mirror of
https://github.com/github/codeql.git
synced 2026-04-20 06:24:03 +02:00
Merge branch 'main' into oldpaths1
This commit is contained in:
Geoffrey White
2436
cpp/downgrades/c16b29b27f71247023321cc0d0360998b318837c/old.dbscheme
Normal file
2436
cpp/downgrades/c16b29b27f71247023321cc0d0360998b318837c/old.dbscheme
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,4 @@
|
||||
description: Link PCH creations and uses
|
||||
compatibility: full
|
||||
pch_uses.rel: delete
|
||||
pch_creations.rel: delete
|
||||
5
cpp/ql/lib/change-notes/2025-08-27-pch.md
Normal file
5
cpp/ql/lib/change-notes/2025-08-27-pch.md
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
|
||||
import Customizations
|
||||
import semmle.code.cpp.File
|
||||
import semmle.code.cpp.PchFile
|
||||
import semmle.code.cpp.Linkage
|
||||
import semmle.code.cpp.Location
|
||||
import semmle.code.cpp.Compilation
|
||||
|
||||
26
cpp/ql/lib/semmle/code/cpp/PchFile.qll
Normal file
26
cpp/ql/lib/semmle/code/cpp/PchFile.qll
Normal file
@@ -0,0 +1,26 @@
|
||||
/**
|
||||
* Provides the `PchFile` class representing precompiled header (PCH) files created and
|
||||
* used during the build process.
|
||||
*/
|
||||
|
||||
import semmle.code.cpp.File
|
||||
|
||||
/**
|
||||
* A precompiled header (PCH) file created during the build process.
|
||||
*/
|
||||
class PchFile extends @pch {
|
||||
/**
|
||||
* Gets a textual representation of this element.
|
||||
*/
|
||||
string toString() { result = "PCH for " + this.getHeaderFile() }
|
||||
|
||||
/**
|
||||
* Gets the header file from which the PCH file was created.
|
||||
*/
|
||||
File getHeaderFile() { pch_creations(this, _, result) }
|
||||
|
||||
/**
|
||||
* Gets a source file that includes the PCH.
|
||||
*/
|
||||
File getAUse() { pch_uses(this, _, result) }
|
||||
}
|
||||
@@ -3884,7 +3884,7 @@ class TranslatedNewExpr extends TranslatedNewOrNewArrayExpr {
|
||||
final override Type getTargetType() { result = expr.getAllocatedType().getUnspecifiedType() }
|
||||
|
||||
final override TranslatedInitialization getInitialization() {
|
||||
result = getTranslatedInitialization(expr.getInitializer())
|
||||
result = getTranslatedInitialization(expr.getInitializer().getFullyConverted())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -222,6 +222,19 @@ extractor_version(
|
||||
string frontend_version: string ref
|
||||
)
|
||||
|
||||
pch_uses(
|
||||
int pch: @pch ref,
|
||||
int compilation: @compilation ref,
|
||||
int id: @file ref
|
||||
)
|
||||
|
||||
#keyset[pch, compilation]
|
||||
pch_creations(
|
||||
int pch: @pch,
|
||||
int compilation: @compilation ref,
|
||||
int from: @file ref
|
||||
)
|
||||
|
||||
/** An element for which line-count information is available. */
|
||||
@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable;
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,2 @@
|
||||
description: Link PCH creations and uses
|
||||
compatibility: backwards
|
||||
@@ -24550,6 +24550,37 @@ ir.cpp:
|
||||
# 2771| Type = [LValueReferenceType] ThreeWay &
|
||||
# 2771| ValueCategory = prvalue
|
||||
# 2772| getStmt(2): [ReturnStmt] return ...
|
||||
# 2774| [TopLevelFunction] void test_allocation_with_initializer()
|
||||
# 2774| <params>:
|
||||
# 2774| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 2775| getStmt(0): [DeclStmt] declaration
|
||||
# 2775| getDeclarationEntry(0): [VariableDeclarationEntry] definition of p1
|
||||
# 2775| Type = [IntPointerType] int *
|
||||
# 2775| getVariable().getInitializer(): [Initializer] initializer for p1
|
||||
# 2775| getExpr(): [NewExpr] new
|
||||
# 2775| Type = [IntPointerType] int *
|
||||
# 2775| ValueCategory = prvalue
|
||||
# 2775| getInitializer(): [Literal] 42
|
||||
# 2775| Type = [IntType] int
|
||||
# 2775| Value = [Literal] 42
|
||||
# 2775| ValueCategory = prvalue
|
||||
# 2776| getStmt(1): [DeclStmt] declaration
|
||||
# 2776| getDeclarationEntry(0): [VariableDeclarationEntry] definition of p2
|
||||
# 2776| Type = [PointerType] long *
|
||||
# 2776| getVariable().getInitializer(): [Initializer] initializer for p2
|
||||
# 2776| getExpr(): [NewExpr] new
|
||||
# 2776| Type = [PointerType] long *
|
||||
# 2776| ValueCategory = prvalue
|
||||
# 2776| getInitializer(): [Literal] 42
|
||||
# 2776| Type = [IntType] int
|
||||
# 2776| Value = [Literal] 42
|
||||
# 2776| ValueCategory = prvalue
|
||||
# 2776| getInitializer().getFullyConverted(): [CStyleCast] (long)...
|
||||
# 2776| Conversion = [IntegralConversion] integral conversion
|
||||
# 2776| Type = [LongType] long
|
||||
# 2776| Value = [CStyleCast] 42
|
||||
# 2776| ValueCategory = prvalue
|
||||
# 2777| getStmt(2): [ReturnStmt] return ...
|
||||
ir23.cpp:
|
||||
# 1| [TopLevelFunction] bool consteval_1()
|
||||
# 1| <params>:
|
||||
|
||||
@@ -20395,6 +20395,41 @@ ir.cpp:
|
||||
# 2769| v2769_14(void) = AliasedUse : ~m2771_8
|
||||
# 2769| v2769_15(void) = ExitFunction :
|
||||
|
||||
# 2774| void test_allocation_with_initializer()
|
||||
# 2774| Block 0
|
||||
# 2774| v2774_1(void) = EnterFunction :
|
||||
# 2774| m2774_2(unknown) = AliasedDefinition :
|
||||
# 2774| m2774_3(unknown) = InitializeNonLocal :
|
||||
# 2774| m2774_4(unknown) = Chi : total:m2774_2, partial:m2774_3
|
||||
# 2775| r2775_1(glval<int *>) = VariableAddress[p1] :
|
||||
# 2775| r2775_2(glval<unknown>) = FunctionAddress[operator new] :
|
||||
# 2775| r2775_3(unsigned long) = Constant[4] :
|
||||
# 2775| r2775_4(void *) = Call[operator new] : func:r2775_2, 0:r2775_3
|
||||
# 2775| m2775_5(unknown) = ^CallSideEffect : ~m2774_4
|
||||
# 2775| m2775_6(unknown) = Chi : total:m2774_4, partial:m2775_5
|
||||
# 2775| m2775_7(unknown) = ^InitializeDynamicAllocation : &:r2775_4
|
||||
# 2775| r2775_8(int *) = Convert : r2775_4
|
||||
# 2775| r2775_9(int) = Constant[42] :
|
||||
# 2775| m2775_10(int) = Store[?] : &:r2775_8, r2775_9
|
||||
# 2775| m2775_11(unknown) = Chi : total:m2775_7, partial:m2775_10
|
||||
# 2775| m2775_12(int *) = Store[p1] : &:r2775_1, r2775_8
|
||||
# 2776| r2776_1(glval<long *>) = VariableAddress[p2] :
|
||||
# 2776| r2776_2(glval<unknown>) = FunctionAddress[operator new] :
|
||||
# 2776| r2776_3(unsigned long) = Constant[8] :
|
||||
# 2776| r2776_4(void *) = Call[operator new] : func:r2776_2, 0:r2776_3
|
||||
# 2776| m2776_5(unknown) = ^CallSideEffect : ~m2775_6
|
||||
# 2776| m2776_6(unknown) = Chi : total:m2775_6, partial:m2776_5
|
||||
# 2776| m2776_7(unknown) = ^InitializeDynamicAllocation : &:r2776_4
|
||||
# 2776| r2776_8(long *) = Convert : r2776_4
|
||||
# 2776| r2776_9(long) = Constant[42] :
|
||||
# 2776| m2776_10(long) = Store[?] : &:r2776_8, r2776_9
|
||||
# 2776| m2776_11(unknown) = Chi : total:m2776_7, partial:m2776_10
|
||||
# 2776| m2776_12(long *) = Store[p2] : &:r2776_1, r2776_8
|
||||
# 2777| v2777_1(void) = NoOp :
|
||||
# 2774| v2774_5(void) = ReturnVoid :
|
||||
# 2774| v2774_6(void) = AliasedUse : ~m2776_6
|
||||
# 2774| v2774_7(void) = ExitFunction :
|
||||
|
||||
ir23.cpp:
|
||||
# 1| bool consteval_1()
|
||||
# 1| Block 0
|
||||
|
||||
@@ -2771,4 +2771,9 @@ void test_three_way(int a, int b, ThreeWay c, ThreeWay d) {
|
||||
auto y = c <=> d;
|
||||
}
|
||||
|
||||
void test_allocation_with_initializer() {
|
||||
int* p1 = new int(42);
|
||||
long* p2 = new long(42);
|
||||
}
|
||||
|
||||
// semmle-extractor-options: -std=c++20 --clang
|
||||
|
||||
@@ -18547,6 +18547,36 @@ ir.cpp:
|
||||
# 2769| v2769_13(void) = AliasedUse : ~m?
|
||||
# 2769| v2769_14(void) = ExitFunction :
|
||||
|
||||
# 2774| void test_allocation_with_initializer()
|
||||
# 2774| Block 0
|
||||
# 2774| v2774_1(void) = EnterFunction :
|
||||
# 2774| mu2774_2(unknown) = AliasedDefinition :
|
||||
# 2774| mu2774_3(unknown) = InitializeNonLocal :
|
||||
# 2775| r2775_1(glval<int *>) = VariableAddress[p1] :
|
||||
# 2775| r2775_2(glval<unknown>) = FunctionAddress[operator new] :
|
||||
# 2775| r2775_3(unsigned long) = Constant[4] :
|
||||
# 2775| r2775_4(void *) = Call[operator new] : func:r2775_2, 0:r2775_3
|
||||
# 2775| mu2775_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 2775| mu2775_6(unknown) = ^InitializeDynamicAllocation : &:r2775_4
|
||||
# 2775| r2775_7(int *) = Convert : r2775_4
|
||||
# 2775| r2775_8(int) = Constant[42] :
|
||||
# 2775| mu2775_9(int) = Store[?] : &:r2775_7, r2775_8
|
||||
# 2775| mu2775_10(int *) = Store[p1] : &:r2775_1, r2775_7
|
||||
# 2776| r2776_1(glval<long *>) = VariableAddress[p2] :
|
||||
# 2776| r2776_2(glval<unknown>) = FunctionAddress[operator new] :
|
||||
# 2776| r2776_3(unsigned long) = Constant[8] :
|
||||
# 2776| r2776_4(void *) = Call[operator new] : func:r2776_2, 0:r2776_3
|
||||
# 2776| mu2776_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 2776| mu2776_6(unknown) = ^InitializeDynamicAllocation : &:r2776_4
|
||||
# 2776| r2776_7(long *) = Convert : r2776_4
|
||||
# 2776| r2776_8(long) = Constant[42] :
|
||||
# 2776| mu2776_9(long) = Store[?] : &:r2776_7, r2776_8
|
||||
# 2776| mu2776_10(long *) = Store[p2] : &:r2776_1, r2776_7
|
||||
# 2777| v2777_1(void) = NoOp :
|
||||
# 2774| v2774_4(void) = ReturnVoid :
|
||||
# 2774| v2774_5(void) = AliasedUse : ~m?
|
||||
# 2774| v2774_6(void) = ExitFunction :
|
||||
|
||||
ir23.cpp:
|
||||
# 1| bool consteval_1()
|
||||
# 1| Block 0
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
|
||||
@@ -77,7 +77,7 @@ extensions:
|
||||
- ["System.IO", "Path", False, "GetPathRoot", "(System.ReadOnlySpan<System.Char>)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "Path", False, "GetPathRoot", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "Path", False, "GetRelativePath", "(System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "BeginRead", "(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "BeginRead", "(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "BeginWrite", "(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", False, "CopyTo", "(System.IO.Stream)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "CopyTo", "(System.IO.Stream,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
@@ -85,17 +85,17 @@ extensions:
|
||||
- ["System.IO", "Stream", False, "CopyToAsync", "(System.IO.Stream,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "CopyToAsync", "(System.IO.Stream,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", False, "CopyToAsync", "(System.IO.Stream,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Read", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Read", "(System.Span<System.Byte>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Read", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Read", "(System.Span<System.Byte>)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
|
||||
- ["System.IO", "Stream", True, "ReadAsync", "(System.Memory<System.Byte>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span<System.Byte>,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadAsync", "(System.Memory<System.Byte>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span<System.Byte>,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
|
||||
- ["System.IO", "Stream", True, "ReadAtLeastAsync", "(System.Memory<System.Byte>,System.Int32,System.Boolean,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadExactly", "(System.Span<System.Byte>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadExactly", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadExactly", "(System.Span<System.Byte>)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "ReadExactly", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Write", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", True, "Write", "(System.ReadOnlySpan<System.Byte>)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "Stream", False, "WriteAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
@@ -128,16 +128,16 @@ extensions:
|
||||
- ["System.IO", "StringWriter", True, "WriteLineAsync", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "StringWriter", True, "WriteLineAsync", "(System.Text.StringBuilder,System.Threading.CancellationToken)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "Read", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
|
||||
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
|
||||
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadLine", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadLineAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.IO", "TextReader", True, "ReadToEnd", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
|
||||
@@ -39,15 +39,15 @@ extensions:
|
||||
- ["System", "Convert", False, "ChangeType", "(System.Object,System.Type,System.IFormatProvider)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ChangeType", "(System.Object,System.TypeCode)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ChangeType", "(System.Object,System.TypeCode,System.IFormatProvider)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromBase64CharArray", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue.Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromBase64String", "(System.String)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromHexString", "(System.ReadOnlySpan<System.Char>)", "", "Argument[0].Element", "ReturnValue.Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromHexString", "(System.String)", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromBase64CharArray", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromBase64String", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromHexString", "(System.ReadOnlySpan<System.Char>)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "FromHexString", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "GetTypeCode", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "IsDBNull", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "Argument[3].Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "Argument[3].Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64CharArray", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64String", "(System.Byte[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToBase64String", "(System.Byte[],System.Base64FormattingOptions)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
@@ -353,13 +353,13 @@ extensions:
|
||||
- ["System", "Convert", False, "ToUInt64", "(System.UInt16)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToUInt64", "(System.UInt32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "ToUInt64", "(System.UInt64)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64Chars", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64Chars", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32)", "", "Argument[0].Element", "Argument[1]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64Chars", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64Chars", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64String", "(System.String,System.Span<System.Byte>,System.Int32)", "", "Argument[0]", "Argument[1].Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64String", "(System.String,System.Span<System.Byte>,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64String", "(System.String,System.Span<System.Byte>,System.Int32)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryFromBase64String", "(System.String,System.Span<System.Byte>,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryToBase64Chars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "Argument[1].Element", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryToBase64Chars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "Argument[1]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryToBase64Chars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
|
||||
- ["System", "Convert", False, "TryToBase64Chars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System", "Int32", False, "Parse", "(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
|
||||
@@ -1683,9 +1683,9 @@ summary
|
||||
| Microsoft.AspNetCore.WebSockets;WebSocketMiddleware;WebSocketMiddleware;(Microsoft.AspNetCore.Http.RequestDelegate,Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.WebSocketOptions>,Microsoft.Extensions.Logging.ILoggerFactory);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| Microsoft.AspNetCore.WebSockets;WebSocketsDependencyInjectionExtensions;AddWebSockets;(Microsoft.Extensions.DependencyInjection.IServiceCollection,System.Action<Microsoft.AspNetCore.Builder.WebSocketOptions>);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -1696,10 +1696,10 @@ summary
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable<System.Int64>,System.Func<System.String>);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable<System.Int64>,System.Func<System.String>,System.Buffers.ArrayPool<System.Byte>);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -1709,9 +1709,9 @@ summary
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;FileBufferingWriteStream;(System.Int32,System.Nullable<System.Int64>,System.Func<System.String>);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -1719,10 +1719,10 @@ summary
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[1];ReturnValue;taint;df-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;Read;();Argument[this];ReturnValue;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;Read;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;Read;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadLine;();Argument[this];ReturnValue;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadLineAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;ReadToEndAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
@@ -5278,8 +5278,8 @@ summary
|
||||
| ServiceStack.Text;NetCoreMemory;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| ServiceStack.Text;NetCoreMemory;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment<System.Byte>);Argument[this];Argument[0].Element;taint;df-generated |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| ServiceStack.Text;RecyclableMemoryStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -10659,7 +10659,7 @@ summary
|
||||
| System.Data.SqlTypes;SqlDecimal;op_UnaryNegation;(System.Data.SqlTypes.SqlDecimal);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.Data.SqlTypes;SqlDouble;ReadXml;(System.Xml.XmlReader);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.Data.SqlTypes;SqlDouble;WriteXml;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated |
|
||||
| System.Data.SqlTypes;SqlFileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Data.SqlTypes;SqlFileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Data.SqlTypes;SqlFileStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Data.SqlTypes;SqlGuid;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated |
|
||||
| System.Data.SqlTypes;SqlGuid;ReadXml;(System.Xml.XmlReader);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -11970,16 +11970,16 @@ summary
|
||||
| System.Globalization;TextInfo;ToUpper;(System.String);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.Globalization;TextInfo;get_CultureName;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;BrotliStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;BrotliStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;BrotliStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;BrotliStream;BrotliStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);Argument[0];Argument[this].SyntheticField[System.IO.Compression.BrotliStream._stream];value;dfc-generated |
|
||||
| System.IO.Compression;BrotliStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;BrotliStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.Compression;BrotliStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;BrotliStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;BrotliStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;BrotliStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;BrotliStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;BrotliStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -11989,7 +11989,7 @@ summary
|
||||
| System.IO.Compression;BrotliStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;BrotliStream;get_BaseStream;();Argument[this].SyntheticField[System.IO.Compression.BrotliStream._stream];ReturnValue;value;dfc-generated |
|
||||
| System.IO.Compression;DeflateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;DeflateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;DeflateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;DeflateStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
@@ -12000,10 +12000,10 @@ summary
|
||||
| System.IO.Compression;DeflateStream;DeflateStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);Argument[0];Argument[this];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;DeflateStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.Compression;DeflateStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;DeflateStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;DeflateStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;DeflateStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;DeflateStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;DeflateStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12013,7 +12013,7 @@ summary
|
||||
| System.IO.Compression;DeflateStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;DeflateStream;get_BaseStream;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;GZipStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;GZipStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;GZipStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;GZipStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;GZipStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;GZipStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
@@ -12023,10 +12023,10 @@ summary
|
||||
| System.IO.Compression;GZipStream;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionLevel,System.Boolean);Argument[0];Argument[this].SyntheticField[System.IO.Compression.GZipStream._deflateStream].SyntheticField[System.IO.Compression.DeflateStream._stream];value;dfc-generated |
|
||||
| System.IO.Compression;GZipStream;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);Argument[0];Argument[this].SyntheticField[System.IO.Compression.GZipStream._deflateStream].SyntheticField[System.IO.Compression.DeflateStream._stream];value;dfc-generated |
|
||||
| System.IO.Compression;GZipStream;GZipStream;(System.IO.Stream,System.IO.Compression.ZLibCompressionOptions,System.Boolean);Argument[0];Argument[this].SyntheticField[System.IO.Compression.GZipStream._deflateStream].SyntheticField[System.IO.Compression.DeflateStream._stream];value;dfc-generated |
|
||||
| System.IO.Compression;GZipStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;GZipStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;GZipStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;GZipStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;GZipStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;GZipStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;GZipStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;GZipStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;GZipStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;GZipStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;GZipStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12036,17 +12036,17 @@ summary
|
||||
| System.IO.Compression;GZipStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;GZipStream;get_BaseStream;();Argument[this].SyntheticField[System.IO.Compression.GZipStream._deflateStream].SyntheticField[System.IO.Compression.DeflateStream._stream];ReturnValue;value;dfc-generated |
|
||||
| System.IO.Compression;ZLibStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;ZLibStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;ZLibStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Compression;ZLibStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.Compression;ZLibStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.Compression;ZLibStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;ZLibStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;ZLibStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;ZLibStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Compression;ZLibStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Compression;ZLibStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12090,16 +12090,16 @@ summary
|
||||
| System.IO.IsolatedStorage;IsolatedStorage;get_AssemblyIdentity;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.IsolatedStorage;IsolatedStorage;get_DomainIdentity;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;FlushAsync;(System.Threading.CancellationToken);Argument[this].SyntheticField[System.IO.FileStream._strategy].SyntheticField[System.IO.Strategies.DerivedFileStreamStrategy._fileStream];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.IsolatedStorage;IsolatedStorageFileStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12150,15 +12150,15 @@ summary
|
||||
| System.IO.Pipes;NamedPipeServerStream;NamedPipeServerStream;(System.IO.Pipes.PipeDirection,System.Boolean,System.Boolean,Microsoft.Win32.SafeHandles.SafePipeHandle);Argument[3];Argument[this];taint;df-generated |
|
||||
| System.IO.Pipes;NamedPipeServerStream;RunAsClient;(System.IO.Pipes.PipeStreamImpersonationWorker);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO.Pipes;PipeStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Pipes;PipeStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Pipes;PipeStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO.Pipes;PipeStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO.Pipes;PipeStream;InitializeHandle;(Microsoft.Win32.SafeHandles.SafePipeHandle,System.Boolean,System.Boolean);Argument[0];Argument[this].SyntheticField[System.IO.Pipes.PipeStream._handle];value;dfc-generated |
|
||||
| System.IO.Pipes;PipeStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Pipes;PipeStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Pipes;PipeStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Pipes;PipeStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO.Pipes;PipeStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO.Pipes;PipeStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12180,7 +12180,7 @@ summary
|
||||
| System.IO;BinaryWriter;Write;(System.ReadOnlySpan<System.Byte>);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.IO;BinaryWriter;get_BaseStream;();Argument[this].Field[System.IO.BinaryWriter.OutStream];ReturnValue;value;dfc-generated |
|
||||
| System.IO;BufferedStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;BufferedStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;BufferedStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;BufferedStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;BufferedStream;BufferedStream;(System.IO.Stream);Argument[0];Argument[this];taint;manual |
|
||||
@@ -12189,10 +12189,10 @@ summary
|
||||
| System.IO;BufferedStream;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;BufferedStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;BufferedStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;BufferedStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;BufferedStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;BufferedStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;BufferedStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;BufferedStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;BufferedStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;BufferedStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12302,7 +12302,7 @@ summary
|
||||
| System.IO;FileNotFoundException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated |
|
||||
| System.IO;FileNotFoundException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated |
|
||||
| System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;FileStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;FileStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;FileStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
@@ -12320,10 +12320,10 @@ summary
|
||||
| System.IO;FileStream;FileStream;(System.String,System.IO.FileStreamOptions);Argument[this];Argument[this].SyntheticField[System.IO.FileStream._strategy].SyntheticField[System.IO.Strategies.DerivedFileStreamStrategy._fileStream];value;dfc-generated |
|
||||
| System.IO;FileStream;FlushAsync;(System.Threading.CancellationToken);Argument[this].SyntheticField[System.IO.FileStream._strategy].SyntheticField[System.IO.Strategies.DerivedFileStreamStrategy._fileStream];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;FileStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;FileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;FileStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;FileStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;FileStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;FileStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;FileStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;FileStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;FileStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;FileStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;FileStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;FileStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12364,7 +12364,7 @@ summary
|
||||
| System.IO;FileSystemWatcher;remove_Error;(System.IO.ErrorEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;FileSystemWatcher;remove_Renamed;(System.IO.RenamedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;MemoryStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;MemoryStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;MemoryStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;MemoryStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
@@ -12376,10 +12376,10 @@ summary
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;MemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;MemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;MemoryStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;MemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment<System.Byte>);Argument[this];Argument[0].Element;taint;df-generated |
