From a20ca78599ecb6736c67a7714326eb86fdaf0e11 Mon Sep 17 00:00:00 2001 From: amammad Date: Fri, 22 Sep 2023 19:23:34 +1000 Subject: [PATCH 01/38] V1 --- javascript/ql/lib/javascript.qll | 1 + .../semmle/javascript/frameworks/Execa.qll | 234 ++++++++++++++++++ .../frameworks/Execa/Execa.expected | 68 +++++ .../library-tests/frameworks/Execa/Execa.ql | 12 + .../library-tests/frameworks/Execa/tst.js | 49 ++++ 5 files changed, 364 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/frameworks/Execa.qll create mode 100644 javascript/ql/test/library-tests/frameworks/Execa/Execa.expected create mode 100644 javascript/ql/test/library-tests/frameworks/Execa/Execa.ql create mode 100644 javascript/ql/test/library-tests/frameworks/Execa/tst.js diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index 07fb759bd65..238bd870a90 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -123,6 +123,7 @@ import semmle.javascript.frameworks.Request import semmle.javascript.frameworks.RxJS import semmle.javascript.frameworks.ServerLess import semmle.javascript.frameworks.ShellJS +import semmle.javascript.frameworks.Execa import semmle.javascript.frameworks.Snapdragon import semmle.javascript.frameworks.SystemCommandExecutors import semmle.javascript.frameworks.SQL diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll new file mode 100644 index 00000000000..fe654a287f5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -0,0 +1,234 @@ +/** + * Models the `execa` library in terms of `FileSystemAccess` and `SystemCommandExecution`. + */ + +import javascript +import semmle.javascript.security.dataflow.RequestForgeryCustomizations +import semmle.javascript.security.dataflow.UrlConcatenation + +/** + * Provide model for [Execa](https://github.com/sindresorhus/execa) package + */ +module Execa { + /** + * The Execa input file option + */ + class ExecaRead extends FileSystemReadAccess, DataFlow::Node { + API::Node execaNode; + + ExecaRead() { + ( + execaNode = API::moduleImport("execa").getMember("$").getParameter(0) + or + execaNode = + API::moduleImport("execa") + .getMember(["execa", "execaCommand", "execaCommandSync", "execaSync"]) + .getParameter([0, 1, 2]) + ) and + this = execaNode.asSink() + } + + // data is the output of a command so IDK how it can be implemented + override DataFlow::Node getADataNode() { none() } + + override DataFlow::Node getAPathArgument() { + result = execaNode.getMember("inputFile").asSink() + } + } + + /** + * A call to `execa.execa` or `execa.execaSync` + */ + class ExecaCall extends API::CallNode { + string name; + + ExecaCall() { + this = API::moduleImport("execa").getMember("execa").getACall() and + name = "execa" + or + this = API::moduleImport("execa").getMember("execaSync").getACall() and + name = "execaSync" + } + + /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ + string getName() { result = name } + } + + /** + * The system command execution nodes for `execa.execa` or `execa.execaSync` functions + */ + class ExecaExec extends SystemCommandExecution, ExecaCall { + ExecaExec() { name = ["execa", "execaSync"] } + + override DataFlow::Node getACommandArgument() { result = this.getArgument(0) } + + override predicate isShellInterpreted(DataFlow::Node arg) { + // if shell: true then first and second args are sinks + // options can be third argument + arg = [this.getArgument(0), this.getParameter(1).getUnknownMember().asSink()] and + isExecaShellEnable(this.getParameter(2)) + or + // options can be second argument + arg = this.getArgument(0) and + isExecaShellEnable(this.getParameter(1)) + } + + override predicate isSync() { name = "execaSync" } + + override DataFlow::Node getOptionsArg() { + result = this.getLastArgument() and result.asExpr() instanceof ObjectExpr + } + } + + /** + * A call to `execa.$` or `execa.$.sync` tag functions + */ + private class ExecaScriptExpr extends DataFlow::ExprNode { + string name; + + ExecaScriptExpr() { + this.asExpr() = + [ + API::moduleImport("execa").getMember("$"), + API::moduleImport("execa").getMember("$").getReturn() + ].getAValueReachableFromSource().asExpr() and + name = "ASync" + or + this.asExpr() = + [ + API::moduleImport("execa").getMember("$").getMember("sync"), + API::moduleImport("execa").getMember("$").getMember("sync").getReturn() + ].getAValueReachableFromSource().asExpr() and + name = "Sync" + } + + /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ + string getName() { result = name } + } + + /** + * The system command execution nodes for `execa.$` or `execa.$.sync` tag functions + */ + class ExecaScriptEec extends SystemCommandExecution, ExecaScriptExpr { + ExecaScriptEec() { name = ["Sync", "ASync"] } + + override DataFlow::Node getACommandArgument() { + result.asExpr() = templateLiteralChildAsSink(this.asExpr()).getChildExpr(0) + } + + override predicate isShellInterpreted(DataFlow::Node arg) { + // $({shell: true})`${sink} ${sink} .. ${sink}` + // ISSUE: $`cmd args` I can't reach the tag function argument easily + exists(TemplateLiteral tmpL | templateLiteralChildAsSink(this.asExpr()) = tmpL | + arg.asExpr() = tmpL.getAChildExpr+() and + isExecaShellEnableWithExpr(this.asExpr().(CallExpr).getArgument(0)) + ) + } + + override DataFlow::Node getArgumentList() { + // $`${Can Not Be sink} ${sink} .. ${sink}` + exists(TemplateLiteral tmpL | templateLiteralChildAsSink(this.asExpr()) = tmpL | + result.asExpr() = tmpL.getAChildExpr+() and + not result.asExpr() = tmpL.getChildExpr(0) + ) + } + + override predicate isSync() { name = "Sync" } + + override DataFlow::Node getOptionsArg() { + result = this.asExpr().getAChildExpr*().flow() and result.asExpr() instanceof ObjectExpr + } + } + + /** + * A call to `execa.execaCommandSync` or `execa.execaCommand` + */ + private class ExecaCommandCall extends API::CallNode { + string name; + + ExecaCommandCall() { + this = API::moduleImport("execa").getMember("execaCommandSync").getACall() and + name = "execaCommandSync" + or + this = API::moduleImport("execa").getMember("execaCommand").getACall() and + name = "execaCommand" + } + + /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ + string getName() { result = name } + } + + /** + * The system command execution nodes for `execa.execaCommand` or `execa.execaCommandSync` functions + */ + class ExecaCommandExec2 extends SystemCommandExecution, DataFlow::CallNode { + ExecaCommandExec2() { this = API::moduleImport("execa").getMember("execaCommand").getACall() } + + override DataFlow::Node getACommandArgument() { result = this.getArgument(0) } + + override DataFlow::Node getArgumentList() { result = this.getArgument(0) } + + override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getArgument(0) } + + override predicate isSync() { none() } + + override DataFlow::Node getOptionsArg() { result = this } + } + + /** + * The system command execution nodes for `execa.execaCommand` or `execa.execaCommandSync` functions + */ + class ExecaCommandExec extends SystemCommandExecution, ExecaCommandCall { + ExecaCommandExec() { name = ["execaCommand", "execaCommandSync"] } + + override DataFlow::Node getACommandArgument() { + result = this.(DataFlow::CallNode).getArgument(0) + } + + override DataFlow::Node getArgumentList() { + // execaCommand("echo " + sink); + // execaCommand(`echo ${sink}`); + result.asExpr() = this.getParameter(0).asSink().asExpr().getAChildExpr+() and + not result.asExpr() = this.getArgument(0).asExpr().getChildExpr(0) + } + + override predicate isShellInterpreted(DataFlow::Node arg) { + // execaCommandSync(sink1 + sink2, {shell: true}) + arg.asExpr() = this.getArgument(0).asExpr().getAChildExpr+() and + isExecaShellEnable(this.getParameter(1)) + or + // there is only one argument that is constructed in previous nodes, + // it makes sanitizing really hard to select whether it is vulnerable to argument injection or not + arg = this.getParameter(0).asSink() and + not exists(this.getArgument(0).asExpr().getChildExpr(1)) + } + + override predicate isSync() { name = "execaCommandSync" } + + override DataFlow::Node getOptionsArg() { + result = this.getLastArgument() and result.asExpr() instanceof ObjectExpr + } + } + + // Holds if left parameter is the left child of a template literal and returns the template literal + private TemplateLiteral templateLiteralChildAsSink(Expr left) { + exists(TaggedTemplateExpr parent | + parent.getTemplate() = result and + left = parent.getChildExpr(0) + ) + } + + // Holds whether Execa has shell enabled options or not, get Parameter responsible for options + private predicate isExecaShellEnable(API::Node n) { + n.getMember("shell").asSink().asExpr().(BooleanLiteral).getValue() = "true" + } + + // Holds whether Execa has shell enabled options or not, get Parameter responsible for options + private predicate isExecaShellEnableWithExpr(Expr n) { + exists(ObjectExpr o, Property p | o = n.getAChildExpr*() | + o.getAChild() = p and + p.getAChild().(Label).getName() = "shell" and + p.getAChild().(Literal).getValue() = "true" + ) + } +} diff --git a/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected b/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected new file mode 100644 index 00000000000..a99d033b6ef --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected @@ -0,0 +1,68 @@ +test_FileSystemAccess +| tst.js:18:9:18:23 | { shell: true } | +| tst.js:20:9:20:24 | { shell: false } | +| tst.js:24:13:24:22 | 'aCommand' | +| tst.js:24:25:24:36 | ['example1'] | +| tst.js:26:13:26:18 | 'echo' | +| tst.js:26:21:26:32 | ['example1'] | +| tst.js:28:13:28:47 | 'echo e ... ple 11' | +| tst.js:28:50:28:64 | { shell: true } | +| tst.js:29:13:29:29 | 'echo example 10' | +| tst.js:29:32:29:52 | ['; ech ... le 11'] | +| tst.js:29:55:29:69 | { shell: true } | +| tst.js:32:11:32:16 | 'echo' | +| tst.js:32:19:32:35 | ['example5 sync'] | +| tst.js:34:20:34:42 | "echo " ... gument" | +| tst.js:35:20:35:52 | `echo $ ... ndSync` | +| tst.js:37:18:37:20 | arg | +| tst.js:39:18:39:39 | "echo 1 ... echo 2" | +| tst.js:39:42:39:56 | { shell: true } | +| tst.js:45:9:45:27 | { inputFile: file } | +| tst.js:46:13:46:17 | 'cat' | +| tst.js:46:20:46:38 | { inputFile: file } | +| tst.js:47:13:47:18 | 'echo' | +| tst.js:47:21:47:32 | ['example2'] | +| tst.js:48:13:48:18 | 'echo' | +| tst.js:48:21:48:32 | ['example3'] | +| tst.js:49:13:49:18 | 'echo' | +| tst.js:49:21:49:32 | ['example4'] | +| tst.js:49:35:49:47 | { all: true } | +test_MissingFileSystemAccess +| tst.js:43:35:43:38 | file | +| tst.js:47:46:47:49 | file | +| tst.js:48:46:48:49 | file | +| tst.js:49:58:49:61 | file | +test_SystemCommandExecution +| tst.js:1:71:1:71 | $ | +| tst.js:4:7:4:7 | $ | +| tst.js:5:7:5:7 | $ | +| tst.js:6:1:6:1 | $ | +| tst.js:6:1:6:6 | $.sync | +| tst.js:10:7:10:7 | $ | +| tst.js:12:7:12:7 | $ | +| tst.js:13:1:13:1 | $ | +| tst.js:13:1:13:6 | $.sync | +| tst.js:15:1:15:1 | $ | +| tst.js:15:1:15:6 | $.sync | +| tst.js:16:7:16:7 | $ | +| tst.js:18:7:18:7 | $ | +| tst.js:18:7:18:24 | $({ shell: true }) | +| tst.js:20:7:20:7 | $ | +| tst.js:20:7:20:25 | $({ shell: false }) | +| tst.js:24:7:24:37 | execa(' ... ple1']) | +| tst.js:26:7:26:33 | execa(' ... ple1']) | +| tst.js:28:7:28:65 | execa(' ... true }) | +| tst.js:29:7:29:70 | execa(' ... true }) | +| tst.js:32:1:32:36 | execaSy ... sync']) | +| tst.js:34:7:34:43 | execaCo ... ument") | +| tst.js:35:7:35:53 | execaCo ... dSync`) | +| tst.js:37:1:37:21 | execaCo ... nc(arg) | +| tst.js:39:1:39:57 | execaCo ... true }) | +| tst.js:43:7:43:7 | $ | +| tst.js:45:7:45:7 | $ | +| tst.js:45:7:45:28 | $({ inp ... file }) | +| tst.js:46:7:46:39 | execa(' ... file }) | +| tst.js:47:7:47:33 | execa(' ... ple2']) | +| tst.js:48:7:48:33 | execa(' ... ple3']) | +| tst.js:49:7:49:48 | execa(' ... true }) | +test_FileNameSource diff --git a/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql b/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql new file mode 100644 index 00000000000..42858633cd3 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql @@ -0,0 +1,12 @@ +import javascript + +query predicate test_FileSystemAccess(FileSystemAccess access) { any() } + +query predicate test_MissingFileSystemAccess(VarAccess var) { + var.getName().matches("file%") and + not exists(FileSystemAccess access | access.getAPathArgument().asExpr() = var) +} + +query predicate test_SystemCommandExecution(SystemCommandExecution exec) { any() } + +query predicate test_FileNameSource(FileNameSource exec) { any() } diff --git a/javascript/ql/test/library-tests/frameworks/Execa/tst.js b/javascript/ql/test/library-tests/frameworks/Execa/tst.js new file mode 100644 index 00000000000..0e657d421a2 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Execa/tst.js @@ -0,0 +1,49 @@ +import { execa, execaSync, execaCommand, execaCommandSync, execaNode, $ } from 'execa'; + +// Node.js scripts +await $`echo example1`.pipeStderr(`tmp`); +await $`echo ${"example2"}`.pipeStderr(`tmp`); +$.sync`echo example2 sync` +// Multiple arguments +const args = ["arg:" + arg, 'example3', '&', 'rainbows!']; +// GOOD +await $`${arg} sth`; +// GOOD only one command can be executed +await $`${arg}`; +$.sync`${arg}` +// BAD argument injection +$.sync`echo ${args} ${args}` +await $`echo ${["-a", "-lps"]}` +// if shell: true then all inputs except first are dangerous +await $({ shell: true })`echo example6 ${";echo example6 > tmpdir/example6"}` +// GOOD +await $({ shell: false })`echo example6 ${";echo example6 > tmpdir/example6"}` + +// execa +// GOOD +await execa('aCommand', ['example1']); +// BAD argument injection +await execa('echo', ['example1']); +// BAD shell is enable +await execa('echo example 10 ; echo example 11', { shell: true }); +await execa('echo example 10', ['; echo example 11'], { shell: true }); + +// BAD argument injection +execaSync('echo', ['example5 sync']); +// BAD argument injection +await execaCommand("echo " + "badArgument"); +await execaCommand(`echo ${"arg1"} execaCommandSync`); +// bad totally controllable argument +execaCommandSync(arg); +// BAD shell is enable +execaCommandSync("echo 1 " + "; echo 2", { shell: true }); + +// FileSystemAccess +// Piping stdout to a file +await $`echo example8`.pipeStdout(file) +// Piping stdin from a file +await $({ inputFile: file })`cat` +await execa('cat', { inputFile: file }); +await execa('echo', ['example2']).pipeStdout(file); +await execa('echo', ['example3']).pipeStderr(file); +await execa('echo', ['example4'], { all: true }).pipeAll(file); From 2c74dc23c9240d728e4e350f93254ba53c627984 Mon Sep 17 00:00:00 2001 From: amammad Date: Fri, 22 Sep 2023 20:00:36 +1000 Subject: [PATCH 02/38] add second order command execution sinks to tests --- .../frameworks/Execa/Execa.expected | 122 +++++++++--------- .../library-tests/frameworks/Execa/tst.js | 16 ++- 2 files changed, 71 insertions(+), 67 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected b/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected index a99d033b6ef..c4e12a8dca6 100644 --- a/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected +++ b/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected @@ -1,68 +1,68 @@ test_FileSystemAccess -| tst.js:18:9:18:23 | { shell: true } | -| tst.js:20:9:20:24 | { shell: false } | -| tst.js:24:13:24:22 | 'aCommand' | -| tst.js:24:25:24:36 | ['example1'] | -| tst.js:26:13:26:18 | 'echo' | -| tst.js:26:21:26:32 | ['example1'] | -| tst.js:28:13:28:47 | 'echo e ... ple 11' | -| tst.js:28:50:28:64 | { shell: true } | -| tst.js:29:13:29:29 | 'echo example 10' | -| tst.js:29:32:29:52 | ['; ech ... le 11'] | -| tst.js:29:55:29:69 | { shell: true } | -| tst.js:32:11:32:16 | 'echo' | -| tst.js:32:19:32:35 | ['example5 sync'] | -| tst.js:34:20:34:42 | "echo " ... gument" | -| tst.js:35:20:35:52 | `echo $ ... ndSync` | -| tst.js:37:18:37:20 | arg | -| tst.js:39:18:39:39 | "echo 1 ... echo 2" | -| tst.js:39:42:39:56 | { shell: true } | -| tst.js:45:9:45:27 | { inputFile: file } | -| tst.js:46:13:46:17 | 'cat' | -| tst.js:46:20:46:38 | { inputFile: file } | -| tst.js:47:13:47:18 | 'echo' | -| tst.js:47:21:47:32 | ['example2'] | -| tst.js:48:13:48:18 | 'echo' | -| tst.js:48:21:48:32 | ['example3'] | -| tst.js:49:13:49:18 | 'echo' | -| tst.js:49:21:49:32 | ['example4'] | -| tst.js:49:35:49:47 | { all: true } | +| tst.js:22:9:22:23 | { shell: true } | +| tst.js:24:9:24:24 | { shell: false } | +| tst.js:28:13:28:22 | 'aCommand' | +| tst.js:28:25:28:36 | ['example1'] | +| tst.js:30:13:30:17 | 'git' | +| tst.js:30:20:30:31 | ['example1'] | +| tst.js:32:13:32:47 | 'echo e ... ple 11' | +| tst.js:32:50:32:64 | { shell: true } | +| tst.js:33:13:33:29 | 'echo example 10' | +| tst.js:33:32:33:52 | ['; ech ... le 11'] | +| tst.js:33:55:33:69 | { shell: true } | +| tst.js:36:11:36:16 | 'echo' | +| tst.js:36:19:36:35 | ['example5 sync'] | +| tst.js:38:20:38:41 | "git " ... gument" | +| tst.js:39:20:39:51 | `git ${ ... ndSync` | +| tst.js:41:18:41:20 | arg | +| tst.js:43:18:43:39 | "echo 1 ... echo 2" | +| tst.js:43:42:43:56 | { shell: true } | +| tst.js:49:9:49:27 | { inputFile: file } | +| tst.js:50:13:50:17 | 'cat' | +| tst.js:50:20:50:38 | { inputFile: file } | +| tst.js:51:13:51:18 | 'echo' | +| tst.js:51:21:51:32 | ['example2'] | +| tst.js:52:13:52:18 | 'echo' | +| tst.js:52:21:52:32 | ['example3'] | +| tst.js:53:13:53:18 | 'echo' | +| tst.js:53:21:53:32 | ['example4'] | +| tst.js:53:35:53:47 | { all: true } | test_MissingFileSystemAccess -| tst.js:43:35:43:38 | file | -| tst.js:47:46:47:49 | file | -| tst.js:48:46:48:49 | file | -| tst.js:49:58:49:61 | file | +| tst.js:47:35:47:38 | file | +| tst.js:51:46:51:49 | file | +| tst.js:52:46:52:49 | file | +| tst.js:53:58:53:61 | file | test_SystemCommandExecution | tst.js:1:71:1:71 | $ | -| tst.js:4:7:4:7 | $ | -| tst.js:5:7:5:7 | $ | -| tst.js:6:1:6:1 | $ | -| tst.js:6:1:6:6 | $.sync | -| tst.js:10:7:10:7 | $ | -| tst.js:12:7:12:7 | $ | -| tst.js:13:1:13:1 | $ | -| tst.js:13:1:13:6 | $.sync | -| tst.js:15:1:15:1 | $ | -| tst.js:15:1:15:6 | $.sync | +| tst.js:7:7:7:7 | $ | +| tst.js:9:7:9:7 | $ | +| tst.js:10:1:10:1 | $ | +| tst.js:10:1:10:6 | $.sync | +| tst.js:14:7:14:7 | $ | | tst.js:16:7:16:7 | $ | -| tst.js:18:7:18:7 | $ | -| tst.js:18:7:18:24 | $({ shell: true }) | +| tst.js:17:1:17:1 | $ | +| tst.js:17:1:17:6 | $.sync | +| tst.js:19:1:19:1 | $ | +| tst.js:19:1:19:6 | $.sync | | tst.js:20:7:20:7 | $ | -| tst.js:20:7:20:25 | $({ shell: false }) | -| tst.js:24:7:24:37 | execa(' ... ple1']) | -| tst.js:26:7:26:33 | execa(' ... ple1']) | -| tst.js:28:7:28:65 | execa(' ... true }) | -| tst.js:29:7:29:70 | execa(' ... true }) | -| tst.js:32:1:32:36 | execaSy ... sync']) | -| tst.js:34:7:34:43 | execaCo ... ument") | -| tst.js:35:7:35:53 | execaCo ... dSync`) | -| tst.js:37:1:37:21 | execaCo ... nc(arg) | -| tst.js:39:1:39:57 | execaCo ... true }) | -| tst.js:43:7:43:7 | $ | -| tst.js:45:7:45:7 | $ | -| tst.js:45:7:45:28 | $({ inp ... file }) | -| tst.js:46:7:46:39 | execa(' ... file }) | -| tst.js:47:7:47:33 | execa(' ... ple2']) | -| tst.js:48:7:48:33 | execa(' ... ple3']) | -| tst.js:49:7:49:48 | execa(' ... true }) | +| tst.js:22:7:22:7 | $ | +| tst.js:22:7:22:24 | $({ shell: true }) | +| tst.js:24:7:24:7 | $ | +| tst.js:24:7:24:25 | $({ shell: false }) | +| tst.js:28:7:28:37 | execa(' ... ple1']) | +| tst.js:30:7:30:32 | execa(' ... ple1']) | +| tst.js:32:7:32:65 | execa(' ... true }) | +| tst.js:33:7:33:70 | execa(' ... true }) | +| tst.js:36:1:36:36 | execaSy ... sync']) | +| tst.js:38:7:38:42 | execaCo ... ument") | +| tst.js:39:7:39:52 | execaCo ... dSync`) | +| tst.js:41:1:41:21 | execaCo ... nc(arg) | +| tst.js:43:1:43:57 | execaCo ... true }) | +| tst.js:47:7:47:7 | $ | +| tst.js:49:7:49:7 | $ | +| tst.js:49:7:49:28 | $({ inp ... file }) | +| tst.js:50:7:50:39 | execa(' ... file }) | +| tst.js:51:7:51:33 | execa(' ... ple2']) | +| tst.js:52:7:52:33 | execa(' ... ple3']) | +| tst.js:53:7:53:48 | execa(' ... true }) | test_FileNameSource diff --git a/javascript/ql/test/library-tests/frameworks/Execa/tst.js b/javascript/ql/test/library-tests/frameworks/Execa/tst.js index 0e657d421a2..e31fa07dbb4 100644 --- a/javascript/ql/test/library-tests/frameworks/Execa/tst.js +++ b/javascript/ql/test/library-tests/frameworks/Execa/tst.js @@ -1,8 +1,12 @@ import { execa, execaSync, execaCommand, execaCommandSync, execaNode, $ } from 'execa'; +const arg = process.argv[0]; + // Node.js scripts +// GOOD await $`echo example1`.pipeStderr(`tmp`); -await $`echo ${"example2"}`.pipeStderr(`tmp`); +// BAD argument injection +await $`ssh ${"example2"}`.pipeStderr(`tmp`); $.sync`echo example2 sync` // Multiple arguments const args = ["arg:" + arg, 'example3', '&', 'rainbows!']; @@ -12,8 +16,8 @@ await $`${arg} sth`; await $`${arg}`; $.sync`${arg}` // BAD argument injection -$.sync`echo ${args} ${args}` -await $`echo ${["-a", "-lps"]}` +$.sync`git ${args} ${args}` +await $`git ${["-o", "-lps"]}` // if shell: true then all inputs except first are dangerous await $({ shell: true })`echo example6 ${";echo example6 > tmpdir/example6"}` // GOOD @@ -23,7 +27,7 @@ await $({ shell: false })`echo example6 ${";echo example6 > tmpdir/example6"}` // GOOD await execa('aCommand', ['example1']); // BAD argument injection -await execa('echo', ['example1']); +await execa('git', ['example1']); // BAD shell is enable await execa('echo example 10 ; echo example 11', { shell: true }); await execa('echo example 10', ['; echo example 11'], { shell: true }); @@ -31,8 +35,8 @@ await execa('echo example 10', ['; echo example 11'], { shell: true }); // BAD argument injection execaSync('echo', ['example5 sync']); // BAD argument injection -await execaCommand("echo " + "badArgument"); -await execaCommand(`echo ${"arg1"} execaCommandSync`); +await execaCommand("git " + "badArgument"); +await execaCommand(`git ${"arg1"} execaCommandSync`); // bad totally controllable argument execaCommandSync(arg); // BAD shell is enable From 7d961e1af228f321761a28c89e7609749c171fe7 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Fri, 6 Oct 2023 16:07:10 +0200 Subject: [PATCH 03/38] do review improvements --- .../semmle/javascript/frameworks/Execa.qll | 138 +++---- .../library-tests/frameworks/Execa/Execa.ql | 12 - .../CWE-022/TaintedPath/TaintedPath.expected | 381 ++++++++++++++++++ .../Security/CWE-022/TaintedPath/execa.js | 19 + .../CommandInjection.expected | 122 ++++++ .../CWE-078/CommandInjection/execa.js | 25 ++ 6 files changed, 616 insertions(+), 81 deletions(-) delete mode 100644 javascript/ql/test/library-tests/frameworks/Execa/Execa.ql create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js create mode 100644 javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll index fe654a287f5..5cfecc1c814 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -4,35 +4,46 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryCustomizations -import semmle.javascript.security.dataflow.UrlConcatenation /** * Provide model for [Execa](https://github.com/sindresorhus/execa) package */ module Execa { /** - * The Execa input file option + * The Execa input file read and output file write */ - class ExecaRead extends FileSystemReadAccess, DataFlow::Node { - API::Node execaNode; + class ExecaFileSystemAccess extends FileSystemReadAccess, DataFlow::Node { + API::Node execaArg; + boolean isPipedToFile; - ExecaRead() { + ExecaFileSystemAccess() { ( - execaNode = API::moduleImport("execa").getMember("$").getParameter(0) + execaArg = API::moduleImport("execa").getMember("$").getParameter(0) and + isPipedToFile = false or - execaNode = + execaArg = API::moduleImport("execa") .getMember(["execa", "execaCommand", "execaCommandSync", "execaSync"]) - .getParameter([0, 1, 2]) + .getParameter([0, 1, 2]) and + isPipedToFile = false + or + execaArg = + API::moduleImport("execa") + .getMember(["execa", "execaCommand", "execaCommandSync", "execaSync"]) + .getReturn() + .getMember(["pipeStdout", "pipeAll", "pipeStderr"]) + .getParameter(0) and + isPipedToFile = true ) and - this = execaNode.asSink() + this = execaArg.asSink() } - // data is the output of a command so IDK how it can be implemented override DataFlow::Node getADataNode() { none() } override DataFlow::Node getAPathArgument() { - result = execaNode.getMember("inputFile").asSink() + result = execaArg.getMember("inputFile").asSink() and isPipedToFile = false + or + result = execaArg.asSink() and isPipedToFile = true } } @@ -40,25 +51,22 @@ module Execa { * A call to `execa.execa` or `execa.execaSync` */ class ExecaCall extends API::CallNode { - string name; + boolean isSync; ExecaCall() { this = API::moduleImport("execa").getMember("execa").getACall() and - name = "execa" + isSync = false or this = API::moduleImport("execa").getMember("execaSync").getACall() and - name = "execaSync" + isSync = true } - - /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ - string getName() { result = name } } /** * The system command execution nodes for `execa.execa` or `execa.execaSync` functions */ class ExecaExec extends SystemCommandExecution, ExecaCall { - ExecaExec() { name = ["execa", "execaSync"] } + ExecaExec() { isSync = [false, true] } override DataFlow::Node getACommandArgument() { result = this.getArgument(0) } @@ -73,7 +81,15 @@ module Execa { isExecaShellEnable(this.getParameter(1)) } - override predicate isSync() { name = "execaSync" } + override DataFlow::Node getArgumentList() { + // execa(cmd, [arg]); + exists(DataFlow::Node arg | arg = this.getArgument(1) | + // if it is a object then it is a option argument not command argument + result = arg and not arg.asExpr() instanceof ObjectExpr + ) + } + + override predicate isSync() { isSync = true } override DataFlow::Node getOptionsArg() { result = this.getLastArgument() and result.asExpr() instanceof ObjectExpr @@ -84,7 +100,7 @@ module Execa { * A call to `execa.$` or `execa.$.sync` tag functions */ private class ExecaScriptExpr extends DataFlow::ExprNode { - string name; + boolean isSync; ExecaScriptExpr() { this.asExpr() = @@ -92,51 +108,53 @@ module Execa { API::moduleImport("execa").getMember("$"), API::moduleImport("execa").getMember("$").getReturn() ].getAValueReachableFromSource().asExpr() and - name = "ASync" + isSync = false or this.asExpr() = [ API::moduleImport("execa").getMember("$").getMember("sync"), API::moduleImport("execa").getMember("$").getMember("sync").getReturn() ].getAValueReachableFromSource().asExpr() and - name = "Sync" + isSync = true } - - /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ - string getName() { result = name } } /** * The system command execution nodes for `execa.$` or `execa.$.sync` tag functions */ class ExecaScriptEec extends SystemCommandExecution, ExecaScriptExpr { - ExecaScriptEec() { name = ["Sync", "ASync"] } + ExecaScriptEec() { isSync = [false, true] } override DataFlow::Node getACommandArgument() { - result.asExpr() = templateLiteralChildAsSink(this.asExpr()).getChildExpr(0) + exists(TemplateLiteral tl | isFirstTaggedTemplateParameter(this.asExpr(), tl) | + result.asExpr() = tl.getChildExpr(0) and + not result.asExpr().mayHaveStringValue(" ") // exclude whitespace + ) } override predicate isShellInterpreted(DataFlow::Node arg) { - // $({shell: true})`${sink} ${sink} .. ${sink}` + // $({shell: true})`${cmd} ${arg0} ... ${arg1}` // ISSUE: $`cmd args` I can't reach the tag function argument easily - exists(TemplateLiteral tmpL | templateLiteralChildAsSink(this.asExpr()) = tmpL | - arg.asExpr() = tmpL.getAChildExpr+() and - isExecaShellEnableWithExpr(this.asExpr().(CallExpr).getArgument(0)) + exists(TemplateLiteral tmpL | isFirstTaggedTemplateParameter(this.asExpr(), tmpL) | + arg.asExpr() = tmpL.getAChildExpr() and + isExecaShellEnableWithExpr(this.asExpr().(CallExpr).getArgument(0)) and + not arg.asExpr().mayHaveStringValue(" ") // exclude whitespace ) } override DataFlow::Node getArgumentList() { - // $`${Can Not Be sink} ${sink} .. ${sink}` - exists(TemplateLiteral tmpL | templateLiteralChildAsSink(this.asExpr()) = tmpL | - result.asExpr() = tmpL.getAChildExpr+() and - not result.asExpr() = tmpL.getChildExpr(0) + // $`${cmd} ${arg0} ... ${argn}` + exists(TemplateLiteral tmpL | isFirstTaggedTemplateParameter(this.asExpr(), tmpL) | + result.asExpr() = tmpL.getAChildExpr() and + not result.asExpr() = tmpL.getChildExpr(0) and + not result.asExpr().mayHaveStringValue(" ") // exclude whitespace ) } - override predicate isSync() { name = "Sync" } + override predicate isSync() { isSync = true } override DataFlow::Node getOptionsArg() { - result = this.asExpr().getAChildExpr*().flow() and result.asExpr() instanceof ObjectExpr + result = this.asExpr().getAChildExpr().flow() and result.asExpr() instanceof ObjectExpr } } @@ -144,56 +162,35 @@ module Execa { * A call to `execa.execaCommandSync` or `execa.execaCommand` */ private class ExecaCommandCall extends API::CallNode { - string name; + boolean isSync; ExecaCommandCall() { this = API::moduleImport("execa").getMember("execaCommandSync").getACall() and - name = "execaCommandSync" + isSync = true or this = API::moduleImport("execa").getMember("execaCommand").getACall() and - name = "execaCommand" + isSync = false } - - /** Gets the name of the exported function, such as `rm` in `shelljs.rm()`. */ - string getName() { result = name } - } - - /** - * The system command execution nodes for `execa.execaCommand` or `execa.execaCommandSync` functions - */ - class ExecaCommandExec2 extends SystemCommandExecution, DataFlow::CallNode { - ExecaCommandExec2() { this = API::moduleImport("execa").getMember("execaCommand").getACall() } - - override DataFlow::Node getACommandArgument() { result = this.getArgument(0) } - - override DataFlow::Node getArgumentList() { result = this.getArgument(0) } - - override predicate isShellInterpreted(DataFlow::Node arg) { arg = this.getArgument(0) } - - override predicate isSync() { none() } - - override DataFlow::Node getOptionsArg() { result = this } } /** * The system command execution nodes for `execa.execaCommand` or `execa.execaCommandSync` functions */ class ExecaCommandExec extends SystemCommandExecution, ExecaCommandCall { - ExecaCommandExec() { name = ["execaCommand", "execaCommandSync"] } + ExecaCommandExec() { isSync = [false, true] } override DataFlow::Node getACommandArgument() { result = this.(DataFlow::CallNode).getArgument(0) } override DataFlow::Node getArgumentList() { - // execaCommand("echo " + sink); - // execaCommand(`echo ${sink}`); - result.asExpr() = this.getParameter(0).asSink().asExpr().getAChildExpr+() and + // execaCommand(`${cmd} ${arg}`); + result.asExpr() = this.getParameter(0).asSink().asExpr().getAChildExpr() and not result.asExpr() = this.getArgument(0).asExpr().getChildExpr(0) } override predicate isShellInterpreted(DataFlow::Node arg) { - // execaCommandSync(sink1 + sink2, {shell: true}) + // execaCommandSync(`${cmd} ${arg}`, {shell: true}) arg.asExpr() = this.getArgument(0).asExpr().getAChildExpr+() and isExecaShellEnable(this.getParameter(1)) or @@ -203,7 +200,7 @@ module Execa { not exists(this.getArgument(0).asExpr().getChildExpr(1)) } - override predicate isSync() { name = "execaCommandSync" } + override predicate isSync() { isSync = true } override DataFlow::Node getOptionsArg() { result = this.getLastArgument() and result.asExpr() instanceof ObjectExpr @@ -211,14 +208,17 @@ module Execa { } // Holds if left parameter is the left child of a template literal and returns the template literal - private TemplateLiteral templateLiteralChildAsSink(Expr left) { + private predicate isFirstTaggedTemplateParameter(Expr left, TemplateLiteral templateLiteral) { exists(TaggedTemplateExpr parent | - parent.getTemplate() = result and + templateLiteral = parent.getTemplate() and left = parent.getChildExpr(0) ) } - // Holds whether Execa has shell enabled options or not, get Parameter responsible for options + /** + * Holds whether Execa has shell enabled options or not, get Parameter responsible for options + */ + pragma[inline] private predicate isExecaShellEnable(API::Node n) { n.getMember("shell").asSink().asExpr().