,#20609) +#20610=* +exprs(#20610,0,#20608,0,"type") +hasLocation(#20610,#20243) +enclosing_stmt(#20610,#20592) +expr_containers(#20610,#20001) +literals("type","type",#20610) +#20611=* +exprs(#20611,4,#20608,1,"""json""") +hasLocation(#20611,#20247) +enclosing_stmt(#20611,#20592) +expr_containers(#20611,#20001) +literals("json","""json""",#20611) +#20612=* +regexpterm(#20612,14,#20611,0,"json") +#20613=@"loc,{#10000},10,46,10,49" +locations_default(#20613,#10000,10,46,10,49) +hasLocation(#20612,#20613) +regexp_const_value(#20612,"json") +#20614=* +stmts(#20614,27,#20001,8,"import ""module""") +#20615=@"loc,{#10000},12,1,12,15" +locations_default(#20615,#10000,12,1,12,15) +hasLocation(#20614,#20615) +stmt_containers(#20614,#20001) +#20616=* +exprs(#20616,4,#20614,-1,"""module""") +hasLocation(#20616,#20259) +enclosing_stmt(#20616,#20614) +expr_containers(#20616,#20001) +literals("module","""module""",#20616) +#20617=* +regexpterm(#20617,14,#20616,0,"module") +#20618=@"loc,{#10000},12,9,12,14" +locations_default(#20618,#10000,12,9,12,14) +hasLocation(#20617,#20618) +regexp_const_value(#20617,"module") +#20619=* +stmts(#20619,2,#20001,9,"assert( ... son""});") +#20620=@"loc,{#10000},13,1,13,23" +locations_default(#20620,#10000,13,1,13,23) +hasLocation(#20619,#20620) +stmt_containers(#20619,#20001) +#20621=* +exprs(#20621,13,#20619,0,"assert( ... json""})") +#20622=@"loc,{#10000},13,1,13,22" +locations_default(#20622,#10000,13,1,13,22) +hasLocation(#20621,#20622) +enclosing_stmt(#20621,#20619) +expr_containers(#20621,#20001) +#20623=* +exprs(#20623,79,#20621,-1,"assert") +hasLocation(#20623,#20261) +enclosing_stmt(#20623,#20619) +expr_containers(#20623,#20001) +literals("assert","assert",#20623) +#20624=@"var;{assert};{#20000}" +variables(#20624,"assert",#20000) +bind(#20623,#20624) +#20625=* +exprs(#20625,8,#20621,0,"{type: ""json""}") +#20626=@"loc,{#10000},13,8,13,21" +locations_default(#20626,#10000,13,8,13,21) +hasLocation(#20625,#20626) +enclosing_stmt(#20625,#20619) +expr_containers(#20625,#20001) +#20627=* +properties(#20627,#20625,0,0,"type: ""json""") +#20628=@"loc,{#10000},13,9,13,20" +locations_default(#20628,#10000,13,9,13,20) +hasLocation(#20627,#20628) +#20629=* +exprs(#20629,0,#20627,0,"type") +hasLocation(#20629,#20267) +enclosing_stmt(#20629,#20619) +expr_containers(#20629,#20001) +literals("type","type",#20629) +#20630=* +exprs(#20630,4,#20627,1,"""json""") +hasLocation(#20630,#20271) +enclosing_stmt(#20630,#20619) +expr_containers(#20630,#20001) +literals("json","""json""",#20630) +#20631=* +regexpterm(#20631,14,#20630,0,"json") +#20632=@"loc,{#10000},13,16,13,19" +locations_default(#20632,#10000,13,16,13,19) +hasLocation(#20631,#20632) +regexp_const_value(#20631,"json") +#20633=* +stmts(#20633,27,#20001,10,"import ... son"" };") +hasLocation(#20633,#20035) +stmt_containers(#20633,#20001) +#20634=* +exprs(#20634,4,#20633,-1,"""module""") +hasLocation(#20634,#20281) +enclosing_stmt(#20634,#20633) +expr_containers(#20634,#20001) +literals("module","""module""",#20634) +#20635=* +regexpterm(#20635,14,#20634,0,"module") +#20636=@"loc,{#10000},15,9,15,14" +locations_default(#20636,#10000,15,9,15,14) +hasLocation(#20635,#20636) +regexp_const_value(#20635,"module") +#20637=* +exprs(#20637,8,#20633,-10,"{ type: ""json"" }") +#20638=@"loc,{#10000},15,24,15,39" +locations_default(#20638,#10000,15,24,15,39) +hasLocation(#20637,#20638) +enclosing_stmt(#20637,#20633) +expr_containers(#20637,#20001) +#20639=* +properties(#20639,#20637,0,0,"type: ""json""") +#20640=@"loc,{#10000},15,26,15,37" +locations_default(#20640,#10000,15,26,15,37) +hasLocation(#20639,#20640) +#20641=* +exprs(#20641,0,#20639,0,"type") +hasLocation(#20641,#20287) +enclosing_stmt(#20641,#20633) +expr_containers(#20641,#20001) +literals("type","type",#20641) +#20642=* +exprs(#20642,4,#20639,1,"""json""") +hasLocation(#20642,#20291) +enclosing_stmt(#20642,#20633) +expr_containers(#20642,#20001) +literals("json","""json""",#20642) +#20643=* +regexpterm(#20643,14,#20642,0,"json") +#20644=@"loc,{#10000},15,33,15,36" +locations_default(#20644,#10000,15,33,15,36) +hasLocation(#20643,#20644) +regexp_const_value(#20643,"json") +#20645=* +stmts(#20645,27,#20001,11,"import ... son"" };") +hasLocation(#20645,#20037) +stmt_containers(#20645,#20001) +#20646=* +exprs(#20646,4,#20645,-1,"""module""") +hasLocation(#20646,#20307) +enclosing_stmt(#20646,#20645) +expr_containers(#20646,#20001) +literals("module","""module""",#20646) +#20647=* +regexpterm(#20647,14,#20646,0,"module") +#20648=@"loc,{#10000},16,22,16,27" +locations_default(#20648,#10000,16,22,16,27) +hasLocation(#20647,#20648) +regexp_const_value(#20647,"module") +#20649=* +exprs(#20649,8,#20645,-10,"{ type: ""json"" }") +#20650=@"loc,{#10000},16,37,16,52" +locations_default(#20650,#10000,16,37,16,52) +hasLocation(#20649,#20650) +enclosing_stmt(#20649,#20645) +expr_containers(#20649,#20001) +#20651=* +properties(#20651,#20649,0,0,"type: ""json""") +#20652=@"loc,{#10000},16,39,16,50" +locations_default(#20652,#10000,16,39,16,50) +hasLocation(#20651,#20652) +#20653=* +exprs(#20653,0,#20651,0,"type") +hasLocation(#20653,#20313) +enclosing_stmt(#20653,#20645) +expr_containers(#20653,#20001) +literals("type","type",#20653) +#20654=* +exprs(#20654,4,#20651,1,"""json""") +hasLocation(#20654,#20317) +enclosing_stmt(#20654,#20645) +expr_containers(#20654,#20001) +literals("json","""json""",#20654) +#20655=* +regexpterm(#20655,14,#20654,0,"json") +#20656=@"loc,{#10000},16,46,16,49" +locations_default(#20656,#10000,16,46,16,49) +hasLocation(#20655,#20656) +regexp_const_value(#20655,"json") +#20657=* +exprs(#20657,85,#20645,0,"* as v1") +#20658=@"loc,{#10000},16,8,16,14" +locations_default(#20658,#10000,16,8,16,14) +hasLocation(#20657,#20658) +enclosing_stmt(#20657,#20645) +expr_containers(#20657,#20001) +#20659=* +exprs(#20659,78,#20657,1,"v1") +hasLocation(#20659,#20303) +enclosing_stmt(#20659,#20645) +expr_containers(#20659,#20001) +literals("v1","v1",#20659) +decl(#20659,#20484) +typedecl(#20659,#20487) +namespacedecl(#20659,#20490) +#20660=* +stmts(#20660,27,#20001,12,"import ... son"" };") +hasLocation(#20660,#20039) +stmt_containers(#20660,#20001) +#20661=* +exprs(#20661,4,#20660,-1,"""module""") +hasLocation(#20661,#20333) +enclosing_stmt(#20661,#20660) +expr_containers(#20661,#20001) +literals("module","""module""",#20661) +#20662=* +regexpterm(#20662,14,#20661,0,"module") +#20663=@"loc,{#10000},17,21,17,26" +locations_default(#20663,#10000,17,21,17,26) +hasLocation(#20662,#20663) +regexp_const_value(#20662,"module") +#20664=* +exprs(#20664,8,#20660,-10,"{ type: ""json"" }") +#20665=@"loc,{#10000},17,36,17,51" +locations_default(#20665,#10000,17,36,17,51) +hasLocation(#20664,#20665) +enclosing_stmt(#20664,#20660) +expr_containers(#20664,#20001) +#20666=* +properties(#20666,#20664,0,0,"type: ""json""") +#20667=@"loc,{#10000},17,38,17,49" +locations_default(#20667,#10000,17,38,17,49) +hasLocation(#20666,#20667) +#20668=* +exprs(#20668,0,#20666,0,"type") +hasLocation(#20668,#20339) +enclosing_stmt(#20668,#20660) +expr_containers(#20668,#20001) +literals("type","type",#20668) +#20669=* +exprs(#20669,4,#20666,1,"""json""") +hasLocation(#20669,#20343) +enclosing_stmt(#20669,#20660) +expr_containers(#20669,#20001) +literals("json","""json""",#20669) +#20670=* +regexpterm(#20670,14,#20669,0,"json") +#20671=@"loc,{#10000},17,45,17,48" +locations_default(#20671,#10000,17,45,17,48) +hasLocation(#20670,#20671) +regexp_const_value(#20670,"json") +#20672=* +exprs(#20672,83,#20660,0,"v2") +hasLocation(#20672,#20327) +enclosing_stmt(#20672,#20660) +expr_containers(#20672,#20001) +#20673=* +exprs(#20673,0,#20672,0,"v2") +hasLocation(#20673,#20327) +enclosing_stmt(#20673,#20660) +expr_containers(#20673,#20001) +literals("v2","v2",#20673) +#20674=* +exprs(#20674,78,#20672,1,"v2") +hasLocation(#20674,#20327) +enclosing_stmt(#20674,#20660) +expr_containers(#20674,#20001) +literals("v2","v2",#20674) +decl(#20674,#20485) +typedecl(#20674,#20488) +namespacedecl(#20674,#20491) +#20675=* +stmts(#20675,27,#20001,13,"import ... son"" };") +hasLocation(#20675,#20041) +stmt_containers(#20675,#20001) +#20676=* +exprs(#20676,4,#20675,-1,"""module""") +hasLocation(#20676,#20355) +enclosing_stmt(#20676,#20675) +expr_containers(#20676,#20001) +literals("module","""module""",#20676) +#20677=* +regexpterm(#20677,14,#20676,0,"module") +#20678=@"loc,{#10000},18,17,18,22" +locations_default(#20678,#10000,18,17,18,22) +hasLocation(#20677,#20678) +regexp_const_value(#20677,"module") +#20679=* +exprs(#20679,8,#20675,-10,"{ type: ""json"" }") +#20680=@"loc,{#10000},18,32,18,47" +locations_default(#20680,#10000,18,32,18,47) +hasLocation(#20679,#20680) +enclosing_stmt(#20679,#20675) +expr_containers(#20679,#20001) +#20681=* +properties(#20681,#20679,0,0,"type: ""json""") +#20682=@"loc,{#10000},18,34,18,45" +locations_default(#20682,#10000,18,34,18,45) +hasLocation(#20681,#20682) +#20683=* +exprs(#20683,0,#20681,0,"type") +hasLocation(#20683,#20361) +enclosing_stmt(#20683,#20675) +expr_containers(#20683,#20001) +literals("type","type",#20683) +#20684=* +exprs(#20684,4,#20681,1,"""json""") +hasLocation(#20684,#20365) +enclosing_stmt(#20684,#20675) +expr_containers(#20684,#20001) +literals("json","""json""",#20684) +#20685=* +regexpterm(#20685,14,#20684,0,"json") +#20686=@"loc,{#10000},18,41,18,44" +locations_default(#20686,#10000,18,41,18,44) +hasLocation(#20685,#20686) +regexp_const_value(#20685,"json") +#20687=* +exprs(#20687,84,#20675,0,"v3") +hasLocation(#20687,#20351) +enclosing_stmt(#20687,#20675) +expr_containers(#20687,#20001) +#20688=* +exprs(#20688,78,#20687,1,"v3") +hasLocation(#20688,#20351) +enclosing_stmt(#20688,#20675) +expr_containers(#20688,#20001) +literals("v3","v3",#20688) +decl(#20688,#20486) +typedecl(#20688,#20489) +namespacedecl(#20688,#20492) +#20689=* +stmts(#20689,30,#20001,14,"export ... son"" };") +hasLocation(#20689,#20045) +stmt_containers(#20689,#20001) +#20690=* +exprs(#20690,4,#20689,-2,"""module""") +hasLocation(#20690,#20381) +enclosing_stmt(#20690,#20689) +expr_containers(#20690,#20001) +literals("module","""module""",#20690) +#20691=* +regexpterm(#20691,14,#20690,0,"module") +#20692=@"loc,{#10000},20,21,20,26" +locations_default(#20692,#10000,20,21,20,26) +hasLocation(#20691,#20692) +regexp_const_value(#20691,"module") +#20693=* +exprs(#20693,8,#20689,-10,"{ type: ""json"" }") +#20694=@"loc,{#10000},20,36,20,51" +locations_default(#20694,#10000,20,36,20,51) +hasLocation(#20693,#20694) +enclosing_stmt(#20693,#20689) +expr_containers(#20693,#20001) +#20695=* +properties(#20695,#20693,0,0,"type: ""json""") +#20696=@"loc,{#10000},20,38,20,49" +locations_default(#20696,#10000,20,38,20,49) +hasLocation(#20695,#20696) +#20697=* +exprs(#20697,0,#20695,0,"type") +hasLocation(#20697,#20387) +enclosing_stmt(#20697,#20689) +expr_containers(#20697,#20001) +literals("type","type",#20697) +#20698=* +exprs(#20698,4,#20695,1,"""json""") +hasLocation(#20698,#20391) +enclosing_stmt(#20698,#20689) +expr_containers(#20698,#20001) +literals("json","""json""",#20698) +#20699=* +regexpterm(#20699,14,#20698,0,"json") +#20700=@"loc,{#10000},20,45,20,48" +locations_default(#20700,#10000,20,45,20,48) +hasLocation(#20699,#20700) +regexp_const_value(#20699,"json") +#20701=* +exprs(#20701,86,#20689,0,"v4") +hasLocation(#20701,#20375) +enclosing_stmt(#20701,#20689) +expr_containers(#20701,#20001) +#20702=* +exprs(#20702,0,#20701,0,"v4") +hasLocation(#20702,#20375) +enclosing_stmt(#20702,#20689) +expr_containers(#20702,#20001) +literals("v4","v4",#20702) +#20703=* +exprs(#20703,0,#20701,1,"v4") +hasLocation(#20703,#20375) +enclosing_stmt(#20703,#20689) +expr_containers(#20703,#20001) +literals("v4","v4",#20703) +#20704=* +stmts(#20704,28,#20001,15,"export ... son"" };") +hasLocation(#20704,#20047) +stmt_containers(#20704,#20001) +#20705=* +exprs(#20705,4,#20704,0,"""module""") +hasLocation(#20705,#20403) +enclosing_stmt(#20705,#20704) +expr_containers(#20705,#20001) +literals("module","""module""",#20705) +#20706=* +regexpterm(#20706,14,#20705,0,"module") +#20707=@"loc,{#10000},21,16,21,21" +locations_default(#20707,#10000,21,16,21,21) +hasLocation(#20706,#20707) +regexp_const_value(#20706,"module") +#20708=* +exprs(#20708,8,#20704,-10,"{ type: ""json"" }") +#20709=@"loc,{#10000},21,31,21,46" +locations_default(#20709,#10000,21,31,21,46) +hasLocation(#20708,#20709) +enclosing_stmt(#20708,#20704) +expr_containers(#20708,#20001) +#20710=* +properties(#20710,#20708,0,0,"type: ""json""") +#20711=@"loc,{#10000},21,33,21,44" +locations_default(#20711,#10000,21,33,21,44) +hasLocation(#20710,#20711) +#20712=* +exprs(#20712,0,#20710,0,"type") +hasLocation(#20712,#20409) +enclosing_stmt(#20712,#20704) +expr_containers(#20712,#20001) +literals("type","type",#20712) +#20713=* +exprs(#20713,4,#20710,1,"""json""") +hasLocation(#20713,#20413) +enclosing_stmt(#20713,#20704) +expr_containers(#20713,#20001) +literals("json","""json""",#20713) +#20714=* +regexpterm(#20714,14,#20713,0,"json") +#20715=@"loc,{#10000},21,40,21,43" +locations_default(#20715,#10000,21,40,21,43) +hasLocation(#20714,#20715) +regexp_const_value(#20714,"json") +#20716=* +stmts(#20716,30,#20001,16,"export ... son"" };") +hasLocation(#20716,#20049) +stmt_containers(#20716,#20001) +#20717=* +exprs(#20717,4,#20716,-2,"""module""") +hasLocation(#20717,#20429) +enclosing_stmt(#20717,#20716) +expr_containers(#20717,#20001) +literals("module","""module""",#20717) +#20718=* +regexpterm(#20718,14,#20717,0,"module") +#20719=@"loc,{#10000},22,22,22,27" +locations_default(#20719,#10000,22,22,22,27) +hasLocation(#20718,#20719) +regexp_const_value(#20718,"module") +#20720=* +exprs(#20720,8,#20716,-10,"{ type: ""json"" }") +#20721=@"loc,{#10000},22,37,22,52" +locations_default(#20721,#10000,22,37,22,52) +hasLocation(#20720,#20721) +enclosing_stmt(#20720,#20716) +expr_containers(#20720,#20001) +#20722=* +properties(#20722,#20720,0,0,"type: ""json""") +#20723=@"loc,{#10000},22,39,22,50" +locations_default(#20723,#10000,22,39,22,50) +hasLocation(#20722,#20723) +#20724=* +exprs(#20724,0,#20722,0,"type") +hasLocation(#20724,#20435) +enclosing_stmt(#20724,#20716) +expr_containers(#20724,#20001) +literals("type","type",#20724) +#20725=* +exprs(#20725,4,#20722,1,"""json""") +hasLocation(#20725,#20439) +enclosing_stmt(#20725,#20716) +expr_containers(#20725,#20001) +literals("json","""json""",#20725) +#20726=* +regexpterm(#20726,14,#20725,0,"json") +#20727=@"loc,{#10000},22,46,22,49" +locations_default(#20727,#10000,22,46,22,49) +hasLocation(#20726,#20727) +regexp_const_value(#20726,"json") +#20728=* +exprs(#20728,96,#20716,0,"* as v5") +#20729=@"loc,{#10000},22,8,22,14" +locations_default(#20729,#10000,22,8,22,14) +hasLocation(#20728,#20729) +enclosing_stmt(#20728,#20716) +expr_containers(#20728,#20001) +#20730=* +exprs(#20730,0,#20728,1,"v5") +hasLocation(#20730,#20425) +enclosing_stmt(#20730,#20716) +expr_containers(#20730,#20001) +literals("v5","v5",#20730) +#20731=* +stmts(#20731,22,#20001,17,"const v ... "" } });") +hasLocation(#20731,#20053) +stmt_containers(#20731,#20001) +#20732=* +exprs(#20732,64,#20731,0,"v6 = im ... n"" } })") +#20733=@"loc,{#10000},24,7,24,57" +locations_default(#20733,#10000,24,7,24,57) +hasLocation(#20732,#20733) +enclosing_stmt(#20732,#20731) +expr_containers(#20732,#20001) +#20734=* +exprs(#20734,78,#20732,0,"v6") +hasLocation(#20734,#20447) +enclosing_stmt(#20734,#20731) +expr_containers(#20734,#20001) +literals("v6","v6",#20734) +decl(#20734,#20493) +#20735=* +exprs(#20735,99,#20732,1,"import( ... n"" } })") +#20736=@"loc,{#10000},24,12,24,57" +locations_default(#20736,#10000,24,12,24,57) +hasLocation(#20735,#20736) +enclosing_stmt(#20735,#20731) +expr_containers(#20735,#20001) +#20737=* +exprs(#20737,4,#20735,0,"""module""") +hasLocation(#20737,#20455) +enclosing_stmt(#20737,#20731) +expr_containers(#20737,#20001) +literals("module","""module""",#20737) +#20738=* +regexpterm(#20738,14,#20737,0,"module") +#20739=@"loc,{#10000},24,20,24,25" +locations_default(#20739,#10000,24,20,24,25) +hasLocation(#20738,#20739) +regexp_const_value(#20738,"module") +#20740=* +exprs(#20740,8,#20735,1,"{ asser ... on"" } }") +#20741=@"loc,{#10000},24,29,24,56" +locations_default(#20741,#10000,24,29,24,56) +hasLocation(#20740,#20741) +enclosing_stmt(#20740,#20731) +expr_containers(#20740,#20001) +#20742=* +properties(#20742,#20740,0,0,"assert: ... json"" }") +#20743=@"loc,{#10000},24,31,24,54" +locations_default(#20743,#10000,24,31,24,54) +hasLocation(#20742,#20743) +#20744=* +exprs(#20744,0,#20742,0,"assert") +hasLocation(#20744,#20461) +enclosing_stmt(#20744,#20731) +expr_containers(#20744,#20001) +literals("assert","assert",#20744) +#20745=* +exprs(#20745,8,#20742,1,"{ type: ""json"" }") +#20746=@"loc,{#10000},24,39,24,54" +locations_default(#20746,#10000,24,39,24,54) +hasLocation(#20745,#20746) +enclosing_stmt(#20745,#20731) +expr_containers(#20745,#20001) +#20747=* +properties(#20747,#20745,0,0,"type: ""json""") +#20748=@"loc,{#10000},24,41,24,52" +locations_default(#20748,#10000,24,41,24,52) +hasLocation(#20747,#20748) +#20749=* +exprs(#20749,0,#20747,0,"type") +hasLocation(#20749,#20467) +enclosing_stmt(#20749,#20731) +expr_containers(#20749,#20001) +literals("type","type",#20749) +#20750=* +exprs(#20750,4,#20747,1,"""json""") +hasLocation(#20750,#20471) +enclosing_stmt(#20750,#20731) +expr_containers(#20750,#20001) +literals("json","""json""",#20750) +#20751=* +regexpterm(#20751,14,#20750,0,"json") +#20752=@"loc,{#10000},24,48,24,51" +locations_default(#20752,#10000,24,48,24,51) +hasLocation(#20751,#20752) +regexp_const_value(#20751,"json") +#20753=* +entry_cfg_node(#20753,#20001) +#20754=@"loc,{#10000},1,1,1,0" +locations_default(#20754,#10000,1,1,1,0) +hasLocation(#20753,#20754) +#20755=* +exit_cfg_node(#20755,#20001) +hasLocation(#20755,#20481) +successor(#20731,#20734) +successor(#20737,#20735) +successor(#20735,#20732) +successor(#20734,#20737) +successor(#20732,#20755) +successor(#20716,#20717) +successor(#20728,#20730) +successor(#20730,#20731) +successor(#20717,#20728) +successor(#20704,#20705) +successor(#20705,#20716) +successor(#20689,#20690) +successor(#20701,#20702) +successor(#20703,#20704) +successor(#20702,#20703) +successor(#20690,#20701) +successor(#20675,#20689) +successor(#20660,#20675) +successor(#20645,#20660) +successor(#20633,#20645) +successor(#20619,#20623) +successor(#20625,#20629) +successor(#20630,#20627) +successor(#20629,#20630) +successor(#20627,#20621) +successor(#20623,#20625) +successor(#20621,#20633) +successor(#20614,#20619) +successor(#20592,#20595) +successor(#20598,#20596) +successor(#20596,#20593) +successor(#20595,#20598) +successor(#20593,#20614) +successor(#20577,#20578) +successor(#20589,#20591) +successor(#20591,#20592) +successor(#20578,#20589) +successor(#20565,#20566) +successor(#20566,#20577) +successor(#20550,#20551) +successor(#20562,#20563) +successor(#20564,#20565) +successor(#20563,#20564) +successor(#20551,#20562) +successor(#20536,#20550) +successor(#20521,#20536) +successor(#20506,#20521) +successor(#20494,#20506) +successor(#20687,#20494) +successor(#20672,#20687) +successor(#20657,#20672) +successor(#20548,#20657) +successor(#20533,#20548) +successor(#20518,#20533) +successor(#20753,#20518) +#20756=* +js_parse_errors(#20756,#20001,"Error: Duplicate export 'v4'","export { v4 } from ""module"" assert { type: ""json"" }; +") +#20757=@"loc,{#10000},20,10,20,10" +locations_default(#20757,#10000,20,10,20,10) +hasLocation(#20756,#20757) +#20758=* +lines(#20758,#20001,"import ""module"" with { type: ""json"" };"," +") +hasLocation(#20758,#20007) +#20759=* +lines(#20759,#20001,"import * as v1 from ""module"" with { type: ""json"" };"," +") +hasLocation(#20759,#20009) +#20760=* +lines(#20760,#20001,"import { v2 } from ""module"" with { type: ""json"" };"," +") +hasLocation(#20760,#20011) +#20761=* +lines(#20761,#20001,"import v3 from ""module"" with { type: ""json"" };"," +") +hasLocation(#20761,#20013) +#20762=* +lines(#20762,#20001,""," +") +hasLocation(#20762,#20015) +#20763=* +lines(#20763,#20001,"export { v4 } from ""module"" with { type: ""json"" };"," +") +hasLocation(#20763,#20017) +#20764=* +lines(#20764,#20001,"export * from ""module"" with { type: ""json"" };"," +") +hasLocation(#20764,#20019) +#20765=* +lines(#20765,#20001,"export * as v5 from ""module"" with { type: ""json"" };"," +") +hasLocation(#20765,#20021) +#20766=* +lines(#20766,#20001,""," +") +hasLocation(#20766,#20023) +#20767=* +lines(#20767,#20001,"const v6 = import(""module"", { with: { type: ""json"" } });"," +") +hasLocation(#20767,#20025) +#20768=* +lines(#20768,#20001,""," +") +hasLocation(#20768,#20027) +#20769=* +lines(#20769,#20001,"import ""module"" // missing semicolon"," +") +hasLocation(#20769,#20029) +#20770=* +lines(#20770,#20001,"assert({type: ""json""}); // function call, not import assertion"," +") +hasLocation(#20770,#20031) +#20771=* +lines(#20771,#20001,""," +") +hasLocation(#20771,#20033) +#20772=* +lines(#20772,#20001,"import ""module"" assert { type: ""json"" };"," +") +hasLocation(#20772,#20035) +#20773=* +lines(#20773,#20001,"import * as v1 from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20773,#20037) +#20774=* +lines(#20774,#20001,"import { v2 } from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20774,#20039) +#20775=* +lines(#20775,#20001,"import v3 from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20775,#20041) +#20776=* +lines(#20776,#20001,""," +") +hasLocation(#20776,#20043) +#20777=* +lines(#20777,#20001,"export { v4 } from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20777,#20045) +#20778=* +lines(#20778,#20001,"export * from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20778,#20047) +#20779=* +lines(#20779,#20001,"export * as v5 from ""module"" assert { type: ""json"" };"," +") +hasLocation(#20779,#20049) +#20780=* +lines(#20780,#20001,""," +") +hasLocation(#20780,#20051) +#20781=* +lines(#20781,#20001,"const v6 = import(""module"", { assert: { type: ""json"" } });"," +") +hasLocation(#20781,#20053) +numlines(#20001,24,0,0) +numlines(#10000,24,18,2) +filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/vue/input/simple-jsp.jsp b/javascript/extractor/tests/vue/input/simple-jsp.jsp new file mode 100644 index 00000000000..00b10285787 --- /dev/null +++ b/javascript/extractor/tests/vue/input/simple-jsp.jsp @@ -0,0 +1,14 @@ +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + + + Hello World JSP + + +

    Hello World!

    + <% String name = "John"; %> +

    Welcome <%= name %>!