|
||||
| System.IO;MemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12463,7 +12463,7 @@ summary
|
||||
| System.IO;RenamedEventArgs;get_OldName;();Argument[this].SyntheticField[System.IO.RenamedEventArgs._oldName];ReturnValue;value;dfc-generated |
|
||||
| System.IO;RenamedEventHandler;BeginInvoke;(System.Object,System.IO.RenamedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;Stream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;Stream;CopyTo;(System.IO.Stream);Argument[this];Argument[0];taint;manual |
|
||||
@@ -12475,15 +12475,15 @@ summary
|
||||
| System.IO;Stream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;Stream;FlushAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;Stream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;Stream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAtLeast;(System.Span<System.Byte>,System.Int32,System.Boolean);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAtLeast;(System.Span<System.Byte>,System.Int32,System.Boolean);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAtLeastAsync;(System.Memory<System.Byte>,System.Int32,System.Boolean,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;Synchronized;(System.IO.Stream);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.IO;Stream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;Stream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -12494,14 +12494,14 @@ summary
|
||||
| System.IO;Stream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[1];ReturnValue;taint;df-generated |
|
||||
| System.IO;Stream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;StreamReader;Read;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StreamReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;Read;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StreamReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;Read;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StreamReader;ReadLine;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StreamReader;ReadLineAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StreamReader;ReadLineAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -12577,13 +12577,13 @@ summary
|
||||
| System.IO;StreamWriter;get_BaseStream;();Argument[this].SyntheticField[System.IO.StreamWriter._stream];ReturnValue;value;dfc-generated |
|
||||
| System.IO;StreamWriter;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;StringReader;Read;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StringReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;Read;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;StringReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;Read;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;StringReader;ReadLine;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StringReader;ReadLineAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;StringReader;ReadLineAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -12615,14 +12615,14 @@ summary
|
||||
| System.IO;StringWriter;WriteLineAsync;(System.Text.StringBuilder,System.Threading.CancellationToken);Argument[0];Argument[this];taint;manual |
|
||||
| System.IO;StringWriter;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;TextReader;Read;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadLine;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;ReadLineAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;ReadLineAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -12707,10 +12707,10 @@ summary
|
||||
| System.IO;UnmanagedMemoryStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;UnmanagedMemoryStream;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.IO;UnmanagedMemoryStream;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.IO;UnmanagedMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;UnmanagedMemoryStream;UnmanagedMemoryStream;(System.Byte*,System.Int64);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.IO;UnmanagedMemoryStream;UnmanagedMemoryStream;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.IO;UnmanagedMemoryStream;UnmanagedMemoryStream;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -15118,15 +15118,15 @@ summary
|
||||
| System.Net.Quic;QuicListener;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Net.Quic;QuicListenerOptions;set_ConnectionOptionsCallback;(System.Func<System.Net.Quic.QuicConnection,System.Net.Security.SslClientHelloInfo,System.Threading.CancellationToken,System.Threading.Tasks.ValueTask<System.Net.Quic.QuicServerConnectionOptions>>);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Quic;QuicStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Quic;QuicStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Quic;QuicStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Quic;QuicStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Quic;QuicStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Quic;QuicStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Net.Quic;QuicStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.Net.Quic;QuicStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Quic;QuicStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Quic;QuicStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Quic;QuicStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Quic;QuicStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Quic;QuicStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Quic;QuicStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Quic;QuicStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Quic;QuicStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Quic;QuicStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Quic;QuicStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -15159,14 +15159,14 @@ summary
|
||||
| System.Net.Security;NegotiateStream;BeginAuthenticateAsServer;(System.Net.NetworkCredential,System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy,System.Net.Security.ProtectionLevel,System.Security.Principal.TokenImpersonationLevel,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;NegotiateStream;BeginAuthenticateAsServer;(System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;NegotiateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Security;NegotiateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;NegotiateStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Security;NegotiateStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Net.Security;NegotiateStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.Net.Security;NegotiateStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;NegotiateStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;NegotiateStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;NegotiateStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Security;NegotiateStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -15212,14 +15212,14 @@ summary
|
||||
| System.Net.Security;SslStream;BeginAuthenticateAsServer;(System.Security.Cryptography.X509Certificates.X509Certificate,System.Boolean,System.Boolean,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;SslStream;BeginAuthenticateAsServer;(System.Security.Cryptography.X509Certificates.X509Certificate,System.Boolean,System.Security.Authentication.SslProtocols,System.Boolean,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;SslStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Security;SslStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;SslStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;SslStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Security;SslStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Security;SslStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Net.Security;SslStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.Net.Security;SslStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;SslStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;SslStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Security;SslStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;SslStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;SslStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Security;SslStream;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;SslStream;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Net.Security;SslStream;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
|
||||
@@ -15247,15 +15247,15 @@ summary
|
||||
| System.Net.Sockets;MulticastOption;MulticastOption;(System.Net.IPAddress,System.Net.IPAddress);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.Net.Sockets;MulticastOption;MulticastOption;(System.Net.IPAddress,System.Net.IPAddress);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Net.Sockets;NetworkStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Sockets;NetworkStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Net.Sockets;NetworkStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.Net.Sockets;NetworkStream;NetworkStream;(System.Net.Sockets.Socket,System.IO.FileAccess,System.Boolean);Argument[0];Argument[this].SyntheticField[System.Net.Sockets.NetworkStream._streamSocket];value;dfc-generated |
|
||||
| System.Net.Sockets;NetworkStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Net.Sockets;NetworkStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -17765,7 +17765,7 @@ summary
|
||||
| System.Security.Cryptography;CngUIPolicy;CngUIPolicy;(System.Security.Cryptography.CngUIProtectionLevels,System.String,System.String,System.String,System.String);Argument[3];Argument[this].Property[System.Security.Cryptography.CngUIPolicy.UseContext];value;dfc-generated |
|
||||
| System.Security.Cryptography;CngUIPolicy;CngUIPolicy;(System.Security.Cryptography.CngUIProtectionLevels,System.String,System.String,System.String,System.String);Argument[4];Argument[this].Property[System.Security.Cryptography.CngUIPolicy.CreationTitle];value;dfc-generated |
|
||||
| System.Security.Cryptography;CryptoStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Security.Cryptography;CryptoStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.Security.Cryptography;CryptoStream;CopyTo;(System.IO.Stream,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
@@ -17774,9 +17774,9 @@ summary
|
||||
| System.Security.Cryptography;CryptoStream;CryptoStream;(System.IO.Stream,System.Security.Cryptography.ICryptoTransform,System.Security.Cryptography.CryptoStreamMode,System.Boolean);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Security.Cryptography;CryptoStream;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Security.Cryptography;CryptoStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.Security.Cryptography;CryptoStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.Security.Cryptography;CryptoStream;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);Argument[0];Argument[this];taint;df-generated |
|
||||
@@ -21887,15 +21887,15 @@ summary
|
||||
| System;Convert;ChangeType;(System.Object,System.Type,System.IFormatProvider);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ChangeType;(System.Object,System.TypeCode);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ChangeType;(System.Object,System.TypeCode,System.IFormatProvider);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromBase64String;(System.String);Argument[0];ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromHexString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromHexString;(System.String);Argument[0];ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;FromBase64String;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;FromHexString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;FromHexString;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;GetTypeCode;(System.Object);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;IsDBNull;(System.Object);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3].Element;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[3].Element;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64String;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64String;(System.Byte[],System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
@@ -22201,13 +22201,13 @@ summary
|
||||
| System;Convert;ToUInt64;(System.UInt16);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToUInt64;(System.UInt32);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToUInt64;(System.UInt64);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[1];taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[2];taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Converter<TInput,TOutput>;BeginInvoke;(TInput,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -9285,7 +9285,7 @@
|
||||
| System.IO;RenamedEventArgs;get_OldName;();Argument[this].SyntheticField[System.IO.RenamedEventArgs._oldName];ReturnValue;value;dfc-generated |
|
||||
| System.IO;RenamedEventHandler;BeginInvoke;(System.Object,System.IO.RenamedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;Stream;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
|
||||
| System.IO;Stream;CopyTo;(System.IO.Stream);Argument[this];Argument[0];taint;manual |
|
||||
@@ -9296,15 +9296,15 @@
|
||||
| System.IO;Stream;CopyToAsync;(System.IO.Stream,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;FlushAsync;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;Stream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;Stream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;Read;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadAtLeast;(System.Span<System.Byte>,System.Int32,System.Boolean);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;Read;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAtLeast;(System.Span<System.Byte>,System.Int32,System.Boolean);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadAtLeastAsync;(System.Memory<System.Byte>,System.Int32,System.Boolean,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Span<System.Byte>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;ReadExactly;(System.Span<System.Byte>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;Stream;Synchronized;(System.IO.Stream);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.IO;Stream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;Stream;Write;(System.ReadOnlySpan<System.Byte>);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -9336,14 +9336,14 @@
|
||||
| System.IO;StringWriter;StringWriter;(System.Text.StringBuilder,System.IFormatProvider);Argument[0];Argument[this];taint;manual |
|
||||
| System.IO;StringWriter;ToString;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;Read;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;Read;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlock;(System.Span<System.Char>);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;TextReader;ReadLine;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;ReadLineAsync;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.IO;TextReader;ReadLineAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -16908,15 +16908,15 @@
|
||||
| System;Convert;ChangeType;(System.Object,System.Type,System.IFormatProvider);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ChangeType;(System.Object,System.TypeCode);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ChangeType;(System.Object,System.TypeCode,System.IFormatProvider);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromBase64String;(System.String);Argument[0];ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromHexString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromHexString;(System.String);Argument[0];ReturnValue.Element;taint;manual |
|
||||
| System;Convert;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;FromBase64String;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;FromHexString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;FromHexString;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;GetTypeCode;(System.Object);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;IsDBNull;(System.Object);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3].Element;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[3].Element;taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System;Convert;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64String;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;ToBase64String;(System.Byte[],System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
@@ -17222,13 +17222,13 @@
|
||||
| System;Convert;ToUInt64;(System.UInt16);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToUInt64;(System.UInt32);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;ToUInt64;(System.UInt64);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System;Convert;TryFromBase64Chars;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[1];taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];Argument[2];taint;manual |
|
||||
| System;Convert;TryFromBase64String;(System.String,System.Span<System.Byte>,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[1].Element;taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System;Convert;TryToBase64Chars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>,System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System;Converter<TInput,TOutput>;BeginInvoke;(TInput,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -1,30 +1,30 @@
|
||||
models
|
||||
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 2 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 3 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 3 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:2 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:3 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:3 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
|
||||
@@ -2,36 +2,36 @@ models
|
||||
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
|
||||
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 4 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 4 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 5 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:5 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:5 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:4 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:4 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:5 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:5 |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | semmle.label | call to method ExecuteQuery : String |
|
||||
| Test.cs:37:42:37:96 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:37:42:37:96 | ... + ... |
|
||||
|
||||
@@ -4,18 +4,18 @@ models
|
||||
| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
|
||||
| 4 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
|
||||
| 5 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 6 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 6 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 7 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:7 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:7 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:5 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:6 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:6 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:7 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:7 |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 |
|
||||
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
@@ -23,16 +23,16 @@ edges
|
||||
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:3 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | semmle.label | call to method ExecuteQuery : String |
|
||||
| Test.cs:37:42:37:96 | ... + ... | semmle.label | ... + ... |
|
||||
@@ -43,7 +43,7 @@ nodes
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | semmle.label | call to method GetCliArg : String |
|
||||
| Test.cs:65:42:65:96 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:37:42:37:96 | ... + ... |
|
||||
|
||||
@@ -5,18 +5,18 @@ models
|
||||
| 4 | Source: My.Qltest; TestSources; false; GetCustom; (System.String); ; ReturnValue; custom; manual |
|
||||
| 5 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
|
||||
| 6 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 7 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 7 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 8 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:8 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:8 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:6 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:7 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:7 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:8 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:8 |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 |
|
||||
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
@@ -26,16 +26,16 @@ edges
|
||||
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:3 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | semmle.label | call to method ExecuteQuery : String |
|
||||
| Test.cs:37:42:37:96 | ... + ... | semmle.label | ... + ... |
|
||||
@@ -49,7 +49,7 @@ nodes
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | semmle.label | call to method GetCliArg : String |
|
||||
| Test.cs:65:42:65:96 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:37:42:37:96 | ... + ... |
|
||||
|
||||
@@ -3,33 +3,33 @@ models
|
||||
| 2 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
|
||||
| 3 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
|
||||
| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:6 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:6 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:4 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:5 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:5 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:6 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:6 |
|
||||
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:3 |
|
||||
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:2 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
| Test.cs:43:20:43:25 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| Test.cs:43:29:43:50 | call to method ReadEnv : String | semmle.label | call to method ReadEnv : String |
|
||||
| Test.cs:46:42:46:96 | ... + ... | semmle.label | ... + ... |
|
||||
@@ -37,7 +37,7 @@ nodes
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | semmle.label | call to method GetCliArg : String |
|
||||
| Test.cs:65:42:65:96 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:46:42:46:96 | ... + ... |
|
||||
|
||||
@@ -3,33 +3,33 @@ models
|
||||
| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
|
||||
| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
|
||||
| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
|
||||
| 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
|
||||
| 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0]; taint; manual |
|
||||
| 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
edges
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:6 |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | provenance | |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:6 |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:4 |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:5 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | provenance | MaD:5 |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | provenance | |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:6 |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | provenance | |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:6 |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 |
|
||||
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:3 |
|
||||
nodes
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
|
||||
| Test.cs:12:45:12:49 | bytes : Byte[] | semmle.label | bytes : Byte[] |
|
||||
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | semmle.label | access to parameter bytes : Byte[] [element] : Object |
|
||||
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] | semmle.label | access to parameter bytes : Byte[] |
|
||||
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | semmle.label | call to method GetStream : NetworkStream |
|
||||
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | semmle.label | access to local variable stream : NetworkStream |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | semmle.label | [post] access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] | semmle.label | [post] access to local variable buffer : Byte[] |
|
||||
| Test.cs:28:42:28:111 | ... + ... | semmle.label | ... + ... |
|
||||
| Test.cs:28:85:28:105 | call to method BytesToString : String | semmle.label | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | semmle.label | access to local variable buffer : Byte[] [element] : Object |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | semmle.label | access to local variable buffer : Byte[] |
|
||||
| Test.cs:34:20:34:25 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | semmle.label | call to method ExecuteQuery : String |
|
||||
| Test.cs:37:42:37:96 | ... + ... | semmle.label | ... + ... |
|
||||
@@ -37,7 +37,7 @@ nodes
|
||||
| Test.cs:62:29:62:48 | call to method GetCliArg : String | semmle.label | call to method GetCliArg : String |
|
||||
| Test.cs:65:42:65:96 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] | Test.cs:12:45:12:49 | bytes : Byte[] | Test.cs:15:20:15:61 | call to method GetString : String | Test.cs:28:85:28:105 | call to method BytesToString : String |
|
||||
#select
|
||||
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:28:42:28:111 | ... + ... |
|
||||
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:37:42:37:96 | ... + ... |
|
||||
|
||||
@@ -1,6 +1,13 @@
|
||||
#select
|
||||
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value |
|
||||
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value |
|
||||
| Name.cs:13:53:13:59 | access to property TheName | NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList2.cs:31:57:31:60 | access to property Name : String | User-provided value |
|
||||
| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value |
|
||||
edges
|
||||
| NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
|
||||
| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
|
||||
| NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:1 |
|
||||
| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:1 |
|
||||
models
|
||||
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; op_Explicit; (System.String); ; Argument[0]; html-injection; manual |
|
||||
nodes
|
||||
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam |
|
||||
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam |
|
||||
@@ -8,8 +15,3 @@ nodes
|
||||
| NameList2.cs:31:57:31:60 | access to property Name : String | semmle.label | access to property Name : String |
|
||||
| NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String |
|
||||
subpaths
|
||||
#select
|
||||
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value |
|
||||
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value |
|
||||
| Name.cs:13:53:13:59 | access to property TheName | NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList2.cs:31:57:31:60 | access to property Name : String | User-provided value |
|
||||
| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-079/XSS.ql
|
||||
query: Security Features/CWE-079/XSS.ql
|
||||
postprocess: utils/test/PrettyPrintModels.ql
|
||||
|
||||
@@ -11,9 +11,9 @@ edges
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | provenance | MaD:4 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] | provenance | MaD:4 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
@@ -34,14 +34,14 @@ models
|
||||
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0].Element; Argument[this]; taint; manual |
|
||||
| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 4 | Summary: System; Convert; false; FromBase64String; (System.String); ; Argument[0]; ReturnValue.Element; taint; manual |
|
||||
| 4 | Summary: System; Convert; false; FromBase64String; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | semmle.label | access to parameter textBox : TextBox |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | semmle.label | call to method FromBase64String : Byte[] [element] : Object |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] | semmle.label | call to method FromBase64String : Byte[] |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
|
||||
@@ -73,6 +73,7 @@ ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalR
|
||||
ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
|
||||
@@ -80,6 +81,7 @@ ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldC
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Records/IgnoredSerializationMembersOfRecordClass.ql
|
||||
ql/java/ql/src/Violations of Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Testing/ExcessivePublicMethodMocking.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql
|
||||
|
||||
@@ -71,6 +71,7 @@ ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalR
|
||||
ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
|
||||
@@ -78,6 +79,7 @@ ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldC
|
||||
ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Records/IgnoredSerializationMembersOfRecordClass.ql
|
||||
ql/java/ql/src/Violations of Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Testing/ExcessivePublicMethodMocking.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql
|
||||
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.ql
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
## Overview
|
||||
|
||||
Accessing class members annotated with `@VisibleForTesting` from production code goes against the intention of the annotation and may indicate programmer error.