(BooleanLiteral).getValue() = "true" } diff --git a/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql b/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql deleted file mode 100644 index 42858633cd3..00000000000 --- a/javascript/ql/test/library-tests/frameworks/Execa/Execa.ql +++ /dev/null @@ -1,12 +0,0 @@ -import javascript - -query predicate test_FileSystemAccess(FileSystemAccess access) { any() } - -query predicate test_MissingFileSystemAccess(VarAccess var) { - var.getName().matches("file%") and - not exists(FileSystemAccess access | access.getAPathArgument().asExpr() = var) -} - -query predicate test_SystemCommandExecution(SystemCommandExecution exec) { any() } - -query predicate test_FileNameSource(FileNameSource exec) { any() } diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 2d1692dce00..a5e6653291a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1535,6 +1535,159 @@ nodes | TaintedPath.js:214:35:214:38 | path | | TaintedPath.js:214:35:214:38 | path | | TaintedPath.js:214:35:214:38 | path | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:30:6:36 | req.url | +| execa.js:6:30:6:36 | req.url | +| execa.js:6:30:6:36 | req.url | +| execa.js:6:30:6:36 | req.url | +| execa.js:6:30:6:36 | req.url | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:9:26:9:33 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:12:37:12:44 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:15:50:15:57 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | +| execa.js:18:62:18:69 | filePath | | express.js:8:20:8:32 | req.query.bar | | express.js:8:20:8:32 | req.query.bar | | express.js:8:20:8:32 | req.query.bar | @@ -6635,6 +6788,230 @@ edges | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | @@ -10345,6 +10722,10 @@ edges | TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | | TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | | TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | +| execa.js:9:26:9:33 | filePath | execa.js:6:30:6:36 | req.url | execa.js:9:26:9:33 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | +| execa.js:12:37:12:44 | filePath | execa.js:6:30:6:36 | req.url | execa.js:12:37:12:44 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | +| execa.js:15:50:15:57 | filePath | execa.js:6:30:6:36 | req.url | execa.js:15:50:15:57 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | +| execa.js:18:62:18:69 | filePath | execa.js:6:30:6:36 | req.url | execa.js:18:62:18:69 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value | | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js new file mode 100644 index 00000000000..b246f6c384e --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js @@ -0,0 +1,19 @@ +import { execa, $ } from 'execa'; +import http from 'node:http' +import url from 'url' + +http.createServer(async function (req, res) { + let filePath = url.parse(req.url, true).query["filePath"][0]; + + // Piping to stdin from a file + await $({ inputFile: filePath })`cat` // NOT OK + + // Piping to stdin from a file + await execa('cat', { inputFile: filePath }); // NOT OK + + // Piping Stdout to file + await execa('echo', ['example3']).pipeStdout(filePath); // NOT OK + + // Piping all of command output to file + await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // NOT OK +}); \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index fb8bc60e673..02f1ccf774d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -103,6 +103,55 @@ nodes | execSeries.js:18:34:18:40 | req.url | | execSeries.js:19:12:19:16 | [cmd] | | execSeries.js:19:13:19:15 | cmd | +| execa.js:6:9:6:54 | cmd | +| execa.js:6:15:6:38 | url.par ... , true) | +| execa.js:6:15:6:44 | url.par ... ).query | +| execa.js:6:15:6:51 | url.par ... ["cmd"] | +| execa.js:6:15:6:54 | url.par ... md"][0] | +| execa.js:6:25:6:31 | req.url | +| execa.js:6:25:6:31 | req.url | +| execa.js:7:9:7:51 | arg | +| execa.js:7:15:7:38 | url.par ... , true) | +| execa.js:7:15:7:44 | url.par ... ).query | +| execa.js:7:15:7:51 | url.par ... ["arg"] | +| execa.js:7:25:7:31 | req.url | +| execa.js:7:25:7:31 | req.url | +| execa.js:9:15:9:17 | cmd | +| execa.js:9:15:9:17 | cmd | +| execa.js:10:14:10:16 | cmd | +| execa.js:10:14:10:16 | cmd | +| execa.js:11:32:11:34 | cmd | +| execa.js:11:32:11:34 | cmd | +| execa.js:12:33:12:35 | cmd | +| execa.js:12:33:12:35 | cmd | +| execa.js:14:17:14:19 | cmd | +| execa.js:14:17:14:19 | cmd | +| execa.js:15:17:15:19 | cmd | +| execa.js:15:17:15:19 | cmd | +| execa.js:16:17:16:19 | cmd | +| execa.js:16:17:16:19 | cmd | +| execa.js:17:17:17:19 | cmd | +| execa.js:17:17:17:19 | cmd | +| execa.js:18:15:18:17 | cmd | +| execa.js:18:15:18:17 | cmd | +| execa.js:19:15:19:17 | cmd | +| execa.js:19:15:19:17 | cmd | +| execa.js:21:24:21:26 | cmd | +| execa.js:21:24:21:32 | cmd + arg | +| execa.js:21:24:21:32 | cmd + arg | +| execa.js:21:30:21:32 | arg | +| execa.js:22:22:22:24 | cmd | +| execa.js:22:22:22:30 | cmd + arg | +| execa.js:22:22:22:30 | cmd + arg | +| execa.js:22:28:22:30 | arg | +| execa.js:23:24:23:26 | cmd | +| execa.js:23:24:23:32 | cmd + arg | +| execa.js:23:24:23:32 | cmd + arg | +| execa.js:23:30:23:32 | arg | +| execa.js:24:22:24:24 | cmd | +| execa.js:24:22:24:30 | cmd + arg | +| execa.js:24:22:24:30 | cmd + arg | +| execa.js:24:28:24:30 | arg | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:19:9:26 | req.file | @@ -286,6 +335,61 @@ edges | execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | | execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | | execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | +| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:21:24:21:26 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:22:22:22:24 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:23:24:23:26 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:24:22:24:24 | cmd | +| execa.js:6:15:6:38 | url.par ... , true) | execa.js:6:15:6:44 | url.par ... ).query | +| execa.js:6:15:6:44 | url.par ... ).query | execa.js:6:15:6:51 | url.par ... ["cmd"] | +| execa.js:6:15:6:51 | url.par ... ["cmd"] | execa.js:6:15:6:54 | url.par ... md"][0] | +| execa.js:6:15:6:54 | url.par ... md"][0] | execa.js:6:9:6:54 | cmd | +| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | +| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | +| execa.js:7:9:7:51 | arg | execa.js:21:30:21:32 | arg | +| execa.js:7:9:7:51 | arg | execa.js:22:28:22:30 | arg | +| execa.js:7:9:7:51 | arg | execa.js:23:30:23:32 | arg | +| execa.js:7:9:7:51 | arg | execa.js:24:28:24:30 | arg | +| execa.js:7:15:7:38 | url.par ... , true) | execa.js:7:15:7:44 | url.par ... ).query | +| execa.js:7:15:7:44 | url.par ... ).query | execa.js:7:15:7:51 | url.par ... ["arg"] | +| execa.js:7:15:7:51 | url.par ... ["arg"] | execa.js:7:9:7:51 | arg | +| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) | +| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) | +| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg | +| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg | +| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg | +| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg | +| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg | +| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg | +| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg | +| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg | +| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg | +| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg | +| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg | +| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg | +| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg | +| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg | +| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg | +| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | @@ -391,6 +495,24 @@ edges | exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value | | exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value | | execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value | +| execa.js:9:15:9:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:9:15:9:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:10:14:10:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:10:14:10:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:11:32:11:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:32:11:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:12:33:12:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:12:33:12:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:14:17:14:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:17:14:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:15:17:15:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:15:17:15:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:16:17:16:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:16:17:16:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:17:17:17:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:17:17:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:18:15:18:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:18:15:18:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:19:15:19:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:15:19:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:21:24:21:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:21:24:21:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | +| execa.js:22:22:22:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:22:22:22:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | +| execa.js:23:24:23:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:23:24:23:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | +| execa.js:24:22:24:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:24:22:24:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | | form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value | | form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value | | form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js new file mode 100644 index 00000000000..936a6910de4 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js @@ -0,0 +1,25 @@ +import { execa, execaSync, execaCommand, execaCommandSync, $ } from 'execa'; +import http from 'node:http' +import url from 'url' + +http.createServer(async function (req, res) { + let cmd = url.parse(req.url, true).query["cmd"][0]; + let arg = url.parse(req.url, true).query["arg"]; + + await $`${cmd} ${arg}`; // NOT OK + $.sync`${cmd} ${arg}`; // NOT OK + await $({ shell: true })`${cmd} ${arg}` // NOT OK + await $({ shell: false })`${cmd} ${arg}` // NOT OK + + await execa(cmd, [arg]); // NOT OK + await execa(cmd, { shell: true }); // NOT OK + await execa(cmd, { shell: true }); // NOT OK + await execa(cmd, [arg], { shell: true }); // NOT OK + execaSync(cmd, [arg]); // NOT OK + execaSync(cmd, [arg], { shell: true }); // NOT OK + + await execaCommand(cmd + arg); // NOT OK + execaCommandSync(cmd + arg); // NOT OK + await execaCommand(cmd + arg, { shell: true }); // NOT OK + execaCommandSync(cmd + arg, { shell: true }); // NOT OK +}); \ No newline at end of file From 5bc21a6178e414680381e06b7916e57978a49914 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Fri, 6 Oct 2023 16:09:05 +0200 Subject: [PATCH 04/38] delete old tests --- .../frameworks/Execa/Execa.expected | 68 ------------------- .../library-tests/frameworks/Execa/tst.js | 53 --------------- 2 files changed, 121 deletions(-) delete mode 100644 javascript/ql/test/library-tests/frameworks/Execa/Execa.expected delete mode 100644 javascript/ql/test/library-tests/frameworks/Execa/tst.js diff --git a/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected b/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected deleted file mode 100644 index c4e12a8dca6..00000000000 --- a/javascript/ql/test/library-tests/frameworks/Execa/Execa.expected +++ /dev/null @@ -1,68 +0,0 @@ -test_FileSystemAccess -| tst.js:22:9:22:23 | { shell: true } | -| tst.js:24:9:24:24 | { shell: false } | -| tst.js:28:13:28:22 | 'aCommand' | -| tst.js:28:25:28:36 | ['example1'] | -| tst.js:30:13:30:17 | 'git' | -| tst.js:30:20:30:31 | ['example1'] | -| tst.js:32:13:32:47 | 'echo e ... ple 11' | -| tst.js:32:50:32:64 | { shell: true } | -| tst.js:33:13:33:29 | 'echo example 10' | -| tst.js:33:32:33:52 | ['; ech ... le 11'] | -| tst.js:33:55:33:69 | { shell: true } | -| tst.js:36:11:36:16 | 'echo' | -| tst.js:36:19:36:35 | ['example5 sync'] | -| tst.js:38:20:38:41 | "git " ... gument" | -| tst.js:39:20:39:51 | `git ${ ... ndSync` | -| tst.js:41:18:41:20 | arg | -| tst.js:43:18:43:39 | "echo 1 ... echo 2" | -| tst.js:43:42:43:56 | { shell: true } | -| tst.js:49:9:49:27 | { inputFile: file } | -| tst.js:50:13:50:17 | 'cat' | -| tst.js:50:20:50:38 | { inputFile: file } | -| tst.js:51:13:51:18 | 'echo' | -| tst.js:51:21:51:32 | ['example2'] | -| tst.js:52:13:52:18 | 'echo' | -| tst.js:52:21:52:32 | ['example3'] | -| tst.js:53:13:53:18 | 'echo' | -| tst.js:53:21:53:32 | ['example4'] | -| tst.js:53:35:53:47 | { all: true } | -test_MissingFileSystemAccess -| tst.js:47:35:47:38 | file | -| tst.js:51:46:51:49 | file | -| tst.js:52:46:52:49 | file | -| tst.js:53:58:53:61 | file | -test_SystemCommandExecution -| tst.js:1:71:1:71 | $ | -| tst.js:7:7:7:7 | $ | -| tst.js:9:7:9:7 | $ | -| tst.js:10:1:10:1 | $ | -| tst.js:10:1:10:6 | $.sync | -| tst.js:14:7:14:7 | $ | -| tst.js:16:7:16:7 | $ | -| tst.js:17:1:17:1 | $ | -| tst.js:17:1:17:6 | $.sync | -| tst.js:19:1:19:1 | $ | -| tst.js:19:1:19:6 | $.sync | -| tst.js:20:7:20:7 | $ | -| tst.js:22:7:22:7 | $ | -| tst.js:22:7:22:24 | $({ shell: true }) | -| tst.js:24:7:24:7 | $ | -| tst.js:24:7:24:25 | $({ shell: false }) | -| tst.js:28:7:28:37 | execa(' ... ple1']) | -| tst.js:30:7:30:32 | execa(' ... ple1']) | -| tst.js:32:7:32:65 | execa(' ... true }) | -| tst.js:33:7:33:70 | execa(' ... true }) | -| tst.js:36:1:36:36 | execaSy ... sync']) | -| tst.js:38:7:38:42 | execaCo ... ument") | -| tst.js:39:7:39:52 | execaCo ... dSync`) | -| tst.js:41:1:41:21 | execaCo ... nc(arg) | -| tst.js:43:1:43:57 | execaCo ... true }) | -| tst.js:47:7:47:7 | $ | -| tst.js:49:7:49:7 | $ | -| tst.js:49:7:49:28 | $({ inp ... file }) | -| tst.js:50:7:50:39 | execa(' ... file }) | -| tst.js:51:7:51:33 | execa(' ... ple2']) | -| tst.js:52:7:52:33 | execa(' ... ple3']) | -| tst.js:53:7:53:48 | execa(' ... true }) | -test_FileNameSource diff --git a/javascript/ql/test/library-tests/frameworks/Execa/tst.js b/javascript/ql/test/library-tests/frameworks/Execa/tst.js deleted file mode 100644 index e31fa07dbb4..00000000000 --- a/javascript/ql/test/library-tests/frameworks/Execa/tst.js +++ /dev/null @@ -1,53 +0,0 @@ -import { execa, execaSync, execaCommand, execaCommandSync, execaNode, $ } from 'execa'; - -const arg = process.argv[0]; - -// Node.js scripts -// GOOD -await $`echo example1`.pipeStderr(`tmp`); -// BAD argument injection -await $`ssh ${"example2"}`.pipeStderr(`tmp`); -$.sync`echo example2 sync` -// Multiple arguments -const args = ["arg:" + arg, 'example3', '&', 'rainbows!']; -// GOOD -await $`${arg} sth`; -// GOOD only one command can be executed -await $`${arg}`; -$.sync`${arg}` -// BAD argument injection -$.sync`git ${args} ${args}` -await $`git ${["-o", "-lps"]}` -// if shell: true then all inputs except first are dangerous -await $({ shell: true })`echo example6 ${";echo example6 > tmpdir/example6"}` -// GOOD -await $({ shell: false })`echo example6 ${";echo example6 > tmpdir/example6"}` - -// execa -// GOOD -await execa('aCommand', ['example1']); -// BAD argument injection -await execa('git', ['example1']); -// BAD shell is enable -await execa('echo example 10 ; echo example 11', { shell: true }); -await execa('echo example 10', ['; echo example 11'], { shell: true }); - -// BAD argument injection -execaSync('echo', ['example5 sync']); -// BAD argument injection -await execaCommand("git " + "badArgument"); -await execaCommand(`git ${"arg1"} execaCommandSync`); -// bad totally controllable argument -execaCommandSync(arg); -// BAD shell is enable -execaCommandSync("echo 1 " + "; echo 2", { shell: true }); - -// FileSystemAccess -// Piping stdout to a file -await $`echo example8`.pipeStdout(file) -// Piping stdin from a file -await $({ inputFile: file })`cat` -await execa('cat', { inputFile: file }); -await execa('echo', ['example2']).pipeStdout(file); -await execa('echo', ['example3']).pipeStderr(file); -await execa('echo', ['example4'], { all: true }).pipeAll(file); From de2ee4d2899b7c5003bb0ea333f1b6b71c2da222 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Wed, 11 Oct 2023 14:36:56 +0200 Subject: [PATCH 05/38] stash I can't especify the argument and command differences with new API --- .../semmle/javascript/frameworks/Execa.qll | 82 ++++++------------- 1 file changed, 25 insertions(+), 57 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll index 5cfecc1c814..a851f6099ce 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -97,65 +97,50 @@ module Execa { } /** - * A call to `execa.$` or `execa.$.sync` tag functions + * A call to `execa.$` or `execa.$.sync` or `execa.$({})` or `execa.