    + + + diff --git a/javascript/extractor/tests/vue/output/trap/simple-jsp.jsp.trap b/javascript/extractor/tests/vue/output/trap/simple-jsp.jsp.trap new file mode 100644 index 00000000000..066868e24b3 --- /dev/null +++ b/javascript/extractor/tests/vue/output/trap/simple-jsp.jsp.trap @@ -0,0 +1,232 @@ +#10000=@"/simple-jsp.jsp;sourcefile" +files(#10000,"/simple-jsp.jsp") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=@"global_scope" +scopes(#20000,0) +#20001=* +#20002=@"script;{#10000},10,13" +#20003=* +lines(#20003,#20002,""," +") +#20004=@"loc,{#10000},10,13,10,12" +locations_default(#20004,#10000,10,13,10,12) +hasLocation(#20003,#20004) +#20005=* +lines(#20005,#20002," console.log(123);"," +") +#20006=@"loc,{#10000},11,1,11,23" +locations_default(#20006,#10000,11,1,11,23) +hasLocation(#20005,#20006) +indentation(#10000,11," ",6) +#20007=* +lines(#20007,#20002," ","") +#20008=@"loc,{#10000},12,1,12,4" +locations_default(#20008,#10000,12,1,12,4) +hasLocation(#20007,#20008) +numlines(#20002,3,1,0) +#20009=* +tokeninfo(#20009,6,#20002,0,"console") +#20010=@"loc,{#10000},11,7,11,13" +locations_default(#20010,#10000,11,7,11,13) +hasLocation(#20009,#20010) +#20011=* +tokeninfo(#20011,8,#20002,1,".") +#20012=@"loc,{#10000},11,14,11,14" +locations_default(#20012,#10000,11,14,11,14) +hasLocation(#20011,#20012) +#20013=* +tokeninfo(#20013,6,#20002,2,"log") +#20014=@"loc,{#10000},11,15,11,17" +locations_default(#20014,#10000,11,15,11,17) +hasLocation(#20013,#20014) +#20015=* +tokeninfo(#20015,8,#20002,3,"(") +#20016=@"loc,{#10000},11,18,11,18" +locations_default(#20016,#10000,11,18,11,18) +hasLocation(#20015,#20016) +#20017=* +tokeninfo(#20017,3,#20002,4,"123") +#20018=@"loc,{#10000},11,19,11,21" +locations_default(#20018,#10000,11,19,11,21) +hasLocation(#20017,#20018) +#20019=* +tokeninfo(#20019,8,#20002,5,")") +#20020=@"loc,{#10000},11,22,11,22" +locations_default(#20020,#10000,11,22,11,22) +hasLocation(#20019,#20020) +#20021=* +tokeninfo(#20021,8,#20002,6,";") +#20022=@"loc,{#10000},11,23,11,23" +locations_default(#20022,#10000,11,23,11,23) +hasLocation(#20021,#20022) +#20023=* +tokeninfo(#20023,0,#20002,7,"") +#20024=@"loc,{#10000},12,5,12,4" +locations_default(#20024,#10000,12,5,12,4) +hasLocation(#20023,#20024) +toplevels(#20002,1) +#20025=@"loc,{#10000},10,13,12,4" +locations_default(#20025,#10000,10,13,12,4) +hasLocation(#20002,#20025) +#20026=* +stmts(#20026,2,#20002,0,"console.log(123);") +#20027=@"loc,{#10000},11,7,11,23" +locations_default(#20027,#10000,11,7,11,23) +hasLocation(#20026,#20027) +stmt_containers(#20026,#20002) +#20028=* +exprs(#20028,13,#20026,0,"console.log(123)") +#20029=@"loc,{#10000},11,7,11,22" +locations_default(#20029,#10000,11,7,11,22) +hasLocation(#20028,#20029) +enclosing_stmt(#20028,#20026) +expr_containers(#20028,#20002) +#20030=* +exprs(#20030,14,#20028,-1,"console.log") +#20031=@"loc,{#10000},11,7,11,17" +locations_default(#20031,#10000,11,7,11,17) +hasLocation(#20030,#20031) +enclosing_stmt(#20030,#20026) +expr_containers(#20030,#20002) +#20032=* +exprs(#20032,79,#20030,0,"console") +hasLocation(#20032,#20010) +enclosing_stmt(#20032,#20026) +expr_containers(#20032,#20002) +literals("console","console",#20032) +#20033=@"var;{console};{#20000}" +variables(#20033,"console",#20000) +bind(#20032,#20033) +#20034=* +exprs(#20034,0,#20030,1,"log") +hasLocation(#20034,#20014) +enclosing_stmt(#20034,#20026) +expr_containers(#20034,#20002) +literals("log","log",#20034) +#20035=* +exprs(#20035,3,#20028,0,"123") +hasLocation(#20035,#20018) +enclosing_stmt(#20035,#20026) +expr_containers(#20035,#20002) +literals("123","123",#20035) +#20036=* +entry_cfg_node(#20036,#20002) +hasLocation(#20036,#20004) +#20037=* +exit_cfg_node(#20037,#20002) +hasLocation(#20037,#20024) +successor(#20026,#20032) +successor(#20035,#20028) +successor(#20034,#20030) +successor(#20032,#20034) +successor(#20030,#20035) +successor(#20028,#20037) +successor(#20036,#20026) +toplevel_parent_xml_node(#20002,#20001) +#20038=* +template_placeholder_tag_info(#20038,#10000,"<%@ page contentType=""text/html;charset=UTF-8"" language=""java"" %>") +#20039=@"loc,{#10000},1,1,1,65" +locations_default(#20039,#10000,1,1,1,65) +hasLocation(#20038,#20039) +#20040=* +xmlElements(#20040,"html",#10000,0,#10000) +#20041=@"loc,{#10000},2,1,14,7" +locations_default(#20041,#10000,2,1,14,7) +xmllocations(#20040,#20041) +#20042=* +xmlElements(#20042,"body",#20040,1,#10000) +#20043=@"loc,{#10000},6,3,13,9" +locations_default(#20043,#10000,6,3,13,9) +xmllocations(#20042,#20043) +#20044=* +template_placeholder_tag_info(#20044,#20042,"<% String name = ""John""; %>") +#20045=@"loc,{#10000},8,5,8,31" +locations_default(#20045,#10000,8,5,8,31) +hasLocation(#20044,#20045) +xmlElements(#20001,"script",#20042,2,#10000) +#20046=@"loc,{#10000},10,5,12,13" +locations_default(#20046,#10000,10,5,12,13) +xmllocations(#20001,#20046) +#20047=* +xmlElements(#20047,"p",#20042,1,#10000) +#20048=@"loc,{#10000},9,5,9,31" +locations_default(#20048,#10000,9,5,9,31) +xmllocations(#20047,#20048) +#20049=* +template_placeholder_tag_info(#20049,#20047,"<%= name %>") +#20050=@"loc,{#10000},9,16,9,26" +locations_default(#20050,#10000,9,16,9,26) +hasLocation(#20049,#20050) +scopes(#20000,0) +#20051=@"script;{#10000},9,19" +#20052=* +lines(#20052,#20051," name ","") +#20053=@"loc,{#10000},9,19,9,24" +locations_default(#20053,#10000,9,19,9,24) +hasLocation(#20052,#20053) +indentation(#10000,9," ",1) +numlines(#20051,1,1,0) +#20054=* +tokeninfo(#20054,6,#20051,0,"name") +#20055=@"loc,{#10000},9,20,9,23" +locations_default(#20055,#10000,9,20,9,23) +hasLocation(#20054,#20055) +#20056=* +tokeninfo(#20056,0,#20051,1,"") +#20057=@"loc,{#10000},9,25,9,24" +locations_default(#20057,#10000,9,25,9,24) +hasLocation(#20056,#20057) +toplevels(#20051,4) +hasLocation(#20051,#20053) +#20058=@"module;{#10000},9,19" +scopes(#20058,3) +scopenodes(#20051,#20058) +scopenesting(#20058,#20000) +is_module(#20051) +#20059=* +stmts(#20059,2,#20051,0,"name") +hasLocation(#20059,#20055) +stmt_containers(#20059,#20051) +#20060=* +exprs(#20060,79,#20059,0,"name") +hasLocation(#20060,#20055) +enclosing_stmt(#20060,#20059) +expr_containers(#20060,#20051) +literals("name","name",#20060) +#20061=@"var;{name};{#20058}" +variables(#20061,"name",#20058) +bind(#20060,#20061) +#20062=* +entry_cfg_node(#20062,#20051) +#20063=@"loc,{#10000},9,19,9,18" +locations_default(#20063,#10000,9,19,9,18) +hasLocation(#20062,#20063) +#20064=* +exit_cfg_node(#20064,#20051) +hasLocation(#20064,#20057) +successor(#20059,#20060) +successor(#20060,#20064) +successor(#20062,#20059) +toplevel_parent_xml_node(#20051,#20049) +#20065=* +xmlElements(#20065,"h1",#20042,0,#10000) +#20066=@"loc,{#10000},7,5,7,25" +locations_default(#20066,#10000,7,5,7,25) +xmllocations(#20065,#20066) +#20067=* +xmlElements(#20067,"head",#20040,0,#10000) +#20068=@"loc,{#10000},3,3,5,9" +locations_default(#20068,#10000,3,3,5,9) +xmllocations(#20067,#20068) +#20069=* +xmlElements(#20069,"title",#20067,0,#10000) +#20070=@"loc,{#10000},4,5,4,34" +locations_default(#20070,#10000,4,5,4,34) +xmllocations(#20069,#20070) +numlines(#10000,14,2,0) +filetype(#10000,"html") diff --git a/javascript/ql/lib/BUILD.bazel b/javascript/ql/lib/BUILD.bazel new file mode 100644 index 00000000000..940eb1b0d8b --- /dev/null +++ b/javascript/ql/lib/BUILD.bazel @@ -0,0 +1,15 @@ +load("@rules_pkg//:mappings.bzl", "pkg_files") + +package(default_visibility = ["//javascript:__pkg__"]) + +pkg_files( + name = "dbscheme", + srcs = ["semmlecode.javascript.dbscheme"], + prefix = "javascript", +) + +pkg_files( + name = "dbscheme-stats", + srcs = ["semmlecode.javascript.dbscheme.stats"], + prefix = "javascript", +) diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index ad0301e9c7b..53155773c3d 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,35 @@ +## 0.8.1 + +### Minor Analysis Improvements + +* The contents of `.jsp` files are now extracted, and any `