|
||||
|
||||
The `@VisibleForTesting` annotation serves to increase visibility of methods, fields or classes for the purposes of testing. Accessing these annotated elements in production code (not test code) abuses the intention of the annotation.
|
||||
|
||||
## Recommendation
|
||||
|
||||
Only access methods, fields or classes annotated with `@VisibleForTesting` from test code. If the visibility of the methods, fields or classes should generally be relaxed, use Java language access modifiers.
|
||||
|
||||
## Example
|
||||
|
||||
```java
|
||||
public class Annotated {
|
||||
@VisibleForTesting static int f() { return 42; }
|
||||
}
|
||||
|
||||
/* src/test/java/Test.java */
|
||||
int i = Annotated.f(); // COMPLIANT
|
||||
|
||||
/* src/main/Source.java */
|
||||
int i = Annotated.f(); // NON_COMPLIANT
|
||||
```
|
||||
|
||||
## Implementation notes
|
||||
|
||||
This rule alerts on any implementation of the annotation `VisibleForTesting`, regardless of where it is provided from.
|
||||
|
||||
The rule also uses the following logic to determine what an abuse of the annotation is:
|
||||
|
||||
1. If a public or protected member/type is annotated with `@VisibleForTesting`, it's assumed that package-private access is enough for production code. Therefore the rule alerts when a public or protected member/type annotated with `@VisibleForTesting` is used outside of its declaring package.
|
||||
2. If a package-private member/type is annotated with `@VisibleForTesting`, it's assumed that private access is enough for production code. Therefore the rule alerts when a package-private member/type annotated with `@VisibleForTesting` is used outside its declaring class.
|
||||
|
||||
## References
|
||||
- Javadoc: [AssertJ VisibleForTesting](https://javadoc.io/doc/org.assertj/assertj-core/latest/org.assertj.core/org/assertj/core/util/VisibleForTesting.html).
|
||||
- Javadoc: [JetBrains VisibleForTesting](https://javadoc.io/doc/org.jetbrains/annotations/22.0.0/org/jetbrains/annotations/VisibleForTesting.html).
|
||||
@@ -0,0 +1,112 @@
|
||||
/**
|
||||
* @id java/visible-for-testing-abuse
|
||||
* @name Use of VisibleForTesting in production code
|
||||
* @description Accessing methods, fields or classes annotated with `@VisibleForTesting` from
|
||||
* production code goes against the intention of the annotation and may indicate
|
||||
* programmer error.
|
||||
* @kind problem
|
||||
* @precision high
|
||||
* @problem.severity warning
|
||||
* @tags quality
|
||||
* maintainability
|
||||
* readability
|
||||
*/
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* Holds if a `Callable` is within the same type hierarchy as `RefType`
|
||||
* (including through lambdas, inner classes, and outer classes).
|
||||
*/
|
||||
predicate isWithinType(Callable c, RefType t) {
|
||||
// Either the callable is in the target type, or they share a common enclosing type
|
||||
c.getDeclaringType().getEnclosingType*() = t.getEnclosingType*()
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `e` is within the same package as `t`.
|
||||
*/
|
||||
predicate isWithinPackage(Expr e, RefType t) {
|
||||
e.getCompilationUnit().getPackage() = t.getPackage()
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if a callable or any of its enclosing callables is annotated with @VisibleForTesting.
|
||||
*/
|
||||
predicate isWithinVisibleForTestingContext(Callable c) {
|
||||
c.getAnAnnotation().getType().hasName("VisibleForTesting")
|
||||
or
|
||||
isWithinVisibleForTestingContext(c.getEnclosingCallable())
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `e` is within a test method context, including lambda expressions
|
||||
* within test methods and nested lambdas.
|
||||
*/
|
||||
private predicate isWithinTest(Expr e) {
|
||||
e.getEnclosingCallable() instanceof LikelyTestMethod
|
||||
or
|
||||
exists(Method lambda, LambdaExpr lambdaExpr |
|
||||
lambda = lambdaExpr.asMethod() and
|
||||
lambda.getEnclosingCallable*() instanceof LikelyTestMethod and
|
||||
e.getEnclosingCallable() = lambda
|
||||
)
|
||||
}
|
||||
|
||||
from Annotatable annotated, Expr e
|
||||
where
|
||||
annotated.getAnAnnotation().getType().hasName("VisibleForTesting") and
|
||||
(
|
||||
// field access
|
||||
e =
|
||||
any(FieldAccess v |
|
||||
v.getField() = annotated and
|
||||
// depending on the visibility of the field, using the annotation to abuse the visibility may/may not be occurring
|
||||
(
|
||||
// if its package protected report when its used outside its class because it should have been private (class only permitted)
|
||||
v.getField().isPackageProtected() and
|
||||
not isWithinType(v.getEnclosingCallable(), v.getField().getDeclaringType())
|
||||
or
|
||||
// if public or protected report when its used outside its package because package protected should have been enough (package only permitted)
|
||||
(v.getField().isPublic() or v.getField().isProtected()) and
|
||||
not isWithinPackage(v, v.getField().getDeclaringType())
|
||||
)
|
||||
)
|
||||
or
|
||||
// method access
|
||||
e =
|
||||
any(MethodCall c |
|
||||
c.getMethod() = annotated and
|
||||
// depending on the visibility of the method, using the annotation to abuse the visibility may/may not be occurring
|
||||
(
|
||||
// if its package protected report when its used outside its class because it should have been private (class only permitted)
|
||||
c.getMethod().isPackageProtected() and
|
||||
not isWithinType(c.getEnclosingCallable(), c.getMethod().getDeclaringType())
|
||||
or
|
||||
// if public or protected report when its used outside its package because package protected should have been enough (package only permitted)
|
||||
(c.getMethod().isPublic() or c.getMethod().isProtected()) and
|
||||
not isWithinPackage(c, c.getMethod().getDeclaringType())
|
||||
)
|
||||
)
|
||||
or
|
||||
// Class instantiation - report if used outside appropriate scope
|
||||
e =
|
||||
any(ClassInstanceExpr c |
|
||||
c.getConstructedType() = annotated and
|
||||
(
|
||||
c.getConstructedType().isPublic() and not isWithinPackage(c, c.getConstructedType())
|
||||
or
|
||||
c.getConstructedType().hasNoModifier() and
|
||||
c.getConstructedType() instanceof NestedClass and
|
||||
not isWithinType(c.getEnclosingCallable(), c.getConstructedType())
|
||||
)
|
||||
)
|
||||
) and
|
||||
// not in a test where use is appropriate
|
||||
not isWithinTest(e) and
|
||||
// not when the accessing method or any enclosing method is @VisibleForTesting (test-to-test communication)
|
||||
not isWithinVisibleForTestingContext(e.getEnclosingCallable()) and
|
||||
// not when used in annotation contexts
|
||||
not e.getParent*() instanceof Annotation
|
||||
select e, "Access of $@ annotated with VisibleForTesting found in production code.", annotated,
|
||||
"element"
|
||||
@@ -0,0 +1,52 @@
|
||||
## Overview
|
||||
|
||||
Mocking methods of a class is necessary for unit tests to run without overhead caused by expensive I/O operations. However, when a unit test ends up mocking all public methods of a class, it may indicate that the test is too complicated, possibly because it is trying to test multiple things at once. Such extensive mocking is likely a signal that the scope of the unit test is reaching beyond a single unit of functionality.
|
||||
|
||||
## Recommendation
|
||||
|
||||
It is best to contain the scope of a single unit test to a single unit of functionality. For example, a unit test may aim to test a series of data-transforming functions that depend on an ORM class. Even though the functions may be semantically related with one another, it is better to create a unit test for each function.
|
||||
|
||||
## Example
|
||||
|
||||
The following example mocks all methods of an ORM class named `EmployeeRecord`, and tests four functions against them. Since the scope of the unit test harbors all four of them, all of the methods provided by the class are mocked.
|
||||
|
||||
```java
|
||||
public class EmployeeRecord {
|
||||
public int add(Employee employee) { ... }
|
||||
|
||||
public Employee get(String name) { ... }
|
||||
|
||||
public int update(Employee employee, String newName) { ... }
|
||||
|
||||
public int delete(Employee employee) { ... }
|
||||
}
|
||||
|
||||
public class TestORM {
|
||||
@Test
|
||||
public void nonCompliant() {
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // NON_COMPLIANT: Mocked class has all of its public methods used in the test
|
||||
when(employeeRecordMock.add(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.add
|
||||
when(employeeRecordMock.get("John Doe")).thenReturn(sampleEmployee); // Mocked EmployeeRecord.get
|
||||
when(employeeRecordMock.update(sampleEmployee, "Jane Doe")).thenReturn(0); // Mocked EmployeeRecord.update
|
||||
when(employeeRecordMock.delete(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.delete
|
||||
}
|
||||
|
||||
@Test
|
||||
public void compliant() {
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // COMPLIANT: Only some of the public methods belonging to the mocked object are used
|
||||
when(employeeRecordMock.add(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.add
|
||||
when(employeeRecordMock.update(sampleEmployee, "Jane Doe")).thenReturn(0); // Mocked EmployeeRecord.update
|
||||
}
|
||||
|
||||
}
|
||||
```
|
||||
|
||||
## Implementation Notes
|
||||
|
||||
JUnit provides two different ways of mocking a method call: `when(mockedObject.methodToMock(...)).thenReturn(...)` and `doReturn(...).when(mockedObject).methodToMock(...)`. Both forms are taken into account by the query.
|
||||
|
||||
## References
|
||||
|
||||
- Baeldung: [Best Practices for Unit Testing in Java](https://www.baeldung.com/java-unit-testing-best-practices).
|
||||
@@ -0,0 +1,80 @@
|
||||
/**
|
||||
* @id java/excessive-public-method-mocking
|
||||
* @previous-id java/mocking-all-non-private-methods-means-unit-test-is-too-big
|
||||
* @name Mocking all public methods of a class may indicate the unit test is testing too much
|
||||
* @description Mocking all public methods provided by a class might indicate the unit test
|
||||
* aims to test too many things.
|
||||
* @kind problem
|
||||
* @precision high
|
||||
* @problem.severity recommendation
|
||||
* @tags quality
|
||||
* maintainability
|
||||
* readability
|
||||
*/
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* A call to Mockito's `mock` method.
|
||||
*/
|
||||
class MockitoMockCall extends MethodCall {
|
||||
MockitoMockCall() { this.getMethod().hasQualifiedName("org.mockito", "Mockito", "mock") }
|
||||
|
||||
/**
|
||||
* Gets the type that this call intends to mock. For example:
|
||||
* ```java
|
||||
* EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class);
|
||||
* ```
|
||||
* This predicate gets the class `EmployeeRecord` in the above example.
|
||||
*/
|
||||
Type getMockedType() { result = this.getAnArgument().(TypeLiteral).getReferencedType() }
|
||||
}
|
||||
|
||||
/**
|
||||
* A method call that mocks a target method in a JUnit test. For example:
|
||||
* ```java
|
||||
* EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class);
|
||||
* when(employeeRecordMock.add(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.add
|
||||
* doReturn(0).when(employeeRecordMock).add(sampleEmployee); // Mocked EmployeeRecord.add
|
||||
* ```
|
||||
* This class captures the call to `add` which mocks the equivalent method of the class `EmployeeRecord`.
|
||||
*/
|
||||
class MockitoMockingMethodCall extends MethodCall {
|
||||
MockitoMockCall mockCall;
|
||||
|
||||
MockitoMockingMethodCall() {
|
||||
/* 1. The qualifier originates from the mock call. */
|
||||
this.getQualifier().getControlFlowNode().getAPredecessor+() = mockCall.getControlFlowNode() and
|
||||
/* 2. The mocked method can be found in the class being mocked with the mock call. */
|
||||
mockCall.getMockedType().(ClassOrInterface).getAMethod() = this.getMethod()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the call to Mockito's `mock` from which the qualifier, the mocked object, originates.
|
||||
*/
|
||||
MockitoMockCall getMockitoMockCall() { result = mockCall }
|
||||
}
|
||||
|
||||
/*
|
||||
* The following from-where-select embodies this pseudocode:
|
||||
* - Find a JUnit4TestMethod which:
|
||||
* - for a class that it mocks with a call to `mock`,
|
||||
* - for all methods that the class has, there is a method that this test method mocks.
|
||||
*/
|
||||
|
||||
from JUnit4TestMethod testMethod, ClassOrInterface mockedClassOrInterface
|
||||
where
|
||||
exists(MockitoMockCall mockCall |
|
||||
mockCall.getEnclosingCallable() = testMethod and
|
||||
mockedClassOrInterface = mockCall.getMockedType() and
|
||||
// Only flag classes with multiple public methods (2 or more)
|
||||
strictcount(Method m | m = mockedClassOrInterface.getAMethod() and m.isPublic()) > 1 and
|
||||
forex(Method method | method = mockedClassOrInterface.getAMethod() and method.isPublic() |
|
||||
exists(MockitoMockingMethodCall mockedMethod |
|
||||
mockedMethod.getMockitoMockCall() = mockCall and
|
||||
mockedMethod.getMethod() = method
|
||||
)
|
||||
)
|
||||
)
|
||||
select testMethod, "This test method mocks all public methods of a $@.", mockedClassOrInterface,
|
||||
"class or an interface"
|
||||
@@ -0,0 +1,10 @@
|
||||
/**
|
||||
* Underlying data type of the ORM class and functions.
|
||||
*/
|
||||
public class Employee {
|
||||
Employee(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
String name;
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
/**
|
||||
* Sample ORM class for the type `Employee`.
|
||||
*/
|
||||
public class EmployeeRecord {
|
||||
public int add(Employee employee) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
public Employee get(String name) {
|
||||
return new Employee("Sample");
|
||||
}
|
||||
|
||||
public int update(Employee employee, String newName) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
public int delete(Employee employee) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
private void f() { }
|
||||
|
||||
private void g() { }
|
||||
|
||||
private void h() { }
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
/**
|
||||
* Simple class with a single public method to test the edge case.
|
||||
* When this single method is mocked, it means ALL public methods are mocked.
|
||||
*/
|
||||
public class EmployeeStatus {
|
||||
public String getStatus() {
|
||||
return "active";
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
| TestORM.java:34:15:34:27 | nonCompliant1 | This test method mocks all public methods of a $@. | EmployeeRecord.java:4:14:4:27 | EmployeeRecord | class or an interface |
|
||||
| TestORM.java:47:15:47:27 | nonCompliant2 | This test method mocks all public methods of a $@. | EmployeeRecord.java:4:14:4:27 | EmployeeRecord | class or an interface |
|
||||
@@ -0,0 +1,2 @@
|
||||
query: Violations of Best Practice/Testing/ExcessivePublicMethodMocking.ql
|
||||
postprocess: utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -0,0 +1,65 @@
|
||||
import org.junit.Test;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.Mockito.doReturn;
|
||||
|
||||
public class TestORM {
|
||||
/**
|
||||
* Test of form `when(mockedObject.methodToBeMocked()).thenReturn(someVal)`.
|
||||
*/
|
||||
@Test
|
||||
public void compliant1() {
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // COMPLIANT: Only some of the public methods belonging to the mocked object are used
|
||||
when(employeeRecordMock.add(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.add
|
||||
when(employeeRecordMock.update(sampleEmployee, "Jane Doe")).thenReturn(0); // Mocked EmployeeRecord.update
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of form `doReturn(someVal).when(mockedObject).methodToBeMocked()`.
|
||||
*/
|
||||
@Test
|
||||
public void compliant2() {
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // COMPLIANT: Only some of the public methods belonging to the mocked object are used
|
||||
doReturn(0).when(employeeRecordMock).add(sampleEmployee); // Mocked EmployeeRecord.add
|
||||
doReturn(0).when(employeeRecordMock).get("John Doe"); // Mocked EmployeeRecord.get
|
||||
doReturn(0).when(employeeRecordMock).delete(sampleEmployee); // Mocked EmployeeRecord.delete
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of form `when(mockedObject.methodToBeMocked()).thenReturn(someVal)`.
|
||||
*/
|
||||
@Test
|
||||
public void nonCompliant1() { // $ Alert
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // NON_COMPLIANT: All public methods of the mocked object are used
|
||||
when(employeeRecordMock.add(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.add
|
||||
when(employeeRecordMock.get("John Doe")).thenReturn(sampleEmployee); // Mocked EmployeeRecord.get
|
||||
when(employeeRecordMock.update(sampleEmployee, "Jane Doe")).thenReturn(0); // Mocked EmployeeRecord.update
|
||||
when(employeeRecordMock.delete(sampleEmployee)).thenReturn(0); // Mocked EmployeeRecord.delete
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of form `doReturn(someVal).when(mockedObject).methodToBeMocked()`.
|
||||
*/
|
||||
@Test
|
||||
public void nonCompliant2() { // $ Alert
|
||||
Employee sampleEmployee = new Employee("John Doe");
|
||||
EmployeeRecord employeeRecordMock = mock(EmployeeRecord.class); // NON_COMPLIANT: All public methods of the mocked object are used
|
||||
doReturn(0).when(employeeRecordMock).add(sampleEmployee); // Mocked EmployeeRecord.add
|
||||
doReturn(0).when(employeeRecordMock).get("John Doe"); // Mocked EmployeeRecord.get
|
||||
doReturn(0).when(employeeRecordMock).update(sampleEmployee, "Jane Doe"); // Mocked EmployeeRecord.update
|
||||
doReturn(0).when(employeeRecordMock).delete(sampleEmployee); // Mocked EmployeeRecord.delete
|
||||
}
|
||||
|
||||
/**
|
||||
* Edge case: Class with single public method - should NOT be flagged.
|
||||
* When there's only one public method, mocking it doesn't indicate a "too big" test.
|
||||
*/
|
||||
@Test
|
||||
public void compliantSingleMethod() {
|
||||
EmployeeStatus statusMock = mock(EmployeeStatus.class); // COMPLIANT: Single public method, no choice but to mock it if needed
|
||||
when(statusMock.getStatus()).thenReturn("inactive"); // Mocked EmployeeStatus.getStatus (the only public method, but that's OK)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/junit-4.13:${testdir}/../../stubs/mockito-5.14
|
||||
@@ -0,0 +1,17 @@
|
||||
| packageone/SourcePackage.java:9:21:9:32 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packageone/SourcePackage.java:10:21:10:32 | Annotated.m2 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:11:26:11:27 | m2 | element |
|
||||
| packageone/SourcePackage.java:16:18:16:36 | fPublic(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:26:23:26:29 | fPublic | element |
|
||||
| packageone/SourcePackage.java:17:18:17:39 | fProtected(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:31:26:31:35 | fProtected | element |
|
||||
| packageone/SourcePackage.java:25:31:25:42 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packageone/SourcePackage.java:26:31:26:42 | Annotated.m2 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:11:26:11:27 | m2 | element |
|
||||
| packageone/SourcePackage.java:29:28:29:46 | fPublic(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:26:23:26:29 | fPublic | element |
|
||||
| packageone/SourcePackage.java:30:28:30:49 | fProtected(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:31:26:31:35 | fProtected | element |
|
||||
| packageone/SourcePackage.java:34:23:34:34 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packageone/SourcePackage.java:35:30:35:41 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packageone/SourcePackage.java:36:31:36:42 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packageone/SourcePackage.java:37:33:37:44 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element |
|
||||
| packagetwo/Source.java:8:20:8:30 | Annotated.m | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:7:19:7:19 | m | element |
|
||||
| packagetwo/Source.java:14:17:14:29 | f(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:16:16:16:16 | f | element |
|
||||
| packagetwo/Source.java:20:28:20:47 | new AnnotatedClass(...) | Access of $@ annotated with VisibleForTesting found in production code. | packageone/AnnotatedClass.java:4:14:4:27 | AnnotatedClass | element |
|
||||
| packagetwo/Source.java:24:30:24:40 | Annotated.m | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:7:19:7:19 | m | element |
|
||||
| packagetwo/Source.java:28:27:28:39 | f(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:16:16:16:16 | f | element |
|
||||
@@ -0,0 +1,2 @@
|
||||
query: Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql
|
||||
postprocess: utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -0,0 +1,6 @@
|
||||
package packageone;
|
||||
|
||||
@VisibleForTesting
|
||||
public class AnnotatedClass {
|
||||
public AnnotatedClass() {}
|
||||
}
|
||||
@@ -0,0 +1,38 @@
|
||||
package packageone;
|
||||
|
||||
import packagetwo.Annotated;
|
||||
|
||||
public class SourcePackage extends Annotated {
|
||||
void f() {
|
||||
// Fields - cross-package access (only accessible ones)
|
||||
// String s = Annotated.m; // Cannot access package-private from different package
|
||||
String s1 = Annotated.m1; // $ Alert
|
||||
String s2 = Annotated.m2; // $ Alert
|
||||
// String s3 = Annotated.m3; // Cannot access private field
|
||||
|
||||
// Methods - cross-package access (only accessible ones)
|
||||
// int i = Annotated.f(); // Cannot access package-private from different package
|
||||
// int i1 = Annotated.fPrivate(); // Cannot access private method
|
||||
int i2 = Annotated.fPublic(); // $ Alert
|
||||
int i3 = Annotated.fProtected(); // $ Alert
|
||||
|
||||
// Same package class
|
||||
AnnotatedClass a = new AnnotatedClass(); // COMPLIANT - same package
|
||||
|
||||
// Lambda usage - cross-package (only accessible members)
|
||||
Runnable lambda = () -> {
|
||||
// String lambdaS = Annotated.m; // Cannot access package-private
|
||||
String lambdaS1 = Annotated.m1; // $ Alert
|
||||
String lambdaS2 = Annotated.m2; // $ Alert
|
||||
|
||||
// int lambdaI = Annotated.f(); // Cannot access package-private
|
||||
int lambdaI2 = Annotated.fPublic(); // $ Alert
|
||||
int lambdaI3 = Annotated.fProtected(); // $ Alert
|
||||
};
|
||||
lambda.run();
|
||||
}
|
||||
String myField1 = Annotated.m1; // $ Alert
|
||||
public String myField2 = Annotated.m1; // $ Alert
|
||||
private String myField3 = Annotated.m1; // $ Alert
|
||||
protected String myField4 = Annotated.m1; // $ Alert
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
package packageone;
|
||||
|
||||
import packagetwo.Annotated;
|
||||
|
||||
public class SourcePackage1 extends Annotated {
|
||||
@VisibleForTesting
|
||||
public void f() {
|
||||
|
||||
String s1 = Annotated.m1;
|
||||
String s2 = Annotated.m2;
|
||||
|
||||
int i2 = Annotated.fPublic();
|
||||
int i3 = Annotated.fProtected();
|
||||
|
||||
Runnable lambda = () -> {
|
||||
String lambdaS1 = Annotated.m1;
|
||||
String lambdaS2 = Annotated.m2;
|
||||
int lambdaI2 = Annotated.fPublic();
|
||||
int lambdaI3 = Annotated.fProtected();
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
package packageone;
|
||||
|
||||
public @interface VisibleForTesting {
|
||||
}
|
||||
@@ -0,0 +1,92 @@
|
||||
package packagetwo;
|
||||
|
||||
import packageone.*;
|
||||
|
||||
public class Annotated {
|
||||
@VisibleForTesting
|
||||
static String m;
|
||||
@VisibleForTesting
|
||||
static protected String m1;
|
||||
@VisibleForTesting
|
||||
static public String m2;
|
||||
@VisibleForTesting
|
||||
static private String m3;
|
||||
|
||||
@VisibleForTesting
|
||||
static int f() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
static private int fPrivate() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
static public int fPublic() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
static protected int fProtected() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
private static void resetPriorities() {
|
||||
String priority = m;
|
||||
String priority1 = m1;
|
||||
String priority2 = m2;
|
||||
String priority3 = m3;
|
||||
|
||||
int result = f();
|
||||
int resultPrivate = fPrivate();
|
||||
int resultPublic = fPublic();
|
||||
int resultProtected = fProtected();
|
||||
}
|
||||
|
||||
private static void resetPriorities2() {
|
||||
Runnable task = () -> {
|
||||
String priority = m;
|
||||
String priority1 = m1;
|
||||
String priority2 = m2;
|
||||
String priority3 = m3;
|
||||
|
||||
int result = f();
|
||||
int resultPrivate = fPrivate();
|
||||
int resultPublic = fPublic();
|
||||
int resultProtected = fProtected();
|
||||
};
|
||||
task.run();
|
||||
}
|
||||
|
||||
private static class InnerClass {
|
||||
void useVisibleForMembers() {
|
||||
String field = m;
|
||||
String field1 = m1;
|
||||
String field2 = m2;
|
||||
String field3 = m3;
|
||||
|
||||
int method = f();
|
||||
int methodPrivate = fPrivate();
|
||||
int methodPublic = fPublic();
|
||||
int methodProtected = fProtected();
|
||||
}
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
static class InnerTestClass {
|
||||
@VisibleForTesting
|
||||
int getSize() {
|
||||
return 42;
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
private String data;
|
||||
}
|
||||
|
||||
private void useInnerClass() {
|
||||
InnerTestClass inner = new InnerTestClass();
|
||||
int size = inner.getSize();
|
||||
String value = inner.data;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package packagetwo;
|
||||
|
||||
import packageone.*;
|
||||
|
||||
public class Source {
|
||||
void f() {
|
||||
// Fields
|
||||
String s = Annotated.m; // $ Alert
|
||||
String s1 = Annotated.m1; // COMPLIANT - same package
|
||||
String s2 = Annotated.m2;
|
||||
// String s3 = Annotated.m3; // Cannot access private field
|
||||
|
||||
// Methods
|
||||
int i = Annotated.f(); // $ Alert
|
||||
// int i1 = Annotated.fPrivate(); // Cannot access private method
|
||||
int i2 = Annotated.fPublic();
|
||||
int i3 = Annotated.fProtected();
|
||||
|
||||
// Other class
|
||||
AnnotatedClass a = new AnnotatedClass(); // $ Alert
|
||||
|
||||
// Lambda usage
|
||||
Runnable lambda = () -> {
|
||||
String lambdaS = Annotated.m; // $ Alert
|
||||
String lambdaS1 = Annotated.m1;
|
||||
String lambdaS2 = Annotated.m2;
|
||||
|
||||
int lambdaI = Annotated.f(); // $ Alert
|
||||
int lambdaI2 = Annotated.fPublic();
|
||||
int lambdaI3 = Annotated.fProtected();
|
||||
};
|
||||
lambda.run();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package packagetwo;
|
||||
|
||||
import packageone.*;
|
||||
|
||||
public class Test {
|
||||
void f() {
|
||||
// Fields
|
||||
String s = Annotated.m; // COMPLIANT
|
||||
String s1 = Annotated.m1; // COMPLIANT
|
||||
String s2 = Annotated.m2; // COMPLIANT
|
||||
// String s3 = Annotated.m3; // Cannot access private field
|
||||
|
||||
// Methods
|
||||
int i = Annotated.f(); // COMPLIANT
|
||||
// int i1 = Annotated.fPrivate(); // Cannot access private method
|
||||
int i2 = Annotated.fPublic(); // COMPLIANT
|
||||
int i3 = Annotated.fProtected(); // COMPLIANT
|
||||
|
||||
// Other class
|
||||
AnnotatedClass a = new AnnotatedClass(); // COMPLIANT
|
||||
|
||||
// Lambda usage
|
||||
Runnable lambda = () -> {
|
||||
String lambdaS = Annotated.m; // COMPLIANT
|
||||
String lambdaS1 = Annotated.m1; // COMPLIANT
|
||||
String lambdaS2 = Annotated.m2; // COMPLIANT
|
||||
|
||||
int lambdaI = Annotated.f(); // COMPLIANT
|
||||
int lambdaI2 = Annotated.fPublic(); // COMPLIANT
|
||||
int lambdaI3 = Annotated.fProtected(); // COMPLIANT
|
||||
};
|
||||
lambda.run();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
package packagetwo;
|
||||
|
||||
import packageone.*;
|
||||
|
||||
@interface Range {
|
||||
int min() default 0;
|
||||
int max() default 100;
|
||||
}
|
||||
|
||||
public class UseWithinAnnotation {
|
||||
@VisibleForTesting
|
||||
static final int MAX_LISTING_LENGTH_MIN = 1;
|
||||
@VisibleForTesting
|
||||
static final int MAX_LISTING_LENGTH_MAX = 1000;
|
||||
|
||||
@Range(min = MAX_LISTING_LENGTH_MIN, max = MAX_LISTING_LENGTH_MAX)
|
||||
private int maxListingLength = MAX_LISTING_LENGTH_MAX;
|
||||
}
|
||||
214
java/ql/test/stubs/junit-4.13/LICENSE-junit.txt
Normal file
214
java/ql/test/stubs/junit-4.13/LICENSE-junit.txt
Normal file
@@ -0,0 +1,214 @@
|
||||
JUnit
|
||||
|
||||
Eclipse Public License - v 1.0
|
||||
|
||||
THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE PUBLIC
|
||||
LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM
|
||||
CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
|
||||
|
||||
1. DEFINITIONS
|
||||
|
||||
"Contribution" means:
|
||||
|
||||
a) in the case of the initial Contributor, the initial code and
|
||||
documentation distributed under this Agreement, and
|
||||
b) in the case of each subsequent Contributor:
|
||||
|
||||
i) changes to the Program, and
|
||||
|
||||
ii) additions to the Program;
|
||||
|
||||
where such changes and/or additions to the Program originate from and are
|
||||
distributed by that particular Contributor. A Contribution 'originates' from a
|
||||
Contributor if it was added to the Program by such Contributor itself or anyone
|
||||
acting on such Contributor's behalf. Contributions do not include additions to
|
||||
the Program which: (i) are separate modules of software distributed in
|
||||
conjunction with the Program under their own license agreement, and (ii) are
|
||||
not derivative works of the Program.
|
||||
|
||||
"Contributor" means any person or entity that distributes the Program.
|
||||
|
||||
"Licensed Patents " mean patent claims licensable by a Contributor which are
|
||||
necessarily infringed by the use or sale of its Contribution alone or when
|
||||
combined with the Program.
|
||||
|
||||
"Program" means the Contributions distributed in accordance with this Agreement.
|
||||
|
||||
"Recipient" means anyone who receives the Program under this Agreement,
|
||||
including all Contributors.
|
||||
|
||||
2. GRANT OF RIGHTS
|
||||
|
||||
a) Subject to the terms of this Agreement, each Contributor hereby grants
|
||||
Recipient a non-exclusive, worldwide, royalty-free copyright license to
|
||||
reproduce, prepare derivative works of, publicly display, publicly perform,
|
||||
distribute and sublicense the Contribution of such Contributor, if any, and
|
||||
such derivative works, in source code and object code form.
|
||||
|
||||
b) Subject to the terms of this Agreement, each Contributor hereby grants
|
||||
Recipient a non-exclusive, worldwide, royalty-free patent license under
|
||||
Licensed Patents to make, use, sell, offer to sell, import and otherwise
|
||||
transfer the Contribution of such Contributor, if any, in source code and
|
||||
object code form. This patent license shall apply to the combination of the
|
||||
Contribution and the Program if, at the time the Contribution is added by the
|
||||
Contributor, such addition of the Contribution causes such combination to be
|
||||
covered by the Licensed Patents. The patent license shall not apply to any
|
||||
other combinations which include the Contribution. No hardware per se is
|
||||
licensed hereunder.
|
||||
|
||||
c) Recipient understands that although each Contributor grants the
|
||||
licenses to its Contributions set forth herein, no assurances are provided by
|
||||
any Contributor that the Program does not infringe the patent or other
|
||||
intellectual property rights of any other entity. Each Contributor disclaims
|
||||
any liability to Recipient for claims brought by any other entity based on
|
||||
infringement of intellectual property rights or otherwise. As a condition to
|
||||
exercising the rights and licenses granted hereunder, each Recipient hereby
|
||||
assumes sole responsibility to secure any other intellectual property rights
|
||||
needed, if any. For example, if a third party patent license is required to
|
||||
allow Recipient to distribute the Program, it is Recipient's responsibility to
|
||||
acquire that license before distributing the Program.
|
||||
|
||||
d) Each Contributor represents that to its knowledge it has sufficient
|
||||
copyright rights in its Contribution, if any, to grant the copyright license
|
||||
set forth in this Agreement.
|
||||
|
||||
3. REQUIREMENTS
|
||||
|
||||
A Contributor may choose to distribute the Program in object code form under
|
||||
its own license agreement, provided that:
|
||||
|
||||
a) it complies with the terms and conditions of this Agreement; and
|
||||
|
||||
b) its license agreement:
|
||||
|
||||
i) effectively disclaims on behalf of all Contributors all warranties and
|
||||
conditions, express and implied, including warranties or conditions of title
|
||||
and non-infringement, and implied warranties or conditions of merchantability
|
||||
and fitness for a particular purpose;
|
||||
|
||||
ii) effectively excludes on behalf of all Contributors all liability for
|
||||
damages, including direct, indirect, special, incidental and consequential
|
||||
damages, such as lost profits;
|
||||
|
||||
iii) states that any provisions which differ from this Agreement are
|
||||
offered by that Contributor alone and not by any other party; and
|
||||
|
||||
iv) states that source code for the Program is available from such
|
||||
Contributor, and informs licensees how to obtain it in a reasonable manner on
|
||||
or through a medium customarily used for software exchange.
|
||||
|
||||
When the Program is made available in source code form:
|
||||
|
||||
a) it must be made available under this Agreement; and
|
||||
|
||||
b) a copy of this Agreement must be included with each copy of the
|
||||
Program.
|
||||
|
||||
Contributors may not remove or alter any copyright notices contained within the
|
||||
Program.
|
||||
|
||||
Each Contributor must identify itself as the originator of its Contribution, if
|
||||
any, in a manner that reasonably allows subsequent Recipients to identify the
|
||||
originator of the Contribution.
|
||||
|
||||
4. COMMERCIAL DISTRIBUTION
|
||||
|
||||
Commercial distributors of software may accept certain responsibilities with
|
||||
respect to end users, business partners and the like. While this license is
|
||||
intended to facilitate the commercial use of the Program, the Contributor who
|
||||
includes the Program in a commercial product offering should do so in a manner
|
||||
which does not create potential liability for other Contributors. Therefore, if
|
||||
a Contributor includes the Program in a commercial product offering, such
|
||||
Contributor ("Commercial Contributor") hereby agrees to defend and indemnify
|
||||
every other Contributor ("Indemnified Contributor") against any losses, damages
|
||||
and costs (collectively "Losses") arising from claims, lawsuits and other legal
|
||||
actions brought by a third party against the Indemnified Contributor to the
|
||||
extent caused by the acts or omissions of such Commercial Contributor in
|
||||
connection with its distribution of the Program in a commercial product
|
||||
offering. The obligations in this section do not apply to any claims or Losses
|
||||
relating to any actual or alleged intellectual property infringement. In order
|
||||
to qualify, an Indemnified Contributor must: a) promptly notify the Commercial
|
||||
Contributor in writing of such claim, and b) allow the Commercial Contributor
|
||||
to control, and cooperate with the Commercial Contributor in, the defense and
|
||||
any related settlement negotiations. The Indemnified Contributor may
|
||||
participate in any such claim at its own expense.
|
||||
|
||||
For example, a Contributor might include the Program in a commercial product
|
||||
offering, Product X. That Contributor is then a Commercial Contributor. If that
|
||||
Commercial Contributor then makes performance claims, or offers warranties
|
||||
related to Product X, those performance claims and warranties are such
|
||||
Commercial Contributor's responsibility alone. Under this section, the
|
||||
Commercial Contributor would have to defend claims against the other
|
||||
Contributors related to those performance claims and warranties, and if a court
|
||||
requires any other Contributor to pay any damages as a result, the Commercial
|
||||
Contributor must pay those damages.
|
||||
|
||||
5. NO WARRANTY
|
||||
|
||||
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
|
||||
IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE,
|
||||
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each
|
||||
Recipient is solely responsible for determining the appropriateness of using
|
||||
and distributing the Program and assumes all risks associated with its exercise
|
||||
of rights under this Agreement, including but not limited to the risks and
|
||||
costs of program errors, compliance with applicable laws, damage to or loss of
|
||||
data, programs or equipment, and unavailability or interruption of operations.
|
||||
|
||||
6. DISCLAIMER OF LIABILITY
|
||||
|
||||
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY
|
||||
CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
|
||||
PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
|
||||
WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS
|
||||
GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
7. GENERAL
|
||||
|
||||
If any provision of this Agreement is invalid or unenforceable under applicable
|
||||
law, it shall not affect the validity or enforceability of the remainder of the
|
||||
terms of this Agreement, and without further action by the parties hereto, such
|
||||
provision shall be reformed to the minimum extent necessary to make such
|
||||
provision valid and enforceable.
|
||||
|
||||
If Recipient institutes patent litigation against any
|
||||
entity (including a cross-claim or counterclaim in a lawsuit) alleging that the
|
||||
Program itself (excluding combinations of the Program with other software or
|
||||
hardware) infringes such Recipient's patent(s), then such Recipient's rights
|
||||
granted under Section 2(b) shall terminate as of the date such litigation is
|
||||
filed.
|
||||
|
||||
All Recipient's rights under this Agreement shall terminate if it fails to
|
||||
comply with any of the material terms or conditions of this Agreement and does
|
||||
not cure such failure in a reasonable period of time after becoming aware of
|
||||
such noncompliance. If all Recipient's rights under this Agreement terminate,
|
||||
Recipient agrees to cease use and distribution of the Program as soon as
|
||||
reasonably practicable. However, Recipient's obligations under this Agreement
|
||||
and any licenses granted by Recipient relating to the Program shall continue
|
||||
and survive.
|
||||
|
||||
Everyone is permitted to copy and distribute copies of this Agreement, but in
|
||||
order to avoid inconsistency the Agreement is copyrighted and may only be
|
||||
modified in the following manner. The Agreement Steward reserves the right to
|
||||
publish new versions (including revisions) of this Agreement from time to time.
|
||||
No one other than the Agreement Steward has the right to modify this Agreement.
|
||||
The Eclipse Foundation is the initial Agreement Steward. The Eclipse Foundation may assign the responsibility to
|
||||
serve as the Agreement Steward to a suitable separate entity. Each new version
|
||||
of the Agreement will be given a distinguishing version number. The Program
|
||||
(including Contributions) may always be distributed subject to the version of
|
||||
the Agreement under which it was received. In addition, after a new version of
|
||||
the Agreement is published, Contributor may elect to distribute the Program
|
||||
(including its Contributions) under the new version. Except as expressly stated
|
||||
in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to
|
||||
the intellectual property of any Contributor under this Agreement, whether
|
||||
expressly, by implication, estoppel or otherwise. All rights in the Program not
|
||||
expressly granted under this Agreement are reserved.
|
||||
|
||||
This Agreement is governed by the laws of the State of New York and the
|
||||
intellectual property laws of the United States of America. No party to this
|
||||
Agreement will bring a legal action under this Agreement more than one year
|
||||
after the cause of action arose. Each party waives its rights to a jury trial
|
||||
in any resulting litigation.
|
||||
|
||||
472
java/ql/test/stubs/junit-4.13/org/junit/Assert.java
generated
Normal file
472
java/ql/test/stubs/junit-4.13/org/junit/Assert.java
generated
Normal file
@@ -0,0 +1,472 @@
|
||||
package org.junit;
|
||||
|
||||
import org.junit.function.ThrowingRunnable;
|
||||
|
||||
//BSD License
|
||||
//
|
||||
//Copyright (c) 2000-2006, www.hamcrest.org
|
||||
//All rights reserved.
|
||||
//
|
||||
//Redistribution and use in source and binary forms, with or without
|
||||
//modification, are permitted provided that the following conditions are met:
|
||||
//
|
||||
//Redistributions of source code must retain the above copyright notice, this list of
|
||||
//conditions and the following disclaimer. Redistributions in binary form must reproduce
|
||||
//the above copyright notice, this list of conditions and the following disclaimer in
|
||||
//the documentation and/or other materials provided with the distribution.
|
||||
//
|
||||
//Neither the name of Hamcrest nor the names of its contributors may be used to endorse
|
||||
//or promote products derived from this software without specific prior written
|
||||
//permission.
|
||||
//
|
||||
//THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
||||
//EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
//OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
||||
//SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
//INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
//TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
//BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
//CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
|
||||
//WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
||||
//DAMAGE.
|
||||
|
||||
/*
|
||||
* MODIFIED version of JUnit 4.13 as available at
|
||||
* https://search.maven.org/remotecontent?filepath=junit/junit/4.13/junit-4.13-sources.jar
|
||||
* Only parts of this file have been retained for test purposes.
|
||||
*/
|
||||
|
||||
public class Assert {
|
||||
/**
|
||||
* Asserts that a condition is true. If it isn't it throws an
|
||||
* {@link AssertionError} with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param condition condition to be checked
|
||||
*/
|
||||
static public void assertTrue(String message, boolean condition) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that a condition is true. If it isn't it throws an
|
||||
* {@link AssertionError} without a message.
|
||||
*
|
||||
* @param condition condition to be checked
|
||||
*/
|
||||
static public void assertTrue(boolean condition) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that a condition is false. If it isn't it throws an
|
||||
* {@link AssertionError} with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param condition condition to be checked
|
||||
*/
|
||||
static public void assertFalse(String message, boolean condition) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that a condition is false. If it isn't it throws an
|
||||
* {@link AssertionError} without a message.
|
||||
*
|
||||
* @param condition condition to be checked
|
||||
*/
|
||||
static public void assertFalse(boolean condition) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fails a test with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @see AssertionError
|
||||
*/
|
||||
static public void fail(String message) {
|
||||
if (message == null) {
|
||||
throw new AssertionError();
|
||||
}
|
||||
throw new AssertionError(message);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that an object isn't null. If it is an {@link AssertionError} is
|
||||
* thrown with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param object Object to check or <code>null</code>
|
||||
*/
|
||||
static public void assertNotNull(String message, Object object) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that an object isn't null. If it is an {@link AssertionError} is
|
||||
* thrown.
|
||||
*
|
||||
* @param object Object to check or <code>null</code>
|
||||
*/
|
||||
static public void assertNotNull(Object object) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that an object is null. If it is not, an {@link AssertionError}
|
||||
* is thrown with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param object Object to check or <code>null</code>
|
||||
*/
|
||||
static public void assertNull(String message, Object object) {
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that an object is null. If it isn't an {@link AssertionError} is
|
||||
* thrown.
|
||||
*
|
||||
* @param object Object to check or <code>null</code>
|
||||
*/
|
||||
static public void assertNull(Object object) {
|
||||
return;
|
||||
}
|
||||
|
||||
private static boolean equalsRegardingNull(Object expected, Object actual) {
|
||||
if (expected == null) {
|
||||
return actual == null;
|
||||
}
|
||||
|
||||
return isEquals(expected, actual);
|
||||
}
|
||||
|
||||
private static boolean isEquals(Object expected, Object actual) {
|
||||
return expected.equals(actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two doubles are equal to within a positive delta.
|
||||
* If they are not, an {@link AssertionError} is thrown with the given
|
||||
* message. If the expected value is infinity then the delta value is
|
||||
* ignored. NaNs are considered equal:
|
||||
* <code>assertEquals(Double.NaN, Double.NaN, *)</code> passes
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param expected expected value
|
||||
* @param actual the value to check against <code>expected</code>
|
||||
* @param delta the maximum delta between <code>expected</code> and
|
||||
* <code>actual</code> for which both numbers are still
|
||||
* considered equal.
|
||||
*/
|
||||
public static void assertEquals(String message, double expected,
|
||||
double actual, double delta) {
|
||||
return;
|
||||
}
|
||||
|
||||
private static void failNotEquals(String message, Object expected,
|
||||
Object actual) {
|
||||
fail(format(message, expected, actual));
|
||||
}
|
||||
|
||||
static String format(String message, Object expected, Object actual) {
|
||||
String formatted = "";
|
||||
if (message != null && !"".equals(message)) {
|
||||
formatted = message + " ";
|
||||
}
|
||||
String expectedString = String.valueOf(expected);
|
||||
String actualString = String.valueOf(actual);
|
||||
if (equalsRegardingNull(expectedString, actualString)) {
|
||||
return formatted + "expected: "
|
||||
+ formatClassAndValue(expected, expectedString)
|
||||
+ " but was: " + formatClassAndValue(actual, actualString);
|
||||
} else {
|
||||
return formatted + "expected:<" + expectedString + "> but was:<"
|
||||
+ actualString + ">";
|
||||
}
|
||||
}
|
||||
|
||||
private static String formatClass(Class<?> value) {
|
||||
String className = value.getCanonicalName();
|
||||
return className == null ? value.getName() : className;
|
||||
}
|
||||
|
||||
private static String formatClassAndValue(Object value, String valueString) {
|
||||
String className = value == null ? "null" : value.getClass().getName();
|
||||
return className + "<" + valueString + ">";
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two floats are equal to within a positive delta.
|
||||
* If they are not, an {@link AssertionError} is thrown with the given
|
||||
* message. If the expected value is infinity then the delta value is
|
||||
* ignored. NaNs are considered equal:
|
||||
* <code>assertEquals(Float.NaN, Float.NaN, *)</code> passes
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param expected expected value
|
||||
* @param actual the value to check against <code>expected</code>
|
||||
* @param delta the maximum delta between <code>expected</code> and
|
||||
* <code>actual</code> for which both numbers are still
|
||||
* considered equal.
|
||||
*/
|
||||
public static void assertEquals(String message, float expected, float actual,
|
||||
float delta) {
|
||||
if (floatIsDifferent(expected, actual, delta)) {
|
||||
failNotEquals(message, Float.valueOf(expected), Float.valueOf(actual));
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean doubleIsDifferent(double d1, double d2, double delta) {
|
||||
if (Double.compare(d1, d2) == 0) {
|
||||
return false;
|
||||
}
|
||||
if ((Math.abs(d1 - d2) <= delta)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private static boolean floatIsDifferent(float f1, float f2, float delta) {
|
||||
if (Float.compare(f1, f2) == 0) {
|
||||
return false;
|
||||
}
|
||||
if ((Math.abs(f1 - f2) <= delta)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two longs are equal. If they are not, an
|
||||
* {@link AssertionError} is thrown.
|
||||
*
|
||||
* @param expected expected long value.
|
||||
* @param actual actual long value
|
||||
*/
|
||||
public static void assertEquals(long expected, long actual) {
|
||||
assertEquals(null, expected, actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two longs are equal. If they are not, an
|
||||
* {@link AssertionError} is thrown with the given message.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError}
|
||||
* (<code>null</code>
|
||||
* okay)
|
||||
* @param expected long expected value.
|
||||
* @param actual long actual value
|
||||
*/
|
||||
public static void assertEquals(String message, long expected, long actual) {
|
||||
if (expected != actual) {
|
||||
failNotEquals(message, Long.valueOf(expected), Long.valueOf(actual));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use
|
||||
* <code>assertEquals(double expected, double actual, double
|
||||
* delta)</code> instead
|
||||
*/
|
||||
@Deprecated
|
||||
public static void assertEquals(double expected, double actual) {
|
||||
assertEquals(null, expected, actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use
|
||||
* <code>assertEquals(String message, double expected, double
|
||||
* actual, double delta)</code> instead
|
||||
*/
|
||||
@Deprecated
|
||||
public static void assertEquals(String message, double expected,
|
||||
double actual) {
|
||||
fail("Use assertEquals(expected, actual, delta) to compare " +
|
||||
"floating-point numbers");
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two doubles are equal to within a positive delta.
|
||||
* If they are not, an {@link AssertionError} is thrown. If the expected
|
||||
* value is infinity then the delta value is ignored.NaNs are considered
|
||||
* equal: <code>assertEquals(Double.NaN, Double.NaN, *)</code> passes
|
||||
*
|
||||
* @param expected expected value
|
||||
* @param actual the value to check against <code>expected</code>
|
||||
* @param delta the maximum delta between <code>expected</code> and
|
||||
* <code>actual</code> for which both numbers are still
|
||||
* considered equal.
|
||||
*/
|
||||
public static void assertEquals(double expected, double actual,
|
||||
double delta) {
|
||||
assertEquals(null, expected, actual, delta);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two floats are equal to within a positive delta.
|
||||
* If they are not, an {@link AssertionError} is thrown. If the expected
|
||||
* value is infinity then the delta value is ignored. NaNs are considered
|
||||
* equal: <code>assertEquals(Float.NaN, Float.NaN, *)</code> passes
|
||||
*
|
||||
* @param expected expected value
|
||||
* @param actual the value to check against <code>expected</code>
|
||||
* @param delta the maximum delta between <code>expected</code> and
|
||||
* <code>actual</code> for which both numbers are still
|
||||
* considered equal.
|
||||
*/
|
||||
public static void assertEquals(float expected, float actual, float delta) {
|
||||
assertEquals(null, expected, actual, delta);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that two objects are equal. If they are not, an
|
||||
* {@link AssertionError} without a message is thrown. If
|
||||
* <code>expected</code> and <code>actual</code> are <code>null</code>,
|
||||
* they are considered equal.
|
||||
*
|
||||
* @param expected expected value
|
||||
* @param actual the value to check against <code>expected</code>
|
||||
*/
|
||||
public static void assertEquals(Object expected, Object actual) {
|
||||
assertEquals(null, expected, actual);
|
||||
}
|
||||
|
||||
public static void assertEquals(String message, Object expected,
|
||||
Object actual) {
|
||||
}
|
||||
|
||||
public static void assertNotEquals(String message, Object unexpected, Object actual) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertNotEquals(Object unexpected, Object actual) {
|
||||
assertNotEquals(null, unexpected, actual);
|
||||
}
|
||||
|
||||
public static void assertNotEquals(String message, long unexpected, long actual) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertNotEquals(long unexpected, long actual) {
|
||||
assertNotEquals(null, unexpected, actual);
|
||||
}
|
||||
|
||||
public static void assertNotEquals(String message, double unexpected, double actual, double delta) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertNotEquals(double unexpected, double actual, double delta) {
|
||||
assertNotEquals(null, unexpected, actual, delta);
|
||||
}
|
||||
|
||||
public static void assertNotEquals(String message, float unexpected, float actual, float delta) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertNotEquals(float unexpected, float actual, float delta) {
|
||||
assertNotEquals(null, unexpected, actual, delta);
|
||||
}
|
||||
|
||||
public static void assertNotSame(String message, Object unexpected, Object actual) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertNotSame(Object unexpected, Object actual) {
|
||||
assertNotSame(null, unexpected, actual);
|
||||
}
|
||||
|
||||
public static void assertSame(String message, Object expected, Object actual) {
|
||||
return;
|
||||
}
|
||||
|
||||
public static void assertSame(Object expected, Object actual) {
|
||||
assertSame(null, expected, actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that {@code runnable} throws an exception of type {@code expectedThrowable} when
|
||||
* executed. If it does, the exception object is returned. If it does not throw an exception, an
|
||||
* {@link AssertionError} is thrown. If it throws the wrong type of exception, an {@code
|
||||
* AssertionError} is thrown describing the mismatch; the exception that was actually thrown can
|
||||
* be obtained by calling {@link AssertionError#getCause}.
|
||||
*
|
||||
* @param expectedThrowable the expected type of the exception
|
||||
* @param runnable a function that is expected to throw an exception when executed
|
||||
* @return the exception thrown by {@code runnable}
|
||||
* @since 4.13
|
||||
*/
|
||||
public static <T extends Throwable> T assertThrows(Class<T> expectedThrowable,
|
||||
ThrowingRunnable runnable) {
|
||||
return assertThrows(null, expectedThrowable, runnable);
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts that {@code runnable} throws an exception of type {@code expectedThrowable} when
|
||||
* executed. If it does, the exception object is returned. If it does not throw an exception, an
|
||||
* {@link AssertionError} is thrown. If it throws the wrong type of exception, an {@code
|
||||
* AssertionError} is thrown describing the mismatch; the exception that was actually thrown can
|
||||
* be obtained by calling {@link AssertionError#getCause}.
|
||||
*
|
||||
* @param message the identifying message for the {@link AssertionError} (<code>null</code>
|
||||
* okay)
|
||||
* @param expectedThrowable the expected type of the exception
|
||||
* @param runnable a function that is expected to throw an exception when executed
|
||||
* @return the exception thrown by {@code runnable}
|
||||
* @since 4.13
|
||||
*/
|
||||
public static <T extends Throwable> T assertThrows(String message, Class<T> expectedThrowable,
|
||||
ThrowingRunnable runnable) {
|
||||
try {
|
||||
runnable.run();
|
||||
} catch (Throwable actualThrown) {
|
||||
if (expectedThrowable.isInstance(actualThrown)) {
|
||||
@SuppressWarnings("unchecked") T retVal = (T) actualThrown;
|
||||
return retVal;
|
||||
} else {
|
||||
String expected = formatClass(expectedThrowable);
|
||||
Class<? extends Throwable> actualThrowable = actualThrown.getClass();
|
||||
String actual = formatClass(actualThrowable);
|
||||
if (expected.equals(actual)) {
|
||||
// There must be multiple class loaders. Add the identity hash code so the message
|
||||
// doesn't say "expected: java.lang.String<my.package.MyException> ..."
|
||||
expected += "@" + Integer.toHexString(System.identityHashCode(expectedThrowable));
|
||||
actual += "@" + Integer.toHexString(System.identityHashCode(actualThrowable));
|
||||
}
|
||||
String mismatchMessage = buildPrefix(message)
|
||||
+ format("unexpected exception type thrown;", expected, actual);
|
||||
|
||||
// The AssertionError(String, Throwable) ctor is only available on JDK7.
|
||||
AssertionError assertionError = new AssertionError(mismatchMessage);
|
||||
assertionError.initCause(actualThrown);
|
||||
throw assertionError;
|
||||
}
|
||||
}
|
||||
String notThrownMessage = buildPrefix(message) + String
|
||||
.format("expected %s to be thrown, but nothing was thrown",
|
||||
formatClass(expectedThrowable));
|
||||
throw new AssertionError(notThrownMessage);
|
||||
}
|
||||
|
||||
private static String buildPrefix(String message) {
|
||||
return message != null && message.length() != 0 ? message + ": " : "";
|
||||
}
|
||||
|
||||
}
|
||||
28
java/ql/test/stubs/junit-4.13/org/junit/Test.java
generated
Normal file
28
java/ql/test/stubs/junit-4.13/org/junit/Test.java
generated
Normal file
@@ -0,0 +1,28 @@
|
||||
/*
|
||||
* Copyright 2015-2018 the original author or authors.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials are
|
||||
* made available under the terms of the Eclipse Public License v2.0 which
|
||||
* accompanies this distribution and is available at
|
||||
*
|
||||
* http://www.eclipse.org/legal/epl-v20.html
|
||||
*/
|
||||
|
||||
/*
|
||||
* MODIFIED version of junit-jupiter-api 5.2.0 as available at
|
||||
* https://search.maven.org/classic/remotecontent?filepath=org/junit/jupiter/junit-jupiter-api/5.2.0/junit-jupiter-api-5.2.0-sources.jar
|
||||
* Only parts of this file have been retained for test purposes.
|
||||
*/
|
||||
|
||||
package org.junit;
|
||||
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Target({ElementType.ANNOTATION_TYPE, ElementType.METHOD})
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Documented
|
||||
public @interface Test {}
|
||||
14
java/ql/test/stubs/junit-4.13/org/junit/function/ThrowingRunnable.java
generated
Normal file
14
java/ql/test/stubs/junit-4.13/org/junit/function/ThrowingRunnable.java
generated
Normal file
@@ -0,0 +1,14 @@
|
||||
package org.junit.function;
|
||||
|
||||
/**
|
||||
* This interface facilitates the use of
|
||||
* {@link org.junit.Assert#assertThrows(Class, ThrowingRunnable)} from Java 8. It allows method
|
||||
* references to void methods (that declare checked exceptions) to be passed directly into
|
||||
* {@code assertThrows}
|
||||
* without wrapping. It is not meant to be implemented directly.
|
||||
*
|
||||
* @since 4.13
|
||||
*/
|
||||
public interface ThrowingRunnable {
|
||||
void run() throws Throwable;
|
||||
}
|
||||
4
java/ql/test/stubs/mockito-5.14/org/mockito/ArgumentMatchers.java
generated
Normal file
4
java/ql/test/stubs/mockito-5.14/org/mockito/ArgumentMatchers.java
generated
Normal file
@@ -0,0 +1,4 @@
|
||||
package org.mockito;
|
||||
|
||||
public class ArgumentMatchers {
|
||||
}
|
||||
10
java/ql/test/stubs/mockito-5.14/org/mockito/MockSettings.java
generated
Normal file
10
java/ql/test/stubs/mockito-5.14/org/mockito/MockSettings.java
generated
Normal file
@@ -0,0 +1,10 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
public interface MockSettings extends Serializable {
|
||||
}
|
||||
216
java/ql/test/stubs/mockito-5.14/org/mockito/Mockito.java
generated
Normal file
216
java/ql/test/stubs/mockito-5.14/org/mockito/Mockito.java
generated
Normal file
@@ -0,0 +1,216 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito;
|
||||
|
||||
import org.mockito.ArgumentMatchers;
|
||||
import org.mockito.MockSettings;
|
||||
import org.mockito.internal.creation.MockSettingsImpl;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.mockito.stubbing.OngoingStubbing;
|
||||
import org.mockito.internal.MockitoCore;
|
||||
import org.mockito.MockSettings;
|
||||
import org.mockito.stubbing.Stubber;
|
||||
|
||||
public class Mockito extends ArgumentMatchers {
|
||||
static final MockitoCore MOCKITO_CORE = new MockitoCore();
|
||||
|
||||
public static MockSettings withSettings() {
|
||||
return new MockSettings() {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a mock object of the requested class or interface.
|
||||
* <p>
|
||||
* See examples in javadoc for the {@link Mockito} class.
|
||||
*
|
||||
* @param reified don't pass any values to it. It's a trick to detect the
|
||||
* class/interface you
|
||||
* want to mock.
|
||||
* @return the mock object.
|
||||
* @since 4.10.0
|
||||
*/
|
||||
@SafeVarargs
|
||||
public static <T> T mock(T... reified) {
|
||||
return mock(withSettings(), reified);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a mock object of the requested class or interface with the given
|
||||
* default answer.
|
||||
* <p>
|
||||
* See examples in javadoc for the {@link Mockito} class.
|
||||
*
|
||||
* @param defaultAnswer the default answer to use.
|
||||
* @param reified don't pass any values to it. It's a trick to detect the
|
||||
* class/interface you
|
||||
* want to mock.
|
||||
* @return the mock object.
|
||||
* @since 5.1.0
|
||||
*/
|
||||
@SafeVarargs
|
||||
public static <T> T mock(@SuppressWarnings("rawtypes") Answer defaultAnswer, T... reified) {
|
||||
return mock(new Answer<T>() {
|
||||
}, reified);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a mock object of the requested class or interface with the given
|
||||
* name.
|
||||
* <p>
|
||||
* See examples in javadoc for the {@link Mockito} class.
|
||||
*
|
||||
* @param name the mock name to use.
|
||||
* @param reified don't pass any values to it. It's a trick to detect the
|
||||
* class/interface you
|
||||
* want to mock.
|
||||
* @return the mock object.
|
||||
* @since 5.1.0
|
||||
*/
|
||||
@SafeVarargs
|
||||
public static <T> T mock(String name, T... reified) {
|
||||
return mock(withSettings(), reified);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a mock object of the requested class or interface with the given
|
||||
* settings.
|
||||
* <p>
|
||||
* See examples in javadoc for the {@link Mockito} class.
|
||||
*
|
||||
* @param settings the mock settings to use.
|
||||
* @param reified don't pass any values to it. It's a trick to detect the
|
||||
* class/interface you
|
||||
* want to mock.
|
||||
* @return the mock object.
|
||||
* @since 5.1.0
|
||||
*/
|
||||
@SafeVarargs
|
||||
public static <T> T mock(MockSettings settings, T... reified) {
|
||||
if (reified == null || reified.length > 0) {
|
||||
throw new IllegalArgumentException(
|
||||
"Please don't pass any values here. Java will detect class automagically.");
|
||||
}
|
||||
|
||||
return mock(getClassOf(reified), settings);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates mock object of given class or interface.
|
||||
* <p>
|
||||
* See examples in javadoc for {@link Mockito} class
|
||||
*
|
||||
* @param classToMock class or interface to mock
|
||||
* @return mock object
|
||||
*/
|
||||
public static <T> T mock(Class<T> classToMock) {
|
||||
return mock(classToMock, withSettings());
|
||||
}
|
||||
|
||||
/**
|
||||
* Specifies mock name. Naming mocks can be helpful for debugging - the name is
|
||||
* used in all verification errors.
|
||||
* <p>
|
||||
* Beware that naming mocks is not a solution for complex code which uses too
|
||||
* many mocks or collaborators.
|
||||
* <b>If you have too many mocks then refactor the code</b> so that it's easy to
|
||||
* test/debug without necessity of naming mocks.
|
||||
* <p>
|
||||
* <b>If you use <code>@Mock</code> annotation then you've got naming mocks
|
||||
* for free!</b> <code>@Mock</code> uses field name as mock name.
|
||||
* {@link Mock Read more.}
|
||||
* <p>
|
||||
*
|
||||
* See examples in javadoc for {@link Mockito} class
|
||||
*
|
||||
* @param classToMock class or interface to mock
|
||||
* @param name of the mock
|
||||
* @return mock object
|
||||
*/
|
||||
public static <T> T mock(Class<T> classToMock, String name) {
|
||||
return mock(classToMock, new Answer<T>() {
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates mock with a specified strategy for its answers to interactions.
|
||||
* It's quite an advanced feature and typically you don't need it to write
|
||||
* decent tests.
|
||||
* However it can be helpful when working with legacy systems.
|
||||
* <p>
|
||||
* It is the default answer so it will be used <b>only when you don't</b> stub
|
||||
* the method call.
|
||||
*
|
||||
* <pre class="code">
|
||||
* <code class="java">
|
||||
* Foo mock = mock(Foo.class, RETURNS_SMART_NULLS);
|
||||
* Foo mockTwo = mock(Foo.class, new YourOwnAnswer());
|
||||
* </code>
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
* See examples in javadoc for {@link Mockito} class
|
||||
* </p>
|
||||
*
|
||||
* @param classToMock class or interface to mock
|
||||
* @param defaultAnswer default answer for un-stubbed methods
|
||||
*
|
||||
* @return mock object
|
||||
*/
|
||||
public static <T> T mock(Class<T> classToMock, Answer defaultAnswer) {
|
||||
return mock(classToMock, new Answer<T>() {
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a mock with some non-standard settings.
|
||||
* <p>
|
||||
* The number of configuration points for a mock will grow,
|
||||
* so we need a fluent way to introduce new configuration without adding more
|
||||
* and more overloaded Mockito.mock() methods.
|
||||
* Hence {@link MockSettings}.
|
||||
*
|
||||
* <pre class="code">
|
||||
* <code class="java">
|
||||
* Listener mock = mock(Listener.class, withSettings()
|
||||
* .name("firstListner").defaultBehavior(RETURNS_SMART_NULLS));
|
||||
* );
|
||||
* </code>
|
||||
* </pre>
|
||||
*
|
||||
* <b>Use it carefully and occasionally</b>. What might be reason your test
|
||||
* needs non-standard mocks?
|
||||
* Is the code under test so complicated that it requires non-standard mocks?
|
||||
* Wouldn't you prefer to refactor the code under test, so that it is testable
|
||||
* in a simple way?
|
||||
* <p>
|
||||
* See also {@link Mockito#withSettings()}
|
||||
* <p>
|
||||
* See examples in javadoc for {@link Mockito} class
|
||||
*
|
||||
* @param classToMock class or interface to mock
|
||||
* @param mockSettings additional mock settings
|
||||
* @return mock object
|
||||
*/
|
||||
public static <T> T mock(Class<T> classToMock, MockSettings mockSettings) {
|
||||
return MOCKITO_CORE.mock(classToMock, mockSettings);
|
||||
}
|
||||
|
||||
private static <T> Class<T> getClassOf(T[] array) {
|
||||
return (Class<T>) array.getClass().getComponentType();
|
||||
}
|
||||
|
||||
public static <T> OngoingStubbing<T> when(T methodCall) {
|
||||
return MOCKITO_CORE.when(methodCall);
|
||||
}
|
||||
|
||||
public static Stubber doReturn(Object toBeReturned) {
|
||||
return null;
|
||||
}
|
||||
|
||||
public static Stubber doReturn(Object toBeReturned, Object... toBeReturnedNext) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
28
java/ql/test/stubs/mockito-5.14/org/mockito/internal/MockitoCore.java
generated
Normal file
28
java/ql/test/stubs/mockito-5.14/org/mockito/internal/MockitoCore.java
generated
Normal file
@@ -0,0 +1,28 @@
|
||||
package org.mockito.internal;
|
||||
|
||||
import org.mockito.MockSettings;
|
||||
import org.mockito.internal.creation.MockSettingsImpl;
|
||||
import org.mockito.internal.progress.MockingProgress;
|
||||
import org.mockito.stubbing.OngoingStubbing;
|
||||
import org.mockito.mock.MockCreationSettings;
|
||||
import static org.mockito.internal.util.MockUtil.createMock;
|
||||
|
||||
public class MockitoCore {
|
||||
public <T> T mock(Class<T> typeToMock, MockSettings settings) {
|
||||
MockSettingsImpl impl = (MockSettingsImpl) settings;
|
||||
MockCreationSettings<T> creationSettings = impl.build(typeToMock);
|
||||
T mock = createMock(creationSettings);
|
||||
return mock;
|
||||
}
|
||||
|
||||
public <T> OngoingStubbing<T> when(T methodCall) {
|
||||
MockingProgress mockingProgress = new MockingProgress() {
|
||||
@Override
|
||||
public OngoingStubbing<?> pullOngoingStubbing() {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
OngoingStubbing<T> stubbing = (OngoingStubbing<T>) mockingProgress.pullOngoingStubbing();
|
||||
return stubbing;
|
||||
}
|
||||
}
|
||||
14
java/ql/test/stubs/mockito-5.14/org/mockito/internal/creation/MockSettingsImpl.java
generated
Normal file
14
java/ql/test/stubs/mockito-5.14/org/mockito/internal/creation/MockSettingsImpl.java
generated
Normal file
@@ -0,0 +1,14 @@
|
||||
package org.mockito.internal.creation;
|
||||
|
||||
import org.mockito.MockSettings;
|
||||
import org.mockito.mock.MockCreationSettings;
|
||||
|
||||
public class MockSettingsImpl<T> implements MockSettings {
|
||||
public <T2> MockCreationSettings<T2> build(Class<T2> typeToMock) {
|
||||
return new MockCreationSettings<T2>() {
|
||||
public String getMockMaker() {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
14
java/ql/test/stubs/mockito-5.14/org/mockito/internal/handler/MockHandlerFactory.java
generated
Normal file
14
java/ql/test/stubs/mockito-5.14/org/mockito/internal/handler/MockHandlerFactory.java
generated
Normal file
@@ -0,0 +1,14 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.internal.handler;
|
||||
|
||||
import org.mockito.mock.MockCreationSettings;
|
||||
import org.mockito.invocation.MockHandler;
|
||||
|
||||
public final class MockHandlerFactory {
|
||||
public static <T> MockHandler<T> createMockHandler(MockCreationSettings<T> settings) {
|
||||
return new MockHandlerImpl<T>();
|
||||
}
|
||||
}
|
||||
10
java/ql/test/stubs/mockito-5.14/org/mockito/internal/handler/MockHandlerImpl.java
generated
Normal file
10
java/ql/test/stubs/mockito-5.14/org/mockito/internal/handler/MockHandlerImpl.java
generated
Normal file
@@ -0,0 +1,10 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.internal.handler;
|
||||
|
||||
import org.mockito.invocation.MockHandler;
|
||||
|
||||
public class MockHandlerImpl<T> implements MockHandler<T> {
|
||||
}
|
||||
11
java/ql/test/stubs/mockito-5.14/org/mockito/internal/progress/MockingProgress.java
generated
Normal file
11
java/ql/test/stubs/mockito-5.14/org/mockito/internal/progress/MockingProgress.java
generated
Normal file
@@ -0,0 +1,11 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.internal.progress;
|
||||
|
||||
import org.mockito.stubbing.OngoingStubbing;
|
||||
|
||||
public interface MockingProgress {
|
||||
OngoingStubbing<?> pullOngoingStubbing();
|
||||
}
|
||||
18
java/ql/test/stubs/mockito-5.14/org/mockito/internal/util/MockUtil.java
generated
Normal file
18
java/ql/test/stubs/mockito-5.14/org/mockito/internal/util/MockUtil.java
generated
Normal file
@@ -0,0 +1,18 @@
|
||||
package org.mockito.internal.util;
|
||||
|
||||
import org.mockito.mock.MockCreationSettings;
|
||||
import org.mockito.plugins.MockMaker;
|
||||
import org.mockito.invocation.MockHandler;
|
||||
import static org.mockito.internal.handler.MockHandlerFactory.createMockHandler;
|
||||
|
||||
public class MockUtil {
|
||||
public static <T> T createMock(MockCreationSettings<T> settings) {
|
||||
MockMaker mockMaker = getMockMaker(settings.getMockMaker());
|
||||
MockHandler mockHandler = createMockHandler(settings);
|
||||
return mockMaker.createMock(settings, mockHandler);
|
||||
}
|
||||
|
||||
public static MockMaker getMockMaker(String mockMaker) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
10
java/ql/test/stubs/mockito-5.14/org/mockito/invocation/MockHandler.java
generated
Normal file
10
java/ql/test/stubs/mockito-5.14/org/mockito/invocation/MockHandler.java
generated
Normal file
@@ -0,0 +1,10 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.invocation;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
public interface MockHandler<T> extends Serializable {
|
||||
}
|
||||
9
java/ql/test/stubs/mockito-5.14/org/mockito/mock/MockCreationSettings.java
generated
Normal file
9
java/ql/test/stubs/mockito-5.14/org/mockito/mock/MockCreationSettings.java
generated
Normal file
@@ -0,0 +1,9 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.mock;
|
||||
|
||||
public interface MockCreationSettings<T> {
|
||||
String getMockMaker();
|
||||
}
|
||||
8
java/ql/test/stubs/mockito-5.14/org/mockito/plugins/MockMaker.java
generated
Normal file
8
java/ql/test/stubs/mockito-5.14/org/mockito/plugins/MockMaker.java
generated
Normal file
@@ -0,0 +1,8 @@
|
||||
package org.mockito.plugins;
|
||||
|
||||
import org.mockito.mock.MockCreationSettings;
|
||||
import org.mockito.invocation.MockHandler;
|
||||
|
||||
public interface MockMaker {
|
||||
<T> T createMock(MockCreationSettings<T> settings, MockHandler handler);
|
||||
}
|
||||
7
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/Answer.java
generated
Normal file
7
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/Answer.java
generated
Normal file
@@ -0,0 +1,7 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.stubbing;
|
||||
|
||||
public interface Answer<T> { }
|
||||
9
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/OngoingStubbing.java
generated
Normal file
9
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/OngoingStubbing.java
generated
Normal file
@@ -0,0 +1,9 @@
|
||||
/*
|
||||
* Copyright (c) 2007 Mockito contributors
|
||||
* This program is made available under the terms of the MIT License.
|
||||
*/
|
||||
package org.mockito.stubbing;
|
||||
|
||||
public interface OngoingStubbing<T> {
|
||||
OngoingStubbing<T> thenReturn(T value);
|
||||
}
|
||||
5
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/Stubber.java
generated
Normal file
5
java/ql/test/stubs/mockito-5.14/org/mockito/stubbing/Stubber.java
generated
Normal file
@@ -0,0 +1,5 @@
|
||||
package org.mockito.stubbing;
|
||||
|
||||
public interface Stubber {
|
||||
<T> T when(T mock);
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Removed `libxmljs` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/GNOME/libxml2/blob/0c948334a8f5c66d50e9f8992e62998017dc4fc6/NEWS#L905-L908) that prevents XML bomb attacks.
|
||||
@@ -49,9 +49,7 @@ module XML {
|
||||
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
|
||||
|
||||
override predicate resolvesEntities(EntityKind kind) {
|
||||
// internal entities are always resolved
|
||||
kind = InternalEntity()
|
||||
or
|
||||
not kind = InternalEntity() and
|
||||
// other entities are only resolved if the configuration option `noent` is set to `true`
|
||||
exists(JS::Expr noent |
|
||||
this.hasOptionArgument(1, "noent", noent) and
|
||||
@@ -126,8 +124,9 @@ module XML {
|
||||
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
|
||||
|
||||
override predicate resolvesEntities(EntityKind kind) {
|
||||
// entities are resolved by default
|
||||
any()
|
||||
// SAX parsers in libxmljs also inherit libxml2's protection against XML bombs
|
||||
kind = ExternalEntity(_) or
|
||||
kind = ParameterEntity(true)
|
||||
}
|
||||
|
||||
override DataFlow::Node getAResult() {
|
||||
@@ -149,8 +148,9 @@ module XML {
|
||||
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
|
||||
|
||||
override predicate resolvesEntities(EntityKind kind) {
|
||||
// entities are resolved by default
|
||||
any()
|
||||
// SAX push parsers in libxmljs also inherit libxml2's protection against XML bombs
|
||||
kind = ExternalEntity(_) or
|
||||
kind = ParameterEntity(true)
|
||||
}
|
||||
|
||||
override DataFlow::Node getAResult() {
|
||||
|
||||
@@ -58,9 +58,11 @@ predicate parseTypeString(string rawType, string package, string qualifiedName)
|
||||
predicate isPackageUsed(string package) {
|
||||
package = "global"
|
||||
or
|
||||
package = any(JS::Import imp).getImportedPathString()
|
||||
// To simplify which dependencies are needed to construct DataFlow::Node, we don't want to rely on `Import` here.
|
||||
// Just check all string literals.
|
||||
package = any(JS::Expr imp).getStringValue()
|
||||
or
|
||||
any(JS::TypeAnnotation t).hasUnderlyingType(package, _)
|
||||
package = any(JS::StringLiteralTypeExpr t).getValue() // Can be used in `import("foo")`
|
||||
or
|
||||
exists(JS::PackageJson json | json.getPackageName() = package)
|
||||
}
|
||||
|
||||
@@ -5,10 +5,6 @@
|
||||
| domparser.js:11:57:11:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:57:11:59 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | expat.js:6:16:6:36 | req.par ... e-xml") | user-provided value |
|
||||
| jquery.js:4:14:4:16 | src | jquery.js:2:13:2:36 | documen ... .search | jquery.js:4:14:4:16 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | jquery.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| libxml.js:5:21:5:41 | req.par ... e-xml") | libxml.js:5:21:5:41 | req.par ... e-xml") | libxml.js:5:21:5:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.js:5:21:5:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |
|
||||
edges
|
||||
| closure.js:2:7:2:36 | src | closure.js:3:24:3:26 | src | provenance | |
|
||||
| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | provenance | |
|
||||
@@ -31,8 +27,4 @@ nodes
|
||||
| jquery.js:2:7:2:36 | src | semmle.label | src |
|
||||
| jquery.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| jquery.js:4:14:4:16 | src | semmle.label | src |
|
||||
| libxml.js:5:21:5:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
subpaths
|
||||
|
||||
@@ -2,5 +2,5 @@ const express = require('express');
|
||||
const libxmljs = require('libxmljs');
|
||||
|
||||
express().get('/some/path', function(req) {
|
||||
libxmljs.parseXml(req.param("some-xml")); // $ Alert - libxml expands internal general entities by default
|
||||
libxmljs.parseXml(req.param("some-xml"));
|
||||
});
|
||||
|
||||
@@ -2,5 +2,5 @@ const express = require('express');
|
||||
const libxmljs = require('libxmljs');
|
||||
|
||||
express().get('/some/path', function(req) {
|
||||
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert - unguarded entity expansion
|
||||
libxmljs.parseXml(req.param("some-xml"), { noent: true });
|
||||
});
|
||||
|
||||
@@ -3,5 +3,5 @@ const libxmljs = require('libxmljs');
|
||||
|
||||
express().get('/some/path', function(req) {
|
||||
const parser = new libxmljs.SaxParser();
|
||||
parser.parseString(req.param("some-xml")); // $ Alert - the SAX parser expands external entities by default
|
||||
parser.parseString(req.param("some-xml"));
|
||||
});
|
||||
|
||||
@@ -3,5 +3,5 @@ const libxmljs = require('libxmljs');
|
||||
|
||||
express().get('/some/path', function(req) {
|
||||
const parser = new libxmljs.SaxPushParser();
|
||||
parser.push(req.param("some-xml")); // $ Alert - the SAX parser expands external entities by default
|
||||
parser.push(req.param("some-xml"));
|
||||
});
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrNotEquals.ql
|
||||
ql/python/ql/src/Classes/Comparisons/IncompleteOrdering.ql
|
||||
ql/python/ql/src/Classes/ConflictingAttributesInBaseClasses.ql
|
||||
ql/python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
|
||||
ql/python/ql/src/Classes/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/InconsistentMRO.ql
|
||||
ql/python/ql/src/Classes/InitCallsSubclass/InitCallsSubclassMethod.ql
|
||||
ql/python/ql/src/Classes/MissingCallToDel.ql
|
||||
ql/python/ql/src/Classes/MissingCallToInit.ql
|
||||
ql/python/ql/src/Classes/MutatingDescriptor.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
|
||||
ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql
|
||||
ql/python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrNotEquals.ql
|
||||
ql/python/ql/src/Classes/Comparisons/IncompleteOrdering.ql
|
||||
ql/python/ql/src/Classes/ConflictingAttributesInBaseClasses.ql
|
||||
ql/python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
|
||||
ql/python/ql/src/Classes/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/InconsistentMRO.ql
|
||||
ql/python/ql/src/Classes/InitCallsSubclass/InitCallsSubclassMethod.ql
|
||||
ql/python/ql/src/Classes/MissingCallToDel.ql
|
||||
ql/python/ql/src/Classes/MissingCallToInit.ql
|
||||
ql/python/ql/src/Classes/MutatingDescriptor.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
|
||||
ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql
|
||||
ql/python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/Comparisons/EqualsOrNotEquals.ql
|
||||
ql/python/ql/src/Classes/Comparisons/IncompleteOrdering.ql
|
||||
ql/python/ql/src/Classes/ConflictingAttributesInBaseClasses.ql
|
||||
ql/python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
|
||||
ql/python/ql/src/Classes/EqualsOrHash.ql
|
||||
ql/python/ql/src/Classes/EqualsOrNotEquals.ql
|
||||
ql/python/ql/src/Classes/IncompleteOrdering.ql
|
||||
ql/python/ql/src/Classes/InconsistentMRO.ql
|
||||
ql/python/ql/src/Classes/InitCallsSubclass/InitCallsSubclassMethod.ql
|
||||
ql/python/ql/src/Classes/MissingCallToDel.ql
|
||||
@@ -11,7 +11,7 @@ ql/python/ql/src/Classes/MutatingDescriptor.ql
|
||||
ql/python/ql/src/Classes/OverwritingAttributeInSuperClass.ql
|
||||
ql/python/ql/src/Classes/PropertyInOldStyleClass.ql
|
||||
ql/python/ql/src/Classes/SlotsInOldStyleClass.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql
|
||||
ql/python/ql/src/Classes/SuperInOldStyleClass.ql
|
||||
ql/python/ql/src/Classes/SuperclassDelCalledMultipleTimes.ql
|
||||
ql/python/ql/src/Classes/SuperclassInitCalledMultipleTimes.ql
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.
|
||||
@@ -91,6 +91,12 @@ class Class extends Class_, Scope, AstNode {
|
||||
/** Gets a method defined in this class */
|
||||
Function getAMethod() { result.getScope() = this }
|
||||
|
||||
/** Gets the method defined in this class with the specified name, if any. */
|
||||
Function getMethod(string name) {
|
||||
result = this.getAMethod() and
|
||||
result.getName() = name
|
||||
}
|
||||
|
||||
override Location getLocation() { py_scope_location(result, this) }
|
||||
|
||||
/** Gets the scope (module, class or function) in which this class is defined */
|
||||
|
||||
@@ -129,11 +129,6 @@ module Lxml {
|
||||
any(True t)
|
||||
)
|
||||
or
|
||||
kind.isXmlBomb() and
|
||||
this.getKeywordParameter("huge_tree").getAValueReachingSink().asExpr() = any(True t) and
|
||||
not this.getKeywordParameter("resolve_entities").getAValueReachingSink().asExpr() =
|
||||
any(False t)
|
||||
or
|
||||
kind.isDtdRetrieval() and
|
||||
this.getKeywordParameter("load_dtd").getAValueReachingSink().asExpr() = any(True t) and
|
||||
this.getKeywordParameter("no_network").getAValueReachingSink().asExpr() = any(False t)
|
||||
@@ -305,9 +300,8 @@ module Lxml {
|
||||
// note that there is no `resolve_entities` argument, so it's not possible to turn off XXE :O
|
||||
kind.isXxe()
|
||||
or
|
||||
kind.isXmlBomb() and
|
||||
this.getKeywordParameter("huge_tree").getAValueReachingSink().asExpr() = any(True t)
|
||||
or
|
||||
// libxml2 has built-in protection against XML bombs via entity reference loop detection,
|
||||
// so lxml is not vulnerable to XML bomb attacks.
|
||||
kind.isDtdRetrieval() and
|
||||
this.getKeywordParameter("load_dtd").getAValueReachingSink().asExpr() = any(True t) and
|
||||
this.getKeywordParameter("no_network").getAValueReachingSink().asExpr() = any(False t)
|
||||
|
||||
44
python/ql/src/Classes/Comparisons/EqualsOrHash.qhelp
Normal file
44
python/ql/src/Classes/Comparisons/EqualsOrHash.qhelp
Normal file
@@ -0,0 +1,44 @@
|
||||
<!DOCTYPE qhelp PUBLIC
|
||||
"-//Semmle//qhelp//EN"
|
||||
"qhelp.dtd">
|
||||
<qhelp>
|
||||
|
||||
<overview>
|
||||
<p>A hashable class has an <code>__eq__</code> method, and a <code>__hash__</code> method that agrees with equality.
|
||||
When a hash method is defined, an equality method should also be defined; otherwise object identity is used for equality comparisons
|
||||
which may not be intended.
|
||||
</p>
|
||||
|
||||
<p>Note that defining an <code>__eq__</code> method without defining a <code>__hash__</code> method automatically makes the class unhashable in Python 3.
|
||||
(even if a superclass defines a hash method).</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
|
||||
<p>
|
||||
If a <code>__hash__</code> method is defined, ensure a compatible <code>__eq__</code> method is also defined.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
To explicitly declare a class as unhashable, set <code>__hash__ = None</code>, rather than defining a <code>__hash__</code> method that always
|
||||
raises an exception. Otherwise, the class would be incorrectly identified as hashable by an <code>isinstance(obj, collections.abc.Hashable)</code> call.
|
||||
</p>
|
||||
|
||||
</recommendation>
|
||||
<example>
|
||||
<p>In the following example, the <code>A</code> class defines an hash method but
|
||||
no equality method. Equality will be determined by object identity, which may not be the expected behaviour.
|
||||
</p>
|
||||
|
||||
<sample src="examples/EqualsOrHash.py" />
|
||||
|
||||
</example>
|
||||
<references>
|
||||
|
||||
|
||||
<li>Python Language Reference: <a href="http://docs.python.org/reference/datamodel.html#object.__hash__">object.__hash__</a>.</li>
|
||||
<li>Python Glossary: <a href="http://docs.python.org/3/glossary.html#term-hashable">hashable</a>.</li>
|
||||
|
||||
|
||||
</references>
|
||||
</qhelp>
|
||||
26
python/ql/src/Classes/Comparisons/EqualsOrHash.ql
Normal file
26
python/ql/src/Classes/Comparisons/EqualsOrHash.ql
Normal file
@@ -0,0 +1,26 @@
|
||||
/**
|
||||
* @name Inconsistent equality and hashing
|
||||
* @description Defining a hash operation without defining equality may be a mistake.
|
||||
* @kind problem
|
||||
* @tags quality
|
||||
* reliability
|
||||
* correctness
|
||||
* external/cwe/cwe-581
|
||||
* @problem.severity warning
|
||||
* @sub-severity high
|
||||
* @precision very-high
|
||||
* @id py/equals-hash-mismatch
|
||||
*/
|
||||
|
||||
import python
|
||||
|
||||
predicate missingEquality(Class cls, Function defined) {
|
||||
defined = cls.getMethod("__hash__") and
|
||||
not exists(cls.getMethod("__eq__"))
|
||||
// In python 3, the case of defined eq without hash automatically makes the class unhashable (even if a superclass defined hash)
|
||||
// So this is not an issue.
|
||||
}
|
||||
|
||||
from Class cls, Function defined
|
||||
where missingEquality(cls, defined)
|
||||
select cls, "This class implements $@, but does not implement __eq__.", defined, defined.getName()
|
||||
53
python/ql/src/Classes/Comparisons/EqualsOrNotEquals.qhelp
Normal file
53
python/ql/src/Classes/Comparisons/EqualsOrNotEquals.qhelp
Normal file
@@ -0,0 +1,53 @@
|
||||
<!DOCTYPE qhelp PUBLIC
|
||||
"-//Semmle//qhelp//EN"
|
||||
"qhelp.dtd">
|
||||
<qhelp>
|
||||
|
||||
<overview>
|
||||
<p>In order to ensure the <code>==</code> and <code>!=</code> operators behave consistently as expected (i.e. they should be negations of each other), care should be taken when implementing the
|
||||
<code>__eq__</code> and <code>__ne__</code> special methods.</p>
|
||||
|
||||
<p>In Python 3, if the <code>__eq__</code> method is defined in a class while the <code>__ne__</code> is not,
|
||||
then the <code>!=</code> operator will automatically delegate to the <code>__eq__</code> method in the expected way.
|
||||
</p>
|
||||
|
||||
<p>However, if the <code>__ne__</code> method is defined without a corresponding <code>__eq__</code> method,
|
||||
the <code>==</code> operator will still default to object identity (equivalent to the <code>is</code> operator), while the <code>!=</code>
|
||||
operator will use the <code>__ne__</code> method, which may be inconsistent.
|
||||
</p>
|
||||
|
||||
<p>Additionally, if the <code>__ne__</code> method is defined on a superclass, and the subclass defines its own <code>__eq__</code> method without overriding
|
||||
the superclass <code>__ne__</code> method, the <code>!=</code> operator will use this superclass <code>__ne__</code> method, rather than automatically delegating
|
||||
to <code>__eq__</code>, which may be incorrect.
|
||||
</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
|
||||
<p>Ensure that when an <code>__ne__</code> method is defined, the <code>__eq__</code> method is also defined, and their results are consistent.
|
||||
In most cases, the <code>__ne__</code> method does not need to be defined at all, as the default behavior is to delegate to <code>__eq__</code> and negate the result. </p>
|
||||
|
||||
</recommendation>
|
||||
<example>
|
||||
<p>In the following example, <code>A</code> defines a <code>__ne__</code> method, but not an <code>__eq__</code> method.
|
||||
This leads to inconsistent results between equality and inequality operators.
|
||||
</p>
|
||||
|
||||
<sample src="examples/EqualsOrNotEquals1.py" />
|
||||
|
||||
<p>In the following example, <code>C</code> defines an <code>__eq__</code> method, but its <code>__ne__</code> implementation is inherited from <code>B</code>,
|
||||
which is not consistent with the equality operation.
|
||||
</p>
|
||||
|
||||
<sample src="examples/EqualsOrNotEquals2.py" />
|
||||
|
||||
</example>
|
||||
<references>
|
||||
|
||||
|
||||
<li>Python Language Reference: <a href="http://docs.python.org/3/reference/datamodel.html#object.__ne__">object.__ne__</a>,
|
||||
<a href="http://docs.python.org/3/reference/expressions.html#comparisons">Comparisons</a>.</li>
|
||||
|
||||
|
||||
</references>
|
||||
</qhelp>
|
||||
37
python/ql/src/Classes/Comparisons/EqualsOrNotEquals.ql
Normal file
37
python/ql/src/Classes/Comparisons/EqualsOrNotEquals.ql
Normal file
@@ -0,0 +1,37 @@
|
||||
/**
|
||||
* @name Inconsistent equality and inequality
|
||||
* @description Class definitions of equality and inequality operators may be inconsistent.
|
||||
* @kind problem
|
||||
* @tags quality
|
||||
* reliability
|
||||
* correctness
|
||||
* @problem.severity warning
|
||||
* @sub-severity high
|
||||
* @precision very-high
|
||||
* @id py/inconsistent-equality
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.dataflow.new.internal.DataFlowDispatch
|
||||
import Classes.Equality
|
||||
|
||||
predicate missingEquality(Class cls, Function defined, string missing) {
|
||||
defined = cls.getMethod("__ne__") and
|
||||
not exists(cls.getMethod("__eq__")) and
|
||||
missing = "__eq__"
|
||||
or
|
||||
// In python 3, __ne__ automatically delegates to __eq__ if its not defined in the hierarchy
|
||||
// However if it is defined in a superclass (and isn't a delegation method) then it will use the superclass method (which may be incorrect)
|
||||
defined = cls.getMethod("__eq__") and
|
||||
not exists(cls.getMethod("__ne__")) and
|
||||
exists(Function neMeth |
|
||||
neMeth = getADirectSuperclass+(cls).getMethod("__ne__") and
|
||||
not neMeth instanceof DelegatingEqualityMethod
|
||||
) and
|
||||
missing = "__ne__"
|
||||
}
|
||||
|
||||
from Class cls, Function defined, string missing
|
||||
where missingEquality(cls, defined, missing)
|
||||
select cls, "This class implements $@, but does not implement " + missing + ".", defined,
|
||||
defined.getName()
|
||||
38
python/ql/src/Classes/Comparisons/IncompleteOrdering.qhelp
Normal file
38
python/ql/src/Classes/Comparisons/IncompleteOrdering.qhelp
Normal file
@@ -0,0 +1,38 @@
|
||||
<!DOCTYPE qhelp PUBLIC
|
||||
"-//Semmle//qhelp//EN"
|
||||
"qhelp.dtd">
|
||||
<qhelp>
|
||||
<overview>
|
||||
<p> A class that implements the rich comparison operators
|
||||
(<code>__lt__</code>, <code>__gt__</code>, <code>__le__</code>, or <code>__ge__</code>) should ensure that all four
|
||||
comparison operations <code><</code>, <code><=</code>, <code>></code>, and <code>>=</code> function as expected, consistent
|
||||
with expected mathematical rules.
|
||||
In Python 3, this is ensured by implementing one of <code>__lt__</code> or <code>__gt__</code>, and one of <code>__le__</code> or <code>__ge__</code>.
|
||||
If the ordering is not consistent with default equality, then <code>__eq__</code> should also be implemented.
|
||||
</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
<p>Ensure that at least one of <code>__lt__</code> or <code>__gt__</code> and at least one of <code>__le__</code> or <code>__ge__</code> is defined.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The <code>functools.total_ordering</code> class decorator can be used to automatically implement all four comparison methods from a
|
||||
single one,
|
||||
which is typically the cleanest way to ensure all necessary comparison methods are implemented consistently.</p>
|
||||
|
||||
</recommendation>
|
||||
<example>
|
||||
<p>In the following example, only the <code>__lt__</code> operator has been implemented, which would lead to unexpected
|
||||
errors if the <code><=</code> or <code>>=</code> operators are used on <code>A</code> instances.
|
||||
The <code>__le__</code> method should also be defined, as well as <code>__eq__</code> in this case.</p>
|
||||
<sample src="examples/IncompleteOrdering.py" />
|
||||
|
||||
</example>
|
||||
<references>
|
||||
|
||||
<li>Python Language Reference: <a href="http://docs.python.org/3/reference/datamodel.html#object.__lt__">Rich comparisons in Python</a>.</li>
|
||||
|
||||
|
||||
</references>
|
||||
</qhelp>
|
||||
55
python/ql/src/Classes/Comparisons/IncompleteOrdering.ql
Normal file
55
python/ql/src/Classes/Comparisons/IncompleteOrdering.ql
Normal file
@@ -0,0 +1,55 @@
|
||||
/**
|
||||
* @name Incomplete ordering
|
||||
* @description Class defines ordering comparison methods, but does not define both strict and nonstrict ordering methods, to ensure all four comparison operators behave as expected.
|
||||
* @kind problem
|
||||
* @tags quality
|
||||
* reliability
|
||||
* correctness
|
||||
* @problem.severity warning
|
||||
* @sub-severity low
|
||||
* @precision very-high
|
||||
* @id py/incomplete-ordering
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.dataflow.new.internal.DataFlowDispatch
|
||||
import semmle.python.ApiGraphs
|
||||
|
||||
/** Holds if `cls` has the `functools.total_ordering` decorator. */
|
||||
predicate totalOrdering(Class cls) {
|
||||
API::moduleImport("functools")
|
||||
.getMember("total_ordering")
|
||||
.asSource()
|
||||
.flowsTo(DataFlow::exprNode(cls.getADecorator()))
|
||||
}
|
||||
|
||||
predicate definesStrictOrdering(Class cls, Function meth) {
|
||||
meth = cls.getMethod("__lt__")
|
||||
or
|
||||
not exists(cls.getMethod("__lt__")) and
|
||||
meth = cls.getMethod("__gt__")
|
||||
}
|
||||
|
||||
predicate definesNonStrictOrdering(Class cls, Function meth) {
|
||||
meth = cls.getMethod("__le__")
|
||||
or
|
||||
not exists(cls.getMethod("__le__")) and
|
||||
meth = cls.getMethod("__ge__")
|
||||
}
|
||||
|
||||
predicate missingComparison(Class cls, Function defined, string missing) {
|
||||
definesStrictOrdering(cls, defined) and
|
||||
not definesNonStrictOrdering(getADirectSuperclass*(cls), _) and
|
||||
missing = "__le__ or __ge__"
|
||||
or
|
||||
definesNonStrictOrdering(cls, defined) and
|
||||
not definesStrictOrdering(getADirectSuperclass*(cls), _) and
|
||||
missing = "__lt__ or __gt__"
|
||||
}
|
||||
|
||||
from Class cls, Function defined, string missing
|
||||
where
|
||||
not totalOrdering(cls) and
|
||||
missingComparison(cls, defined, missing)
|
||||
select cls, "This class implements $@, but does not implement " + missing + ".", defined,
|
||||
defined.getName()
|
||||
@@ -0,0 +1,8 @@
|
||||
class A:
|
||||
def __init__(self, a, b):
|
||||
self.a = a
|
||||
self.b = b
|
||||
|
||||
# No equality method is defined
|
||||
def __hash__(self):
|
||||
return hash((self.a, self.b))
|
||||
@@ -0,0 +1,15 @@
|
||||
class A:
|
||||
def __init__(self, a):
|
||||
self.a = a
|
||||
|
||||
# BAD: ne is defined, but not eq.
|
||||
def __ne__(self, other):
|
||||
if not isinstance(other, A):
|
||||
return NotImplemented
|
||||
return self.a != other.a
|
||||
|
||||
x = A(1)
|
||||
y = A(1)
|
||||
|
||||
print(x == y) # Prints False (potentially unexpected - object identity is used)
|
||||
print(x != y) # Prints False
|
||||
@@ -0,0 +1,21 @@
|
||||
class B:
|
||||
def __init__(self, b):
|
||||
self.b = b
|
||||
|
||||
def __eq__(self, other):
|
||||
return self.b == other.b
|
||||
|
||||
def __ne__(self, other):
|
||||
return self.b != other.b
|
||||
|
||||
class C(B):
|
||||
def __init__(self, b, c):
|
||||
super().__init__(b)
|
||||
self.c = c
|
||||
|
||||
# BAD: eq is defined, but != will use superclass ne method, which is not consistent
|
||||
def __eq__(self, other):
|
||||
return self.b == other.b and self.c == other.c
|
||||
|
||||
print(C(1,2) == C(1,3)) # Prints False
|
||||
print(C(1,2) != C(1,3)) # Prints False (potentially unexpected)
|
||||
@@ -0,0 +1,8 @@
|
||||
class A:
|
||||
def __init__(self, i):
|
||||
self.i = i
|
||||
|
||||
# BAD: le is not defined, so `A(1) <= A(2)` would result in an error.
|
||||
def __lt__(self, other):
|
||||
return self.i < other.i
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
/** Utility definitions for reasoning about equality methods. */
|
||||
|
||||
import python
|
||||
import semmle.python.dataflow.new.DataFlow
|
||||
|
||||
private Attribute dictAccess(LocalVariable var) {
|
||||
result.getName() = "__dict__" and
|
||||
@@ -59,16 +62,28 @@ class IdentityEqMethod extends Function {
|
||||
/** An (in)equality method that delegates to its complement */
|
||||
class DelegatingEqualityMethod extends Function {
|
||||
DelegatingEqualityMethod() {
|
||||
exists(Return ret, UnaryExpr not_, Compare comp, Cmpop op, Parameter p0, Parameter p1 |
|
||||
exists(Return ret, UnaryExpr not_, Expr comp, Parameter p0, Parameter p1 |
|
||||
ret.getScope() = this and
|
||||
ret.getValue() = not_ and
|
||||
not_.getOp() instanceof Not and
|
||||
not_.getOperand() = comp and
|
||||
comp.compares(p0.getVariable().getAnAccess(), op, p1.getVariable().getAnAccess())
|
||||
not_.getOperand() = comp
|
||||
|
|
||||
this.getName() = "__eq__" and op instanceof NotEq
|
||||
exists(Cmpop op |
|
||||
comp.(Compare).compares(p0.getVariable().getAnAccess(), op, p1.getVariable().getAnAccess())
|
||||
|
|
||||
this.getName() = "__eq__" and op instanceof NotEq
|
||||
or
|
||||
this.getName() = "__ne__" and op instanceof Eq
|
||||
)
|
||||
or
|
||||
this.getName() = "__ne__" and op instanceof Eq
|
||||
exists(DataFlow::MethodCallNode call, string name |
|
||||
call.calls(DataFlow::exprNode(p0.getVariable().getAnAccess()), name) and
|
||||
call.getArg(0).asExpr() = p1.getVariable().getAnAccess()
|
||||
|
|
||||
this.getName() = "__eq__" and name = "__ne__"
|
||||
or
|
||||
this.getName() = "__ne__" and name = "__eq__"
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,52 +0,0 @@
|
||||
# Incorrect: equality method defined but class contains no hash method
|
||||
class Point(object):
|
||||
|
||||
def __init__(self, x, y):
|
||||
self._x = x
|
||||
self._y = y
|
||||
|
||||
def __repr__(self):
|
||||
return 'Point(%r, %r)' % (self._x, self._y)
|
||||
|
||||
def __eq__(self, other):
|
||||
if not isinstance(other, Point):
|
||||
return False
|
||||
return self._x == other._x and self._y == other._y
|
||||
|
||||
|
||||
# Improved: equality and hash method defined (inequality method still missing)
|
||||
class PointUpdated(object):
|
||||
|
||||
def __init__(self, x, y):
|
||||
self._x = x
|
||||
self._y = y
|
||||
|
||||
def __repr__(self):
|
||||
return 'Point(%r, %r)' % (self._x, self._y)
|
||||
|
||||
def __eq__(self, other):
|
||||
if not isinstance(other, Point):
|
||||
return False
|
||||
return self._x == other._x and self._y == other._y
|
||||
|
||||
def __hash__(self):
|
||||
return hash(self._x) ^ hash(self._y)
|
||||
|
||||
# Improved: equality method defined and class instances made unhashable
|
||||
class UnhashablePoint(object):
|
||||
|
||||
def __init__(self, x, y):
|
||||
self._x = x
|
||||
self._y = y
|
||||
|
||||
def __repr__(self):
|
||||
return 'Point(%r, %r)' % (self._x, self._y)
|
||||
|
||||
def __eq__(self, other):
|
||||
if not isinstance(other, Point):
|
||||
return False
|
||||
return self._x == other._x and self._y == other._y
|
||||
|
||||
#Tell the interpreter that instances of this class cannot be hashed
|
||||
__hash__ = None
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
<!DOCTYPE qhelp PUBLIC
|
||||
"-//Semmle//qhelp//EN"
|
||||
"qhelp.dtd">
|
||||
<qhelp>
|
||||
|
||||
<overview>
|
||||
<p>In order to conform to the object model, classes that define their own equality method should also
|
||||
define their own hash method, or be unhashable. If the hash method is not defined then the <code>hash</code> of the
|
||||
super class is used. This is unlikely to result in the expected behavior.</p>
|
||||
|
||||
<p>A class can be made unhashable by setting its <code>__hash__</code> attribute to <code>None</code>.</p>
|
||||
|
||||
<p>In Python 3, if you define a class-level equality method and omit a <code>__hash__</code> method
|
||||
then the class is automatically marked as unhashable.</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
|
||||
<p>When you define an <code>__eq__</code> method for a class, remember to implement a <code>__hash__</code> method or set
|
||||
<code>__hash__ = None</code>.</p>
|
||||
|
||||
</recommendation>
|
||||
<example>
|
||||
<p>In the following example the <code>Point</code> class defines an equality method but
|
||||
no hash method. If hash is called on this class then the hash method defined for <code>object</code>
|
||||
is used. This is unlikely to give the required behavior. The <code>PointUpdated</code> class
|
||||
is better as it defines both an equality and a hash method.
|
||||
If <code>Point</code> was not to be used in <code>dict</code>s or <code>set</code>s, then it could be defined as
|
||||
<code>UnhashablePoint</code> below.
|
||||
</p>
|
||||
<p>
|
||||
To comply fully with the object model this class should also define an inequality method (identified
|
||||
by a separate rule).</p>
|
||||
|
||||
<sample src="EqualsOrHash.py" />
|
||||
|
||||
</example>
|
||||
<references>
|
||||
|
||||
|
||||
<li>Python Language Reference: <a href="http://docs.python.org/reference/datamodel.html#object.__hash__">object.__hash__</a>.</li>
|
||||
<li>Python Glossary: <a href="http://docs.python.org/2/glossary.html#term-hashable">hashable</a>.</li>
|
||||
|
||||
|
||||
</references>
|
||||
</qhelp>
|
||||
@@ -1,63 +0,0 @@
|
||||
/**
|
||||
* @name Inconsistent equality and hashing
|
||||
* @description Defining equality for a class without also defining hashability (or vice-versa) violates the object model.
|
||||
* @kind problem
|
||||
* @tags quality
|
||||
* reliability
|
||||
* correctness
|
||||
* external/cwe/cwe-581
|
||||
* @problem.severity warning
|
||||
* @sub-severity high
|
||||
* @precision very-high
|
||||
* @id py/equals-hash-mismatch
|
||||
*/
|
||||
|
||||
import python
|
||||
|
||||
CallableValue defines_equality(ClassValue c, string name) {
|
||||
(
|
||||
name = "__eq__"
|
||||
or
|
||||
major_version() = 2 and name = "__cmp__"
|
||||
) and
|
||||
result = c.declaredAttribute(name)
|
||||
}
|
||||
|
||||
CallableValue implemented_method(ClassValue c, string name) {
|
||||
result = defines_equality(c, name)
|
||||
or
|
||||
result = c.declaredAttribute("__hash__") and name = "__hash__"
|
||||
}
|
||||
|
||||
string unimplemented_method(ClassValue c) {
|
||||
not exists(defines_equality(c, _)) and
|
||||
(
|
||||
result = "__eq__" and major_version() = 3
|
||||
or
|
||||
major_version() = 2 and result = "__eq__ or __cmp__"
|
||||
)
|
||||
or
|
||||
/* Python 3 automatically makes classes unhashable if __eq__ is defined, but __hash__ is not */
|
||||
not c.declaresAttribute(result) and result = "__hash__" and major_version() = 2
|
||||
}
|
||||
|
||||
/** Holds if this class is unhashable */
|
||||
predicate unhashable(ClassValue cls) {
|
||||
cls.lookup("__hash__") = Value::named("None")
|
||||
or
|
||||
cls.lookup("__hash__").(CallableValue).neverReturns()
|
||||
}
|
||||
|
||||
predicate violates_hash_contract(ClassValue c, string present, string missing, Value method) {
|
||||
not unhashable(c) and
|
||||
missing = unimplemented_method(c) and
|
||||
method = implemented_method(c, present) and
|
||||
not c.failedInference(_)
|
||||
}
|
||||
|
||||
from ClassValue c, string present, string missing, CallableValue method
|
||||
where
|
||||
violates_hash_contract(c, present, missing, method) and
|
||||
exists(c.getScope()) // Suppress results that aren't from source
|
||||
select method, "Class $@ implements " + present + " but does not define " + missing + ".", c,
|
||||
c.getName()
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user