$.sync({})` tag functions */ - private class ExecaScriptExpr extends DataFlow::ExprNode { + private class ExecaScriptCall extends API::CallNode { boolean isSync; - ExecaScriptExpr() { - this.asExpr() = - [ - API::moduleImport("execa").getMember("$"), - API::moduleImport("execa").getMember("$").getReturn() - ].getAValueReachableFromSource().asExpr() and - isSync = false - or - this.asExpr() = - [ - API::moduleImport("execa").getMember("$").getMember("sync"), - API::moduleImport("execa").getMember("$").getMember("sync").getReturn() - ].getAValueReachableFromSource().asExpr() and - isSync = true + ExecaScriptCall() { + exists(API::Node script | + script = + [ + API::moduleImport("execa").getMember("$"), + API::moduleImport("execa").getMember("$").getReturn() + ] + | + this = script.getACall() and + isSync = false + or + this = script.getMember("sync").getACall() and + isSync = true + ) } } + API::Node test() { result = API::moduleImport("execa").getMember("$").getASuccessor*() } + /** * The system command execution nodes for `execa.$` or `execa.$.sync` tag functions */ - class ExecaScriptEec extends SystemCommandExecution, ExecaScriptExpr { - ExecaScriptEec() { isSync = [false, true] } + class ExecaScript extends SystemCommandExecution, ExecaScriptCall { + ExecaScript() { isSync = [false, true] } - override DataFlow::Node getACommandArgument() { - exists(TemplateLiteral tl | isFirstTaggedTemplateParameter(this.asExpr(), tl) | - result.asExpr() = tl.getChildExpr(0) and - not result.asExpr().mayHaveStringValue(" ") // exclude whitespace - ) - } + override DataFlow::Node getACommandArgument() { result = this.getParameter(1).asSink() } override predicate isShellInterpreted(DataFlow::Node arg) { - // $({shell: true})`${cmd} ${arg0} ... ${arg1}` - // ISSUE: $`cmd args` I can't reach the tag function argument easily - exists(TemplateLiteral tmpL | isFirstTaggedTemplateParameter(this.asExpr(), tmpL) | - arg.asExpr() = tmpL.getAChildExpr() and - isExecaShellEnableWithExpr(this.asExpr().(CallExpr).getArgument(0)) and - not arg.asExpr().mayHaveStringValue(" ") // exclude whitespace - ) + isExecaShellEnable(this.getParameter(0)) and + arg = this.getParameter(0).asSink() } override DataFlow::Node getArgumentList() { - // $`${cmd} ${arg0} ... ${argn}` - exists(TemplateLiteral tmpL | isFirstTaggedTemplateParameter(this.asExpr(), tmpL) | - result.asExpr() = tmpL.getAChildExpr() and - not result.asExpr() = tmpL.getChildExpr(0) and - not result.asExpr().mayHaveStringValue(" ") // exclude whitespace - ) + result = this.getParameter(any(int i | i > 1)).asSink() } override predicate isSync() { isSync = true } - override DataFlow::Node getOptionsArg() { - result = this.asExpr().getAChildExpr().flow() and result.asExpr() instanceof ObjectExpr - } + override DataFlow::Node getOptionsArg() { result = this.getParameter(0).asSink() } } /** @@ -207,14 +192,6 @@ module Execa { } } - // Holds if left parameter is the left child of a template literal and returns the template literal - private predicate isFirstTaggedTemplateParameter(Expr left, TemplateLiteral templateLiteral) { - exists(TaggedTemplateExpr parent | - templateLiteral = parent.getTemplate() and - left = parent.getChildExpr(0) - ) - } - /** * Holds whether Execa has shell enabled options or not, get Parameter responsible for options */ @@ -222,13 +199,4 @@ module Execa { private predicate isExecaShellEnable(API::Node n) { n.getMember("shell").asSink().asExpr().(BooleanLiteral).getValue() = "true" } - - // Holds whether Execa has shell enabled options or not, get Parameter responsible for options - private predicate isExecaShellEnableWithExpr(Expr n) { - exists(ObjectExpr o, Property p | o = n.getAChildExpr*() | - o.getAChild() = p and - p.getAChild().(Label).getName() = "shell" and - p.getAChild().(Literal).getValue() = "true" - ) - } } From b24c6fd57946ee3a14ffca59f2799819469934cc Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Wed, 11 Oct 2023 17:34:33 +0200 Subject: [PATCH 06/38] for demonstration --- .../semmle/javascript/frameworks/Execa.qll | 11 +++--- .../CWE-078/CommandInjection/execa.js | 36 ++++++++++++------- 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll index a851f6099ce..db504b06c60 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -119,8 +119,6 @@ module Execa { } } - API::Node test() { result = API::moduleImport("execa").getMember("$").getASuccessor*() } - /** * The system command execution nodes for `execa.$` or `execa.$.sync` tag functions */ @@ -131,16 +129,17 @@ module Execa { override predicate isShellInterpreted(DataFlow::Node arg) { isExecaShellEnable(this.getParameter(0)) and - arg = this.getParameter(0).asSink() + arg = this.getAParameter().asSink() } override DataFlow::Node getArgumentList() { - result = this.getParameter(any(int i | i > 1)).asSink() + result = this.getParameter(any(int i | i > 1)).asSink() and + not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches("")) } - override predicate isSync() { isSync = true } - override DataFlow::Node getOptionsArg() { result = this.getParameter(0).asSink() } + + override predicate isSync() { isSync = true } } /** diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js index 936a6910de4..5155b228550 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js @@ -4,22 +4,32 @@ import url from 'url' http.createServer(async function (req, res) { let cmd = url.parse(req.url, true).query["cmd"][0]; - let arg = url.parse(req.url, true).query["arg"]; + let arg1 = url.parse(req.url, true).query["arg1"]; + let arg2 = url.parse(req.url, true).query["arg2"]; - await $`${cmd} ${arg}`; // NOT OK - $.sync`${cmd} ${arg}`; // NOT OK - await $({ shell: true })`${cmd} ${arg}` // NOT OK - await $({ shell: false })`${cmd} ${arg}` // NOT OK + await $`${cmd} ${arg1} ${arg2}`; // NOT OK + await $`ssh ${arg1} ${arg2}`; // NOT OK + $({ shell: false }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK + $({ shell: true }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK + $({ shell: false }).sync`ssh ${arg} ${arg} ${arg2}`; // NOT OK - await execa(cmd, [arg]); // NOT OK + $.sync`${cmd} ${arg1} ${arg2}`; // NOT OK + $.sync`ssh ${arg1} ${arg2}`; // NOT OK + await $({ shell: true })`${cmd} ${arg1} ${arg2}` // NOT OK + await $({ shell: false })`${cmd} ${arg1} ${arg2}` // NOT OK + await $({ shell: false })`ssh ${arg1} ${arg2}` // NOT OK + + await execa(cmd, [arg1]); // NOT OK await execa(cmd, { shell: true }); // NOT OK await execa(cmd, { shell: true }); // NOT OK - await execa(cmd, [arg], { shell: true }); // NOT OK - execaSync(cmd, [arg]); // NOT OK - execaSync(cmd, [arg], { shell: true }); // NOT OK + await execa(cmd, [arg1], { shell: true }); // NOT OK - await execaCommand(cmd + arg); // NOT OK - execaCommandSync(cmd + arg); // NOT OK - await execaCommand(cmd + arg, { shell: true }); // NOT OK - execaCommandSync(cmd + arg, { shell: true }); // NOT OK + execaSync(cmd, [arg1]); // NOT OK + execaSync(cmd, [arg1], { shell: true }); // NOT OK + + await execaCommand(cmd + arg1); // NOT OK + await execaCommand(cmd + arg1, { shell: true }); // NOT OK + + execaCommandSync(cmd + arg1); // NOT OK + execaCommandSync(cmd + arg1, { shell: true }); // NOT OK }); \ No newline at end of file From 261cabde67fdbb2f36077c0c97607a668e74d380 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Wed, 11 Oct 2023 17:44:12 +0200 Subject: [PATCH 07/38] better comments --- javascript/ql/lib/semmle/javascript/frameworks/Execa.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll index db504b06c60..90c84107120 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -133,7 +133,12 @@ module Execa { } override DataFlow::Node getArgumentList() { + result = this.getParameter(any(int i | i > 2)).asSink() and + // here I should check if the first parameter of Template literal is the rightmost string of this Template literal then the arguments of this command execution will be the second and third and .. parameters + not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches("")) + or result = this.getParameter(any(int i | i > 1)).asSink() and + // here I should check if the first parameter of Template literal is a constant which is the command, then the arguments of this command execution will be the first, second and third and .. parameters not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches("")) } From 3899f2cdf3c97c00dc7af67586ad38f34c7f9312 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Thu, 12 Oct 2023 10:44:30 +0200 Subject: [PATCH 08/38] upgrade execa scripts --- .../semmle/javascript/frameworks/Execa.qll | 20 +- .../CommandInjection.expected | 290 +++++++++++------- .../CWE-078/CommandInjection/execa.js | 37 +-- 3 files changed, 213 insertions(+), 134 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll index 90c84107120..c73b6919957 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll @@ -125,7 +125,10 @@ module Execa { class ExecaScript extends SystemCommandExecution, ExecaScriptCall { ExecaScript() { isSync = [false, true] } - override DataFlow::Node getACommandArgument() { result = this.getParameter(1).asSink() } + override DataFlow::Node getACommandArgument() { + result = this.getParameter(1).asSink() and + not isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent()) + } override predicate isShellInterpreted(DataFlow::Node arg) { isExecaShellEnable(this.getParameter(0)) and @@ -133,13 +136,11 @@ module Execa { } override DataFlow::Node getArgumentList() { - result = this.getParameter(any(int i | i > 2)).asSink() and - // here I should check if the first parameter of Template literal is the rightmost string of this Template literal then the arguments of this command execution will be the second and third and .. parameters - not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches("")) + result = this.getParameter(any(int i | i >= 1)).asSink() and + isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent()) or - result = this.getParameter(any(int i | i > 1)).asSink() and - // here I should check if the first parameter of Template literal is a constant which is the command, then the arguments of this command execution will be the first, second and third and .. parameters - not exists(string s | this.getACall().getArgument(0).mayHaveStringValue(s) | s.matches("")) + result = this.getParameter(any(int i | i >= 2)).asSink() and + not isTaggedTemplateFirstChildAnElement(this.getParameter(1).asSink().asExpr().getParent()) } override DataFlow::Node getOptionsArg() { result = this.getParameter(0).asSink() } @@ -196,6 +197,11 @@ module Execa { } } + /** Gets a TemplateLiteral and check if first child is a template element */ + private predicate isTaggedTemplateFirstChildAnElement(TemplateLiteral templateLit) { + exists(templateLit.getChildExpr(0).(TemplateElement)) + } + /** * Holds whether Execa has shell enabled options or not, get Parameter responsible for options */ diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index 02f1ccf774d..20fa7f65279 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -110,48 +110,72 @@ nodes | execa.js:6:15:6:54 | url.par ... md"][0] | | execa.js:6:25:6:31 | req.url | | execa.js:6:25:6:31 | req.url | -| execa.js:7:9:7:51 | arg | -| execa.js:7:15:7:38 | url.par ... , true) | -| execa.js:7:15:7:44 | url.par ... ).query | -| execa.js:7:15:7:51 | url.par ... ["arg"] | -| execa.js:7:25:7:31 | req.url | -| execa.js:7:25:7:31 | req.url | -| execa.js:9:15:9:17 | cmd | -| execa.js:9:15:9:17 | cmd | -| execa.js:10:14:10:16 | cmd | -| execa.js:10:14:10:16 | cmd | -| execa.js:11:32:11:34 | cmd | -| execa.js:11:32:11:34 | cmd | -| execa.js:12:33:12:35 | cmd | -| execa.js:12:33:12:35 | cmd | -| execa.js:14:17:14:19 | cmd | -| execa.js:14:17:14:19 | cmd | -| execa.js:15:17:15:19 | cmd | -| execa.js:15:17:15:19 | cmd | -| execa.js:16:17:16:19 | cmd | -| execa.js:16:17:16:19 | cmd | -| execa.js:17:17:17:19 | cmd | -| execa.js:17:17:17:19 | cmd | -| execa.js:18:15:18:17 | cmd | -| execa.js:18:15:18:17 | cmd | -| execa.js:19:15:19:17 | cmd | -| execa.js:19:15:19:17 | cmd | -| execa.js:21:24:21:26 | cmd | -| execa.js:21:24:21:32 | cmd + arg | -| execa.js:21:24:21:32 | cmd + arg | -| execa.js:21:30:21:32 | arg | -| execa.js:22:22:22:24 | cmd | -| execa.js:22:22:22:30 | cmd + arg | -| execa.js:22:22:22:30 | cmd + arg | -| execa.js:22:28:22:30 | arg | -| execa.js:23:24:23:26 | cmd | -| execa.js:23:24:23:32 | cmd + arg | -| execa.js:23:24:23:32 | cmd + arg | -| execa.js:23:30:23:32 | arg | -| execa.js:24:22:24:24 | cmd | -| execa.js:24:22:24:30 | cmd + arg | -| execa.js:24:22:24:30 | cmd + arg | -| execa.js:24:28:24:30 | arg | +| execa.js:7:9:7:53 | arg1 | +| execa.js:7:16:7:39 | url.par ... , true) | +| execa.js:7:16:7:45 | url.par ... ).query | +| execa.js:7:16:7:53 | url.par ... "arg1"] | +| execa.js:7:26:7:32 | req.url | +| execa.js:7:26:7:32 | req.url | +| execa.js:8:9:8:53 | arg2 | +| execa.js:8:16:8:39 | url.par ... , true) | +| execa.js:8:16:8:45 | url.par ... ).query | +| execa.js:8:16:8:53 | url.par ... "arg2"] | +| execa.js:8:26:8:32 | req.url | +| execa.js:8:26:8:32 | req.url | +| execa.js:9:9:9:53 | arg3 | +| execa.js:9:16:9:39 | url.par ... , true) | +| execa.js:9:16:9:45 | url.par ... ).query | +| execa.js:9:16:9:53 | url.par ... "arg3"] | +| execa.js:9:26:9:32 | req.url | +| execa.js:9:26:9:32 | req.url | +| execa.js:11:15:11:17 | cmd | +| execa.js:11:15:11:17 | cmd | +| execa.js:13:32:13:34 | cmd | +| execa.js:13:32:13:34 | cmd | +| execa.js:14:31:14:33 | cmd | +| execa.js:14:31:14:33 | cmd | +| execa.js:17:14:17:16 | cmd | +| execa.js:17:14:17:16 | cmd | +| execa.js:19:32:19:34 | cmd | +| execa.js:19:32:19:34 | cmd | +| execa.js:20:33:20:35 | cmd | +| execa.js:20:33:20:35 | cmd | +| execa.js:23:17:23:19 | cmd | +| execa.js:23:17:23:19 | cmd | +| execa.js:24:17:24:19 | cmd | +| execa.js:24:17:24:19 | cmd | +| execa.js:25:17:25:19 | cmd | +| execa.js:25:17:25:19 | cmd | +| execa.js:26:17:26:19 | cmd | +| execa.js:26:17:26:19 | cmd | +| execa.js:28:15:28:17 | cmd | +| execa.js:28:15:28:17 | cmd | +| execa.js:29:15:29:17 | cmd | +| execa.js:29:15:29:17 | cmd | +| execa.js:31:24:31:26 | cmd | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:30:31:33 | arg1 | +| execa.js:31:37:31:40 | arg2 | +| execa.js:31:44:31:47 | arg3 | +| execa.js:32:24:32:26 | cmd | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:30:32:33 | arg1 | +| execa.js:32:37:32:40 | arg2 | +| execa.js:32:44:32:47 | arg3 | +| execa.js:34:22:34:24 | cmd | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:28:34:31 | arg1 | +| execa.js:34:35:34:38 | arg2 | +| execa.js:34:42:34:45 | arg3 | +| execa.js:35:22:35:24 | cmd | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:28:35:31 | arg1 | +| execa.js:35:35:35:38 | arg2 | +| execa.js:35:42:35:45 | arg3 | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:19:9:26 | req.file | @@ -335,61 +359,99 @@ edges | execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | | execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | | execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:9:15:9:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:10:14:10:16 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:11:32:11:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:12:33:12:35 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:14:17:14:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:15:17:15:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:16:17:16:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:17:17:17:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:18:15:18:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:19:15:19:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:21:24:21:26 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:22:22:22:24 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:23:24:23:26 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:24:22:24:24 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:31:24:31:26 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:32:24:32:26 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:34:22:34:24 | cmd | +| execa.js:6:9:6:54 | cmd | execa.js:35:22:35:24 | cmd | | execa.js:6:15:6:38 | url.par ... , true) | execa.js:6:15:6:44 | url.par ... ).query | | execa.js:6:15:6:44 | url.par ... ).query | execa.js:6:15:6:51 | url.par ... ["cmd"] | | execa.js:6:15:6:51 | url.par ... ["cmd"] | execa.js:6:15:6:54 | url.par ... md"][0] | | execa.js:6:15:6:54 | url.par ... md"][0] | execa.js:6:9:6:54 | cmd | | execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | | execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | -| execa.js:7:9:7:51 | arg | execa.js:21:30:21:32 | arg | -| execa.js:7:9:7:51 | arg | execa.js:22:28:22:30 | arg | -| execa.js:7:9:7:51 | arg | execa.js:23:30:23:32 | arg | -| execa.js:7:9:7:51 | arg | execa.js:24:28:24:30 | arg | -| execa.js:7:15:7:38 | url.par ... , true) | execa.js:7:15:7:44 | url.par ... ).query | -| execa.js:7:15:7:44 | url.par ... ).query | execa.js:7:15:7:51 | url.par ... ["arg"] | -| execa.js:7:15:7:51 | url.par ... ["arg"] | execa.js:7:9:7:51 | arg | -| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) | -| execa.js:7:25:7:31 | req.url | execa.js:7:15:7:38 | url.par ... , true) | -| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg | -| execa.js:21:24:21:26 | cmd | execa.js:21:24:21:32 | cmd + arg | -| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg | -| execa.js:21:30:21:32 | arg | execa.js:21:24:21:32 | cmd + arg | -| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg | -| execa.js:22:22:22:24 | cmd | execa.js:22:22:22:30 | cmd + arg | -| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg | -| execa.js:22:28:22:30 | arg | execa.js:22:22:22:30 | cmd + arg | -| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg | -| execa.js:23:24:23:26 | cmd | execa.js:23:24:23:32 | cmd + arg | -| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg | -| execa.js:23:30:23:32 | arg | execa.js:23:24:23:32 | cmd + arg | -| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg | -| execa.js:24:22:24:24 | cmd | execa.js:24:22:24:30 | cmd + arg | -| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg | -| execa.js:24:28:24:30 | arg | execa.js:24:22:24:30 | cmd + arg | +| execa.js:7:9:7:53 | arg1 | execa.js:31:30:31:33 | arg1 | +| execa.js:7:9:7:53 | arg1 | execa.js:32:30:32:33 | arg1 | +| execa.js:7:9:7:53 | arg1 | execa.js:34:28:34:31 | arg1 | +| execa.js:7:9:7:53 | arg1 | execa.js:35:28:35:31 | arg1 | +| execa.js:7:16:7:39 | url.par ... , true) | execa.js:7:16:7:45 | url.par ... ).query | +| execa.js:7:16:7:45 | url.par ... ).query | execa.js:7:16:7:53 | url.par ... "arg1"] | +| execa.js:7:16:7:53 | url.par ... "arg1"] | execa.js:7:9:7:53 | arg1 | +| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) | +| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) | +| execa.js:8:9:8:53 | arg2 | execa.js:31:37:31:40 | arg2 | +| execa.js:8:9:8:53 | arg2 | execa.js:32:37:32:40 | arg2 | +| execa.js:8:9:8:53 | arg2 | execa.js:34:35:34:38 | arg2 | +| execa.js:8:9:8:53 | arg2 | execa.js:35:35:35:38 | arg2 | +| execa.js:8:16:8:39 | url.par ... , true) | execa.js:8:16:8:45 | url.par ... ).query | +| execa.js:8:16:8:45 | url.par ... ).query | execa.js:8:16:8:53 | url.par ... "arg2"] | +| execa.js:8:16:8:53 | url.par ... "arg2"] | execa.js:8:9:8:53 | arg2 | +| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) | +| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) | +| execa.js:9:9:9:53 | arg3 | execa.js:31:44:31:47 | arg3 | +| execa.js:9:9:9:53 | arg3 | execa.js:32:44:32:47 | arg3 | +| execa.js:9:9:9:53 | arg3 | execa.js:34:42:34:45 | arg3 | +| execa.js:9:9:9:53 | arg3 | execa.js:35:42:35:45 | arg3 | +| execa.js:9:16:9:39 | url.par ... , true) | execa.js:9:16:9:45 | url.par ... ).query | +| execa.js:9:16:9:45 | url.par ... ).query | execa.js:9:16:9:53 | url.par ... "arg3"] | +| execa.js:9:16:9:53 | url.par ... "arg3"] | execa.js:9:9:9:53 | arg3 | +| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) | +| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) | +| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 | +| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 | +| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 | +| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 | +| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | @@ -495,24 +557,34 @@ edges | exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value | | exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value | | execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value | -| execa.js:9:15:9:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:9:15:9:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:10:14:10:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:10:14:10:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:11:32:11:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:32:11:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:12:33:12:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:12:33:12:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:14:17:14:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:17:14:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:15:17:15:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:15:17:15:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:16:17:16:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:16:17:16:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:17:17:17:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:17:17:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:18:15:18:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:18:15:18:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:19:15:19:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:15:19:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:21:24:21:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:21:24:21:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:21:24:21:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | -| execa.js:22:22:22:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:22:22:22:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:22:22:22:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | -| execa.js:23:24:23:32 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:23:24:23:32 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:23:24:23:32 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | -| execa.js:24:22:24:30 | cmd + arg | execa.js:6:25:6:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:24:22:24:30 | cmd + arg | execa.js:7:25:7:31 | req.url | execa.js:24:22:24:30 | cmd + arg | This command line depends on a $@. | execa.js:7:25:7:31 | req.url | user-provided value | +| execa.js:11:15:11:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:15:11:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:13:32:13:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:13:32:13:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:14:31:14:33 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:31:14:33 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:17:14:17:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:14:17:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:19:32:19:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:32:19:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:20:33:20:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:20:33:20:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:23:17:23:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:23:17:23:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:24:17:24:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:24:17:24:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:25:17:25:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:25:17:25:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:26:17:26:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:26:17:26:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:28:15:28:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:28:15:28:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:29:15:29:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:29:15:29:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | +| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | +| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | +| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | +| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | | form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value | | form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value | | form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js index 5155b228550..9762f361f48 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js @@ -6,30 +6,31 @@ http.createServer(async function (req, res) { let cmd = url.parse(req.url, true).query["cmd"][0]; let arg1 = url.parse(req.url, true).query["arg1"]; let arg2 = url.parse(req.url, true).query["arg2"]; + let arg3 = url.parse(req.url, true).query["arg3"]; - await $`${cmd} ${arg1} ${arg2}`; // NOT OK - await $`ssh ${arg1} ${arg2}`; // NOT OK - $({ shell: false }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK - $({ shell: true }).sync`${cmd} ${arg} ${arg} ${arg2}`; // NOT OK - $({ shell: false }).sync`ssh ${arg} ${arg} ${arg2}`; // NOT OK + await $`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK + await $`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK + $({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK + $({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK + $({ shell: false }).sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK - $.sync`${cmd} ${arg1} ${arg2}`; // NOT OK - $.sync`ssh ${arg1} ${arg2}`; // NOT OK - await $({ shell: true })`${cmd} ${arg1} ${arg2}` // NOT OK - await $({ shell: false })`${cmd} ${arg1} ${arg2}` // NOT OK - await $({ shell: false })`ssh ${arg1} ${arg2}` // NOT OK + $.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK + $.sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK + await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK + await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK + await $({ shell: false })`ssh ${arg1} ${arg2} ${arg3}` // NOT OK - await execa(cmd, [arg1]); // NOT OK + await execa(cmd, [arg1, arg2, arg3]); // NOT OK await execa(cmd, { shell: true }); // NOT OK await execa(cmd, { shell: true }); // NOT OK - await execa(cmd, [arg1], { shell: true }); // NOT OK + await execa(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK - execaSync(cmd, [arg1]); // NOT OK - execaSync(cmd, [arg1], { shell: true }); // NOT OK + execaSync(cmd, [arg1, arg2, arg3]); // NOT OK + execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK - await execaCommand(cmd + arg1); // NOT OK - await execaCommand(cmd + arg1, { shell: true }); // NOT OK + await execaCommand(cmd + arg1 + arg2 + arg3); // NOT OK + await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK - execaCommandSync(cmd + arg1); // NOT OK - execaCommandSync(cmd + arg1, { shell: true }); // NOT OK + execaCommandSync(cmd + arg1 + arg2 + arg3); // NOT OK + execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK }); \ No newline at end of file From 67fb802f29dd03c38ec41e484f566a2bedd1a37b Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Tue, 5 Dec 2023 18:37:50 +0100 Subject: [PATCH 09/38] fix conflict --- .../CWE-022/TaintedPath/TaintedPath.expected | 548 ++++++------------ 1 file changed, 167 insertions(+), 381 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index a5e6653291a..177d6b266eb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1535,159 +1535,76 @@ nodes | TaintedPath.js:214:35:214:38 | path | | TaintedPath.js:214:35:214:38 | path | | TaintedPath.js:214:35:214:38 | path | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:30:6:36 | req.url | -| execa.js:6:30:6:36 | req.url | -| execa.js:6:30:6:36 | req.url | -| execa.js:6:30:6:36 | req.url | -| execa.js:6:30:6:36 | req.url | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:9:26:9:33 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:12:37:12:44 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:15:50:15:57 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | -| execa.js:18:62:18:69 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:28:8:34 | req.url | +| examples/TaintedPath.js:8:28:8:34 | req.url | +| examples/TaintedPath.js:8:28:8:34 | req.url | +| examples/TaintedPath.js:8:28:8:34 | req.url | +| examples/TaintedPath.js:8:28:8:34 | req.url | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | | express.js:8:20:8:32 | req.query.bar | | express.js:8:20:8:32 | req.query.bar | | express.js:8:20:8:32 | req.query.bar | @@ -6788,230 +6705,102 @@ edges | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:9:26:9:33 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:12:37:12:44 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:15:50:15:57 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:9:6:64 | filePath | execa.js:18:62:18:69 | filePath | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:43 | url.par ... , true) | execa.js:6:20:6:49 | url.par ... ).query | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:49 | url.par ... ).query | execa.js:6:20:6:61 | url.par ... ePath"] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:61 | url.par ... ePath"] | execa.js:6:20:6:64 | url.par ... th"][0] | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:20:6:64 | url.par ... th"][0] | execa.js:6:9:6:64 | filePath | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | -| execa.js:6:30:6:36 | req.url | execa.js:6:20:6:43 | url.par ... , true) | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | @@ -10722,10 +10511,7 @@ edges | TaintedPath.js:212:31:212:34 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:212:31:212:34 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | | TaintedPath.js:213:45:213:48 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:45:213:48 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | | TaintedPath.js:214:35:214:38 | path | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:214:35:214:38 | path | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value | -| execa.js:9:26:9:33 | filePath | execa.js:6:30:6:36 | req.url | execa.js:9:26:9:33 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | -| execa.js:12:37:12:44 | filePath | execa.js:6:30:6:36 | req.url | execa.js:12:37:12:44 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | -| execa.js:15:50:15:57 | filePath | execa.js:6:30:6:36 | req.url | execa.js:15:50:15:57 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | -| execa.js:18:62:18:69 | filePath | execa.js:6:30:6:36 | req.url | execa.js:18:62:18:69 | filePath | This path depends on a $@. | execa.js:6:30:6:36 | req.url | user-provided value | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value | | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value | | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | From 1547cd054600ed4fcfdc3670f2914c4eaa3e98d7 Mon Sep 17 00:00:00 2001 From: amammad <77095239+amammad@users.noreply.github.com> Date: Tue, 5 Dec 2023 18:59:46 +0100 Subject: [PATCH 10/38] added inline tests, move to experimental dir --- javascript/ql/lib/javascript.qll | 1 - .../experimental/semmle/javascript}/Execa.qll | 1 - .../Execa/CommandInjection/tests.expected | 22 ++ .../Execa/CommandInjection/tests.js | 36 ++++ .../Execa/CommandInjection/tests.ql | 38 ++++ .../Execa/PathInjection/tests.expected | 6 + .../Execa/PathInjection/tests.js} | 8 +- .../experimental/Execa/PathInjection/tests.ql | 34 +++ .../CommandInjection.expected | 194 ------------------ .../CWE-078/CommandInjection/execa.js | 36 ---- 10 files changed, 140 insertions(+), 236 deletions(-) rename javascript/ql/{lib/semmle/javascript/frameworks => src/experimental/semmle/javascript}/Execa.qll (98%) create mode 100644 javascript/ql/test/experimental/Execa/CommandInjection/tests.expected create mode 100644 javascript/ql/test/experimental/Execa/CommandInjection/tests.js create mode 100644 javascript/ql/test/experimental/Execa/CommandInjection/tests.ql create mode 100644 javascript/ql/test/experimental/Execa/PathInjection/tests.expected rename javascript/ql/test/{query-tests/Security/CWE-022/TaintedPath/execa.js => experimental/Execa/PathInjection/tests.js} (61%) create mode 100644 javascript/ql/test/experimental/Execa/PathInjection/tests.ql delete mode 100644 javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index 238bd870a90..07fb759bd65 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -123,7 +123,6 @@ import semmle.javascript.frameworks.Request import semmle.javascript.frameworks.RxJS import semmle.javascript.frameworks.ServerLess import semmle.javascript.frameworks.ShellJS -import semmle.javascript.frameworks.Execa import semmle.javascript.frameworks.Snapdragon import semmle.javascript.frameworks.SystemCommandExecutors import semmle.javascript.frameworks.SQL diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll b/javascript/ql/src/experimental/semmle/javascript/Execa.qll similarity index 98% rename from javascript/ql/lib/semmle/javascript/frameworks/Execa.qll rename to javascript/ql/src/experimental/semmle/javascript/Execa.qll index c73b6919957..2f301ae0bf8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Execa.qll +++ b/javascript/ql/src/experimental/semmle/javascript/Execa.qll @@ -3,7 +3,6 @@ */ import javascript -import semmle.javascript.security.dataflow.RequestForgeryCustomizations /** * Provide model for [Execa](https://github.com/sindresorhus/execa) package diff --git a/javascript/ql/test/experimental/Execa/CommandInjection/tests.expected b/javascript/ql/test/experimental/Execa/CommandInjection/tests.expected new file mode 100644 index 00000000000..931d1de923f --- /dev/null +++ b/javascript/ql/test/experimental/Execa/CommandInjection/tests.expected @@ -0,0 +1,22 @@ +passingPositiveTests +| PASSED | CommandInjection | tests.js:11:46:11:70 | // test ... jection | +| PASSED | CommandInjection | tests.js:12:43:12:67 | // test ... jection | +| PASSED | CommandInjection | tests.js:13:63:13:87 | // test ... jection | +| PASSED | CommandInjection | tests.js:14:62:14:86 | // test ... jection | +| PASSED | CommandInjection | tests.js:15:60:15:84 | // test ... jection | +| PASSED | CommandInjection | tests.js:17:45:17:69 | // test ... jection | +| PASSED | CommandInjection | tests.js:18:42:18:66 | // test ... jection | +| PASSED | CommandInjection | tests.js:19:62:19:86 | // test ... jection | +| PASSED | CommandInjection | tests.js:20:63:20:87 | // test ... jection | +| PASSED | CommandInjection | tests.js:21:60:21:84 | // test ... jection | +| PASSED | CommandInjection | tests.js:23:43:23:67 | // test ... jection | +| PASSED | CommandInjection | tests.js:24:40:24:64 | // test ... jection | +| PASSED | CommandInjection | tests.js:25:40:25:64 | // test ... jection | +| PASSED | CommandInjection | tests.js:26:60:26:84 | // test ... jection | +| PASSED | CommandInjection | tests.js:28:41:28:65 | // test ... jection | +| PASSED | CommandInjection | tests.js:29:58:29:82 | // test ... jection | +| PASSED | CommandInjection | tests.js:31:51:31:75 | // test ... jection | +| PASSED | CommandInjection | tests.js:32:68:32:92 | // test ... jection | +| PASSED | CommandInjection | tests.js:34:49:34:73 | // test ... jection | +| PASSED | CommandInjection | tests.js:35:66:35:90 | // test ... jection | +failingPositiveTests diff --git a/javascript/ql/test/experimental/Execa/CommandInjection/tests.js b/javascript/ql/test/experimental/Execa/CommandInjection/tests.js new file mode 100644 index 00000000000..eb35be96b61 --- /dev/null +++ b/javascript/ql/test/experimental/Execa/CommandInjection/tests.js @@ -0,0 +1,36 @@ +import { execa, execaSync, execaCommand, execaCommandSync, $ } from 'execa'; +import http from 'node:http' +import url from 'url' + +http.createServer(async function (req, res) { + let cmd = url.parse(req.url, true).query["cmd"][0]; + let arg1 = url.parse(req.url, true).query["arg1"]; + let arg2 = url.parse(req.url, true).query["arg2"]; + let arg3 = url.parse(req.url, true).query["arg3"]; + + await $`${cmd} ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + await $`ssh ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + $({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + $({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + $({ shell: false }).sync`ssh ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + + $.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + $.sync`ssh ${arg1} ${arg2} ${arg3}`; // test: CommandInjection + await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}` // test: CommandInjection + await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}` // test: CommandInjection + await $({ shell: false })`ssh ${arg1} ${arg2} ${arg3}` // test: CommandInjection + + await execa(cmd, [arg1, arg2, arg3]); // test: CommandInjection + await execa(cmd, { shell: true }); // test: CommandInjection + await execa(cmd, { shell: true }); // test: CommandInjection + await execa(cmd, [arg1, arg2, arg3], { shell: true }); // test: CommandInjection + + execaSync(cmd, [arg1, arg2, arg3]); // test: CommandInjection + execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // test: CommandInjection + + await execaCommand(cmd + arg1 + arg2 + arg3); // test: CommandInjection + await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // test: CommandInjection + + execaCommandSync(cmd + arg1 + arg2 + arg3); // test: CommandInjection + execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // test: CommandInjection +}); \ No newline at end of file diff --git a/javascript/ql/test/experimental/Execa/CommandInjection/tests.ql b/javascript/ql/test/experimental/Execa/CommandInjection/tests.ql new file mode 100644 index 00000000000..a8ab812f821 --- /dev/null +++ b/javascript/ql/test/experimental/Execa/CommandInjection/tests.ql @@ -0,0 +1,38 @@ +import javascript + +class InlineTest extends LineComment { + string tests; + + InlineTest() { tests = this.getText().regexpCapture("\\s*test:(.*)", 1) } + + string getPositiveTest() { + result = tests.trim().splitAt(",").trim() and not result.matches("!%") + } + + predicate hasPositiveTest(string test) { test = this.getPositiveTest() } + + predicate inNode(DataFlow::Node n) { + this.getLocation().getFile() = n.getFile() and + this.getLocation().getStartLine() = n.getStartLine() + } +} + +import experimental.semmle.javascript.Execa + +query predicate passingPositiveTests(string res, string expectation, InlineTest t) { + res = "PASSED" and + t.hasPositiveTest(expectation) and + expectation = "CommandInjection" and + exists(SystemCommandExecution n | + t.inNode(n.getArgumentList()) or t.inNode(n.getACommandArgument()) + ) +} + +query predicate failingPositiveTests(string res, string expectation, InlineTest t) { + res = "FAILED" and + t.hasPositiveTest(expectation) and + expectation = "CommandInjection" and + not exists(SystemCommandExecution n | + t.inNode(n.getArgumentList()) or t.inNode(n.getACommandArgument()) + ) +} diff --git a/javascript/ql/test/experimental/Execa/PathInjection/tests.expected b/javascript/ql/test/experimental/Execa/PathInjection/tests.expected new file mode 100644 index 00000000000..3149ae1c022 --- /dev/null +++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.expected @@ -0,0 +1,6 @@ +passingPositiveTests +| PASSED | PathInjection | tests.js:9:43:9:64 | // test ... jection | +| PASSED | PathInjection | tests.js:12:50:12:71 | // test ... jection | +| PASSED | PathInjection | tests.js:15:61:15:82 | // test ... jection | +| PASSED | PathInjection | tests.js:18:73:18:94 | // test ... jection | +failingPositiveTests diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js b/javascript/ql/test/experimental/Execa/PathInjection/tests.js similarity index 61% rename from javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js rename to javascript/ql/test/experimental/Execa/PathInjection/tests.js index b246f6c384e..4665b8c8950 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js +++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.js @@ -6,14 +6,14 @@ http.createServer(async function (req, res) { let filePath = url.parse(req.url, true).query["filePath"][0]; // Piping to stdin from a file - await $({ inputFile: filePath })`cat` // NOT OK + await $({ inputFile: filePath })`cat` // test: PathInjection // Piping to stdin from a file - await execa('cat', { inputFile: filePath }); // NOT OK + await execa('cat', { inputFile: filePath }); // test: PathInjection // Piping Stdout to file - await execa('echo', ['example3']).pipeStdout(filePath); // NOT OK + await execa('echo', ['example3']).pipeStdout(filePath); // test: PathInjection // Piping all of command output to file - await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // NOT OK + await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // test: PathInjection }); \ No newline at end of file diff --git a/javascript/ql/test/experimental/Execa/PathInjection/tests.ql b/javascript/ql/test/experimental/Execa/PathInjection/tests.ql new file mode 100644 index 00000000000..08b5435e01f --- /dev/null +++ b/javascript/ql/test/experimental/Execa/PathInjection/tests.ql @@ -0,0 +1,34 @@ +import javascript + +class InlineTest extends LineComment { + string tests; + + InlineTest() { tests = this.getText().regexpCapture("\\s*test:(.*)", 1) } + + string getPositiveTest() { + result = tests.trim().splitAt(",").trim() and not result.matches("!%") + } + + predicate hasPositiveTest(string test) { test = this.getPositiveTest() } + + predicate inNode(DataFlow::Node n) { + this.getLocation().getFile() = n.getFile() and + this.getLocation().getStartLine() = n.getStartLine() + } +} + +import experimental.semmle.javascript.Execa + +query predicate passingPositiveTests(string res, string expectation, InlineTest t) { + res = "PASSED" and + t.hasPositiveTest(expectation) and + expectation = "PathInjection" and + exists(FileSystemReadAccess n | t.inNode(n.getAPathArgument())) +} + +query predicate failingPositiveTests(string res, string expectation, InlineTest t) { + res = "FAILED" and + t.hasPositiveTest(expectation) and + expectation = "PathInjection" and + not exists(FileSystemReadAccess n | t.inNode(n.getAPathArgument())) +} diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index 20fa7f65279..fb8bc60e673 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -103,79 +103,6 @@ nodes | execSeries.js:18:34:18:40 | req.url | | execSeries.js:19:12:19:16 | [cmd] | | execSeries.js:19:13:19:15 | cmd | -| execa.js:6:9:6:54 | cmd | -| execa.js:6:15:6:38 | url.par ... , true) | -| execa.js:6:15:6:44 | url.par ... ).query | -| execa.js:6:15:6:51 | url.par ... ["cmd"] | -| execa.js:6:15:6:54 | url.par ... md"][0] | -| execa.js:6:25:6:31 | req.url | -| execa.js:6:25:6:31 | req.url | -| execa.js:7:9:7:53 | arg1 | -| execa.js:7:16:7:39 | url.par ... , true) | -| execa.js:7:16:7:45 | url.par ... ).query | -| execa.js:7:16:7:53 | url.par ... "arg1"] | -| execa.js:7:26:7:32 | req.url | -| execa.js:7:26:7:32 | req.url | -| execa.js:8:9:8:53 | arg2 | -| execa.js:8:16:8:39 | url.par ... , true) | -| execa.js:8:16:8:45 | url.par ... ).query | -| execa.js:8:16:8:53 | url.par ... "arg2"] | -| execa.js:8:26:8:32 | req.url | -| execa.js:8:26:8:32 | req.url | -| execa.js:9:9:9:53 | arg3 | -| execa.js:9:16:9:39 | url.par ... , true) | -| execa.js:9:16:9:45 | url.par ... ).query | -| execa.js:9:16:9:53 | url.par ... "arg3"] | -| execa.js:9:26:9:32 | req.url | -| execa.js:9:26:9:32 | req.url | -| execa.js:11:15:11:17 | cmd | -| execa.js:11:15:11:17 | cmd | -| execa.js:13:32:13:34 | cmd | -| execa.js:13:32:13:34 | cmd | -| execa.js:14:31:14:33 | cmd | -| execa.js:14:31:14:33 | cmd | -| execa.js:17:14:17:16 | cmd | -| execa.js:17:14:17:16 | cmd | -| execa.js:19:32:19:34 | cmd | -| execa.js:19:32:19:34 | cmd | -| execa.js:20:33:20:35 | cmd | -| execa.js:20:33:20:35 | cmd | -| execa.js:23:17:23:19 | cmd | -| execa.js:23:17:23:19 | cmd | -| execa.js:24:17:24:19 | cmd | -| execa.js:24:17:24:19 | cmd | -| execa.js:25:17:25:19 | cmd | -| execa.js:25:17:25:19 | cmd | -| execa.js:26:17:26:19 | cmd | -| execa.js:26:17:26:19 | cmd | -| execa.js:28:15:28:17 | cmd | -| execa.js:28:15:28:17 | cmd | -| execa.js:29:15:29:17 | cmd | -| execa.js:29:15:29:17 | cmd | -| execa.js:31:24:31:26 | cmd | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:30:31:33 | arg1 | -| execa.js:31:37:31:40 | arg2 | -| execa.js:31:44:31:47 | arg3 | -| execa.js:32:24:32:26 | cmd | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:30:32:33 | arg1 | -| execa.js:32:37:32:40 | arg2 | -| execa.js:32:44:32:47 | arg3 | -| execa.js:34:22:34:24 | cmd | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:28:34:31 | arg1 | -| execa.js:34:35:34:38 | arg2 | -| execa.js:34:42:34:45 | arg3 | -| execa.js:35:22:35:24 | cmd | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:28:35:31 | arg1 | -| execa.js:35:35:35:38 | arg2 | -| execa.js:35:42:35:45 | arg3 | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:9:19:9:26 | req.file | @@ -359,99 +286,6 @@ edges | execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | | execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | | execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:11:15:11:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:13:32:13:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:14:31:14:33 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:17:14:17:16 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:19:32:19:34 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:20:33:20:35 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:23:17:23:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:24:17:24:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:25:17:25:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:26:17:26:19 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:28:15:28:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:29:15:29:17 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:31:24:31:26 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:32:24:32:26 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:34:22:34:24 | cmd | -| execa.js:6:9:6:54 | cmd | execa.js:35:22:35:24 | cmd | -| execa.js:6:15:6:38 | url.par ... , true) | execa.js:6:15:6:44 | url.par ... ).query | -| execa.js:6:15:6:44 | url.par ... ).query | execa.js:6:15:6:51 | url.par ... ["cmd"] | -| execa.js:6:15:6:51 | url.par ... ["cmd"] | execa.js:6:15:6:54 | url.par ... md"][0] | -| execa.js:6:15:6:54 | url.par ... md"][0] | execa.js:6:9:6:54 | cmd | -| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | -| execa.js:6:25:6:31 | req.url | execa.js:6:15:6:38 | url.par ... , true) | -| execa.js:7:9:7:53 | arg1 | execa.js:31:30:31:33 | arg1 | -| execa.js:7:9:7:53 | arg1 | execa.js:32:30:32:33 | arg1 | -| execa.js:7:9:7:53 | arg1 | execa.js:34:28:34:31 | arg1 | -| execa.js:7:9:7:53 | arg1 | execa.js:35:28:35:31 | arg1 | -| execa.js:7:16:7:39 | url.par ... , true) | execa.js:7:16:7:45 | url.par ... ).query | -| execa.js:7:16:7:45 | url.par ... ).query | execa.js:7:16:7:53 | url.par ... "arg1"] | -| execa.js:7:16:7:53 | url.par ... "arg1"] | execa.js:7:9:7:53 | arg1 | -| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) | -| execa.js:7:26:7:32 | req.url | execa.js:7:16:7:39 | url.par ... , true) | -| execa.js:8:9:8:53 | arg2 | execa.js:31:37:31:40 | arg2 | -| execa.js:8:9:8:53 | arg2 | execa.js:32:37:32:40 | arg2 | -| execa.js:8:9:8:53 | arg2 | execa.js:34:35:34:38 | arg2 | -| execa.js:8:9:8:53 | arg2 | execa.js:35:35:35:38 | arg2 | -| execa.js:8:16:8:39 | url.par ... , true) | execa.js:8:16:8:45 | url.par ... ).query | -| execa.js:8:16:8:45 | url.par ... ).query | execa.js:8:16:8:53 | url.par ... "arg2"] | -| execa.js:8:16:8:53 | url.par ... "arg2"] | execa.js:8:9:8:53 | arg2 | -| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) | -| execa.js:8:26:8:32 | req.url | execa.js:8:16:8:39 | url.par ... , true) | -| execa.js:9:9:9:53 | arg3 | execa.js:31:44:31:47 | arg3 | -| execa.js:9:9:9:53 | arg3 | execa.js:32:44:32:47 | arg3 | -| execa.js:9:9:9:53 | arg3 | execa.js:34:42:34:45 | arg3 | -| execa.js:9:9:9:53 | arg3 | execa.js:35:42:35:45 | arg3 | -| execa.js:9:16:9:39 | url.par ... , true) | execa.js:9:16:9:45 | url.par ... ).query | -| execa.js:9:16:9:45 | url.par ... ).query | execa.js:9:16:9:53 | url.par ... "arg3"] | -| execa.js:9:16:9:53 | url.par ... "arg3"] | execa.js:9:9:9:53 | arg3 | -| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) | -| execa.js:9:26:9:32 | req.url | execa.js:9:16:9:39 | url.par ... , true) | -| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:24:31:26 | cmd | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:30:31:33 | arg1 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:37:31:40 | arg2 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:31:44:31:47 | arg3 | execa.js:31:24:31:47 | cmd + a ... + arg3 | -| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:24:32:26 | cmd | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:30:32:33 | arg1 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:37:32:40 | arg2 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:32:44:32:47 | arg3 | execa.js:32:24:32:47 | cmd + a ... + arg3 | -| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:22:34:24 | cmd | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:28:34:31 | arg1 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:35:34:38 | arg2 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:34:42:34:45 | arg3 | execa.js:34:22:34:45 | cmd + a ... + arg3 | -| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:22:35:24 | cmd | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:28:35:31 | arg1 | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:35:35:38 | arg2 | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 | -| execa.js:35:42:35:45 | arg3 | execa.js:35:22:35:45 | cmd + a ... + arg3 | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | | form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | @@ -557,34 +391,6 @@ edges | exec-sh2.js:10:12:10:57 | cp.spaw ... ptions) | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:10:40:10:46 | command | This command line depends on a $@. | exec-sh2.js:14:25:14:31 | req.url | user-provided value | | exec-sh.js:15:12:15:61 | cp.spaw ... ptions) | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:15:44:15:50 | command | This command line depends on a $@. | exec-sh.js:19:25:19:31 | req.url | user-provided value | | execSeries.js:14:41:14:47 | command | execSeries.js:18:34:18:40 | req.url | execSeries.js:14:41:14:47 | command | This command line depends on a $@. | execSeries.js:18:34:18:40 | req.url | user-provided value | -| execa.js:11:15:11:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:11:15:11:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:13:32:13:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:13:32:13:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:14:31:14:33 | cmd | execa.js:6:25:6:31 | req.url | execa.js:14:31:14:33 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:17:14:17:16 | cmd | execa.js:6:25:6:31 | req.url | execa.js:17:14:17:16 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:19:32:19:34 | cmd | execa.js:6:25:6:31 | req.url | execa.js:19:32:19:34 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:20:33:20:35 | cmd | execa.js:6:25:6:31 | req.url | execa.js:20:33:20:35 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:23:17:23:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:23:17:23:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:24:17:24:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:24:17:24:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:25:17:25:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:25:17:25:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:26:17:26:19 | cmd | execa.js:6:25:6:31 | req.url | execa.js:26:17:26:19 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:28:15:28:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:28:15:28:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:29:15:29:17 | cmd | execa.js:6:25:6:31 | req.url | execa.js:29:15:29:17 | cmd | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | -| execa.js:31:24:31:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:31:24:31:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | -| execa.js:32:24:32:47 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:32:24:32:47 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | -| execa.js:34:22:34:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:34:22:34:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:6:25:6:31 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:6:25:6:31 | req.url | user-provided value | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:7:26:7:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:7:26:7:32 | req.url | user-provided value | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:8:26:8:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:8:26:8:32 | req.url | user-provided value | -| execa.js:35:22:35:45 | cmd + a ... + arg3 | execa.js:9:26:9:32 | req.url | execa.js:35:22:35:45 | cmd + a ... + arg3 | This command line depends on a $@. | execa.js:9:26:9:32 | req.url | user-provided value | | form-parsers.js:9:8:9:39 | "touch ... nalname | form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:9:19:9:26 | req.file | user-provided value | | form-parsers.js:14:10:14:37 | "touch ... nalname | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:14:10:14:37 | "touch ... nalname | This command line depends on a $@. | form-parsers.js:13:3:13:11 | req.files | user-provided value | | form-parsers.js:25:10:25:28 | "touch " + filename | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | This command line depends on a $@. | form-parsers.js:24:48:24:55 | filename | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js deleted file mode 100644 index 9762f361f48..00000000000 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js +++ /dev/null @@ -1,36 +0,0 @@ -import { execa, execaSync, execaCommand, execaCommandSync, $ } from 'execa'; -import http from 'node:http' -import url from 'url' - -http.createServer(async function (req, res) { - let cmd = url.parse(req.url, true).query["cmd"][0]; - let arg1 = url.parse(req.url, true).query["arg1"]; - let arg2 = url.parse(req.url, true).query["arg2"]; - let arg3 = url.parse(req.url, true).query["arg3"]; - - await $`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK - await $`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK - $({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK - $({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK - $({ shell: false }).sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK - - $.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // NOT OK - $.sync`ssh ${arg1} ${arg2} ${arg3}`; // NOT OK - await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK - await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}` // NOT OK - await $({ shell: false })`ssh ${arg1} ${arg2} ${arg3}` // NOT OK - - await execa(cmd, [arg1, arg2, arg3]); // NOT OK - await execa(cmd, { shell: true }); // NOT OK - await execa(cmd, { shell: true }); // NOT OK - await execa(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK - - execaSync(cmd, [arg1, arg2, arg3]); // NOT OK - execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // NOT OK - - await execaCommand(cmd + arg1 + arg2 + arg3); // NOT OK - await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK - - execaCommandSync(cmd + arg1 + arg2 + arg3); // NOT OK - execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // NOT OK -}); \ No newline at end of file From 12494a0c5a609489efe3a7dc3f422b3204e9ee00 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 21 May 2024 12:47:38 +0200 Subject: [PATCH 11/38] C#: Use nuget feeds from nuget.config in fallback restore --- .../EnvironmentVariableNames.cs | 5 +++ .../NugetPackageRestorer.cs | 33 +++++++++++---- .../Assemblies.expected | 1 + .../Assemblies.ql | 11 +++++ .../CompilationInfo.expected | 16 +++++++ .../CompilationInfo.ql | 15 +++++++ .../diagnostics.expected | 42 +++++++++++++++++++ .../proj/Program.cs | 6 +++ .../proj/nuget.config | 7 ++++ .../proj/proj.csproj | 16 +++++++ .../standalone.sln | 19 +++++++++ .../test.py | 14 +++++++ 12 files changed, 176 insertions(+), 9 deletions(-) create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln create mode 100644 csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs index 134b1857f8f..d9a0eac4845 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs @@ -60,6 +60,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching /// public const string FallbackNugetFeeds = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK"; + /// + /// Controls whether to include NuGet feeds from nuget.config files in the fallback restore logic. + /// + public const string AddNugetConfigFeedsToFallback = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK_INCLUDE_NUGET_CONFIG_FEEDS"; + /// /// Specifies the path to the nuget executable to be used for package restoration. /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs index 5e556682df2..0204e9b7c40 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs @@ -98,12 +98,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching logger.LogInfo($"Checking NuGet feed responsiveness: {checkNugetFeedResponsiveness}"); compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0")); + HashSet? explicitFeeds = null; + try { - if (checkNugetFeedResponsiveness && !CheckFeeds()) + if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds)) { // todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too. - var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(); + var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(explicitFeeds); return unresponsiveMissingPackageLocation is null ? [] : [unresponsiveMissingPackageLocation]; @@ -163,7 +165,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching LogAllUnusedPackages(dependencies); var missingPackageLocation = checkNugetFeedResponsiveness - ? DownloadMissingPackagesFromSpecificFeeds() + ? DownloadMissingPackagesFromSpecificFeeds(explicitFeeds) : DownloadMissingPackages(); if (missingPackageLocation is not null) @@ -173,13 +175,24 @@ namespace Semmle.Extraction.CSharp.DependencyFetching return assemblyLookupLocations; } - private List GetReachableFallbackNugetFeeds() + private List GetReachableFallbackNugetFeeds(HashSet? feedsFromNugetConfigs) { var fallbackFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.FallbackNugetFeeds).ToHashSet(); if (fallbackFeeds.Count == 0) { fallbackFeeds.Add(PublicNugetOrgFeed); - logger.LogInfo($"No fallback Nuget feeds specified. Using default feed: {PublicNugetOrgFeed}"); + logger.LogInfo($"No fallback Nuget feeds specified. Adding default feed: {PublicNugetOrgFeed}"); + + var shouldAddNugetConfigFeeds = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.AddNugetConfigFeedsToFallback); + logger.LogInfo($"Adding feeds from nuget.config to fallback restore: {shouldAddNugetConfigFeeds}"); + + if (shouldAddNugetConfigFeeds && feedsFromNugetConfigs?.Count > 0) + { + // There are some feeds in `feedsFromNugetConfigs` that have already been checked for reachability, we could skip those. + // But we might use different responsiveness testing settings when we try them in the fallback logic, so checking them again is safer. + fallbackFeeds.UnionWith(feedsFromNugetConfigs); + logger.LogInfo($"Using Nuget feeds from nuget.config files as fallback feeds: {string.Join(", ", feedsFromNugetConfigs.OrderBy(f => f))}"); + } } logger.LogInfo($"Checking fallback Nuget feed reachability on feeds: {string.Join(", ", fallbackFeeds.OrderBy(f => f))}"); @@ -194,6 +207,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching logger.LogInfo($"Reachable fallback Nuget feeds: {string.Join(", ", reachableFallbackFeeds.OrderBy(f => f))}"); } + compilationInfoContainer.CompilationInfos.Add(("Reachable fallback Nuget feed count", reachableFallbackFeeds.Count.ToString())); + return reachableFallbackFeeds; } @@ -272,9 +287,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching compilationInfoContainer.CompilationInfos.Add(("Failed project restore with package source error", nugetSourceFailures.ToString())); } - private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds() + private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(HashSet? feedsFromNugetConfigs) { - var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(); + var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs); if (reachableFallbackFeeds.Count > 0) { return DownloadMissingPackages(fallbackNugetFeeds: reachableFallbackFeeds); @@ -623,10 +638,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching return (timeoutMilliSeconds, tryCount); } - private bool CheckFeeds() + private bool CheckFeeds(out HashSet explicitFeeds) { logger.LogInfo("Checking Nuget feeds..."); - var (explicitFeeds, allFeeds) = GetAllFeeds(); + (explicitFeeds, var allFeeds) = GetAllFeeds(); var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck) .ToHashSet() ?? []; diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected new file mode 100644 index 00000000000..2a530060edb --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected @@ -0,0 +1 @@ +| [...]/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql new file mode 100644 index 00000000000..79cf92de791 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql @@ -0,0 +1,11 @@ +import csharp + +private string getPath(Assembly a) { + not a.getCompilation().getOutputAssembly() = a and + exists(string s | s = a.getFile().getAbsolutePath() | + result = "[...]/" + s.substring(s.indexOf("newtonsoft.json"), s.length()) + ) +} + +from Assembly a +select getPath(a) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected new file mode 100644 index 00000000000..9e869e1a6fb --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected @@ -0,0 +1,16 @@ +| All Nuget feeds reachable | 0.0 | +| Fallback nuget restore | 1.0 | +| NuGet feed responsiveness checked | 1.0 | +| Project files on filesystem | 1.0 | +| Reachable fallback Nuget feed count | 2.0 | +| Resolved assembly conflicts | 7.0 | +| Resource extraction enabled | 0.0 | +| Restored .NET framework variants | 0.0 | +| Solution files on filesystem | 1.0 | +| Source files generated | 0.0 | +| Source files on filesystem | 1.0 | +| Successfully ran fallback nuget restore | 1.0 | +| Unresolved references | 0.0 | +| UseWPF set | 0.0 | +| UseWindowsForms set | 0.0 | +| WebView extraction enabled | 1.0 | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql new file mode 100644 index 00000000000..073ffe3b224 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql @@ -0,0 +1,15 @@ +import csharp +import semmle.code.csharp.commons.Diagnostics + +query predicate compilationInfo(string key, float value) { + key != "Resolved references" and + not key.matches("Compiler diagnostic count for%") and + exists(Compilation c, string infoKey, string infoValue | infoValue = c.getInfo(infoKey) | + key = infoKey and + value = infoValue.toFloat() + or + not exists(infoValue.toFloat()) and + key = infoKey + ": " + infoValue and + value = 1 + ) +} diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected new file mode 100644 index 00000000000..5f298cd3a11 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected @@ -0,0 +1,42 @@ +{ + "markdownMessage": "C# analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "csharp", + "id": "csharp/autobuilder/buildless/complete", + "name": "C# analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "csharp", + "id": "csharp/autobuilder/buildless/mode-active", + "name": "C# with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Found unreachable Nuget feed in C# analysis with build-mode 'none'. This may cause missing dependencies in the analysis.", + "severity": "warning", + "source": { + "extractorName": "csharp", + "id": "csharp/autobuilder/buildless/unreachable-feed", + "name": "Found unreachable Nuget feed in C# analysis with build-mode 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs new file mode 100644 index 00000000000..39a9e95bb6e --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs @@ -0,0 +1,6 @@ +class Program +{ + static void Main(string[] args) + { + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config new file mode 100644 index 00000000000..6e4302658a9 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj new file mode 100644 index 00000000000..cef71796352 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj @@ -0,0 +1,16 @@ + + + + Exe + net8.0 + + + + + + + + + + + diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln new file mode 100644 index 00000000000..493ab54b59a --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln @@ -0,0 +1,19 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.5.002.0 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "proj", "proj\proj.csproj", "{6ED00460-7666-4AE9-A405-4B6C8B02279A}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {4ED55A1C-066C-43DF-B32E-7EAA035985EE} + EndGlobalSection +EndGlobal diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py new file mode 100644 index 00000000000..630dbfc06d4 --- /dev/null +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py @@ -0,0 +1,14 @@ +from create_database_utils import * +from diagnostics_test_utils import * +import os + +# os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK"] = "true" # Nuget feed check is enabled by default +os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_TIMEOUT"] = "1" # 1ms, the GET request should fail with such short timeout +os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_LIMIT"] = "1" # Limit the count of checks to 1 + +# Making sure the reachability test succeeds when doing a fallback restore: +os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000" +os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5" + +run_codeql_database_create([], lang="csharp", extra_args=["--build-mode=none"]) +check_diagnostics() \ No newline at end of file From 182325dc5ed1027268a220be040fef67aab11809 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 21 May 2024 14:03:04 +0200 Subject: [PATCH 12/38] Fix expected test files --- .../all-platforms/standalone_resx/CompilationInfo.expected | 1 + .../CompilationInfo.expected | 1 + .../CompilationInfo.expected | 1 + 3 files changed, 3 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected b/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected index 1fbab458c34..48cca253453 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected +++ b/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected @@ -3,6 +3,7 @@ | Failed solution restore with package source error | 0.0 | | NuGet feed responsiveness checked | 1.0 | | Project files on filesystem | 1.0 | +| Reachable fallback Nuget feed count | 1.0 | | Resource extraction enabled | 1.0 | | Restored .NET framework variants | 1.0 | | Restored projects through solution files | 0.0 | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected index 81a44b5f8fd..53ebd1016fb 100644 --- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected @@ -4,6 +4,7 @@ | Fallback nuget restore | 1.0 | | NuGet feed responsiveness checked | 1.0 | | Project files on filesystem | 1.0 | +| Reachable fallback Nuget feed count | 1.0 | | Resolved assembly conflicts | 7.0 | | Resource extraction enabled | 0.0 | | Restored .NET framework variants | 0.0 | diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected index 026a3d386e3..777d615d99b 100644 --- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected @@ -3,6 +3,7 @@ | Inherited Nuget feed count | 1.0 | | NuGet feed responsiveness checked | 1.0 | | Project files on filesystem | 1.0 | +| Reachable fallback Nuget feed count | 1.0 | | Resolved assembly conflicts | 7.0 | | Resource extraction enabled | 0.0 | | Restored .NET framework variants | 0.0 | From e4319db18d3a4ce61c059cffd583a162086b7d43 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 17 May 2024 13:14:03 +0200 Subject: [PATCH 13/38] C#: Filter out unwanted summaries at the root. --- .../semmle/code/csharp/dataflow/internal/ExternalFlow.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll index 79e39aa7df1..12702ad65af 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll @@ -554,7 +554,13 @@ private predicate interpretNeutral(UnboundCallable c, string kind, string proven // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _, _) } + SummarizedCallableAdapter() { + exists(Provenance provenance | interpretSummary(this, _, _, _, provenance, _) | + not this.hasBody() + or + this.hasBody() and provenance.isManual() + ) + } private predicate relevantSummaryElementManual( string input, string output, string kind, string model From 2449074f3d566b9b8e17f6e4712d8222ea145063 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 22 May 2024 12:53:29 +0200 Subject: [PATCH 14/38] C#: Remove the DataFlowSummarizedCallable as this narrowing is now handled in the adapter. --- .../csharp/dataflow/internal/DataFlowDispatch.qll | 15 +-------------- .../csharp/dataflow/internal/DataFlowPrivate.qll | 3 +-- .../dataflow/internal/TaintTrackingPrivate.qll | 9 +++------ csharp/ql/src/Language Abuse/ForeachCapture.ql | 3 +-- .../dataflow/external-models/steps.ql | 12 ++++-------- 5 files changed, 10 insertions(+), 32 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll index 4ff4722cfcc..3548a975338 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll @@ -24,19 +24,6 @@ newtype TReturnKind = TOutReturnKind(int i) { i = any(Parameter p | p.isOut()).getPosition() } or TRefReturnKind(int i) { i = any(Parameter p | p.isRef()).getPosition() } -/** - * A summarized callable where the summary should be used for dataflow analysis. - */ -class DataFlowSummarizedCallable instanceof FlowSummary::SummarizedCallable { - DataFlowSummarizedCallable() { - not this.hasBody() - or - this.hasBody() and not this.applyGeneratedModel() - } - - string toString() { result = super.toString() } -} - cached private module Cached { /** @@ -47,7 +34,7 @@ private module Cached { cached newtype TDataFlowCallable = TCallable(Callable c) { c.isUnboundDeclaration() } or - TSummarizedCallable(DataFlowSummarizedCallable sc) or + TSummarizedCallable(FlowSummary::SummarizedCallable sc) or TFieldOrPropertyCallable(FieldOrProperty f) or TCapturedVariableCallable(LocalScopeVariable v) { v.isCaptured() } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index 8c25ac5b186..487737e1f72 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -1181,8 +1181,7 @@ private module Cached { or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural - FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, - any(DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _) } cached diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 714be21b911..11c47c1d37e 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -119,22 +119,19 @@ private module Cached { ( // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural - FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, - any(DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _) or // Taint collection by adding a tainted element exists(DataFlow::ElementContent c | storeStep(nodeFrom, c, nodeTo) or - FlowSummaryImpl::Private::Steps::summarySetterStep(nodeFrom, c, nodeTo, - any(DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summarySetterStep(nodeFrom, c, nodeTo, _) ) or exists(DataFlow::Content c | readStep(nodeFrom, c, nodeTo) or - FlowSummaryImpl::Private::Steps::summaryGetterStep(nodeFrom, c, nodeTo, - any(DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summaryGetterStep(nodeFrom, c, nodeTo, _) | // Taint members c = any(TaintedMember m).(FieldOrProperty).getContent() diff --git a/csharp/ql/src/Language Abuse/ForeachCapture.ql b/csharp/ql/src/Language Abuse/ForeachCapture.ql index 86bf643c534..0148796a2e7 100644 --- a/csharp/ql/src/Language Abuse/ForeachCapture.ql +++ b/csharp/ql/src/Language Abuse/ForeachCapture.ql @@ -77,8 +77,7 @@ Element getAssignmentTarget(Expr e) { Element getCollectionAssignmentTarget(Expr e) { // Store into collection via method exists(DataFlowPrivate::PostUpdateNode postNode | - FlowSummaryImpl::Private::Steps::summarySetterStep(DataFlow::exprNode(e), _, postNode, - any(DataFlowDispatch::DataFlowSummarizedCallable sc)) and + FlowSummaryImpl::Private::Steps::summarySetterStep(DataFlow::exprNode(e), _, postNode, _) and result.(Variable).getAnAccess() = postNode.getPreUpdateNode().asExpr() ) or diff --git a/csharp/ql/test/library-tests/dataflow/external-models/steps.ql b/csharp/ql/test/library-tests/dataflow/external-models/steps.ql index 59d5c02258f..120ea8300c4 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/steps.ql +++ b/csharp/ql/test/library-tests/dataflow/external-models/steps.ql @@ -25,21 +25,17 @@ private class StepArgQualGenerated extends Method { query predicate summaryThroughStep( DataFlow::Node node1, DataFlow::Node node2, boolean preservesValue ) { - FlowSummaryImpl::Private::Steps::summaryThroughStepValue(node1, node2, - any(DataFlowDispatch::DataFlowSummarizedCallable sc)) and + FlowSummaryImpl::Private::Steps::summaryThroughStepValue(node1, node2, _) and preservesValue = true or - FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, - any(DataFlowDispatch::DataFlowSummarizedCallable sc)) and + FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, _) and preservesValue = false } query predicate summaryGetterStep(DataFlow::Node arg, DataFlow::Node out, Content c) { - FlowSummaryImpl::Private::Steps::summaryGetterStep(arg, c, out, - any(DataFlowDispatch::DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summaryGetterStep(arg, c, out, _) } query predicate summarySetterStep(DataFlow::Node arg, DataFlow::Node out, Content c) { - FlowSummaryImpl::Private::Steps::summarySetterStep(arg, c, out, - any(DataFlowDispatch::DataFlowSummarizedCallable sc)) + FlowSummaryImpl::Private::Steps::summarySetterStep(arg, c, out, _) } From ffe4c8c87b771a7107bf881e6f947c7ef31e5470 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Wed, 22 May 2024 13:39:08 -0400 Subject: [PATCH 15/38] Update all pack versions to `1.0.0` --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/automodel/test/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ql/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 35 files changed, 35 insertions(+), 35 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index f0ef22f89d6..121cded7b7f 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.13.2-dev +version: 1.0.0-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index e6cfba5e9da..f0cd27dd92e 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.13-dev +version: 1.0.0-dev groups: - cpp - queries diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 5b3d0b3348c..7171ec2854f 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.10.2-dev +version: 1.0.0-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 314aae55874..f19298f7577 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.17-dev +version: 1.0.0-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index a8412fa944e..a31ff71eb01 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.16-dev +version: 1.0.0-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index ddb37bd4a3b..9bea600fc3c 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.8.2-dev +version: 1.0.0-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index ef00fe536a9..b7d4f3d5e74 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.17-dev +version: 1.0.0-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 73a22a9cae1..67b20bf22b0 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.24-dev +version: 1.0.0-dev groups: - java - automodel diff --git a/java/ql/automodel/test/qlpack.yml b/java/ql/automodel/test/qlpack.yml index 633e848ccc8..46138d9435c 100644 --- a/java/ql/automodel/test/qlpack.yml +++ b/java/ql/automodel/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-tests -version: 0.0.1-dev +version: 1.0.0-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 49994227d7c..340c3b6dcb8 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.11.1-dev +version: 1.0.0-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index d031ea871f2..34659be0b77 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.17-dev +version: 1.0.0-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 87ae2a54e09..1c70efe992d 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.9.2-dev +version: 1.0.0-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index b70237f13cb..73b796c2f7c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.17-dev +version: 1.0.0-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index ffc75a9145c..e03d263202a 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.17-dev +version: 1.0.0-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 774fb7cf9ef..f809631e477 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.12.2-dev +version: 1.0.0-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index be8589f9714..f52d5f6f935 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.17-dev +version: 1.0.0-dev groups: - python - queries diff --git a/ql/ql/src/qlpack.yml b/ql/ql/src/qlpack.yml index 8169a097135..3d90f061aee 100644 --- a/ql/ql/src/qlpack.yml +++ b/ql/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ql -version: 0.1.0-dev +version: 1.0.0-dev groups: - ql - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index e1298464500..83bd890ed5f 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.9.2-dev +version: 1.0.0-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 4ac1f6e665e..9847102f60c 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.17-dev +version: 1.0.0-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 99329245a84..7f043ab07cb 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 42630dac091..7d43b80b68b 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.2.8-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index ffeba23f887..6807e3f9387 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 02a771f2e5f..f3c0df38001 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.16-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a69bae51244..cfa976acc1d 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 8310e36ffd9..f359310f9b8 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 6a8eb8e6a7f..1049675897b 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.16-dev +version: 1.0.0-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index e7eebf9a43f..19d07e328ef 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 70b911b19d8..e619b877088 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 0.0.4-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index ae323b9ce21..5d98c1c8244 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 6f6ce4fb46c..2d89f5bdcbd 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index e0c8046531f..1152b588525 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index f4c7c7568af..25de9ee3c18 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 0.0.4-dev +version: 1.0.0-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 618fa2745a9..d2d2edfe07b 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.17-dev +version: 1.0.0-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 319898af80c..941253559d6 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.17-dev +version: 1.0.0-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 7e18b644ccb..593cb113d9c 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.17-dev +version: 1.0.0-dev groups: - swift - queries From 0f2d0c098f74cc228eea6872877f04352545a4ac Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 00:16:44 +0000 Subject: [PATCH 16/38] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 2 +- java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 6f732401680..f60220c2b6a 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -87,7 +87,7 @@ java.rmi,,,71,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,71, java.security,21,,543,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,539,4 java.sql,15,1,303,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,303, java.text,,,134,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,134, -java.time,,,476,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,388,88 +java.time,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,88 java.util,47,2,1218,,,,,,,,,1,,,,,,,,,,,34,,,,2,,,,5,2,,1,2,,,,,,,,,,,,,2,,,704,514 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,, javax.accessibility,,,31,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,31, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 9993a74413a..8cad1cd17d5 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -18,10 +18,10 @@ Java framework & library support `Google Guava `_,``com.google.common.*``,,730,43,9,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java `_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,10,4620,240,80,,9,,,26 + Java Standard Library,``java.*``,10,4267,240,80,,9,,,26 Java extensions,"``javax.*``, ``jakarta.*``",69,3257,85,5,4,2,1,1,4 Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2 `Spring `_,``org.springframework.*``,38,481,122,5,,28,14,,35 Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.w3c.dom``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``sun.awt``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.management.spi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.nio.ch``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``, ``sun.util.logging.internal``",131,10596,893,125,6,22,18,,208 - Totals,,310,25483,2569,338,16,128,33,1,409 + Totals,,310,25130,2569,338,16,128,33,1,409 From c58971e63291293b718ce183dfe665a42c81c633 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 23 May 2024 08:09:58 +0200 Subject: [PATCH 17/38] C#: Refactor static compilation state --- .../Entities/Compilations/Compilation.cs | 30 +++++++------------ .../Extractor/Extractor.cs | 13 ++++---- .../Extractor/StandaloneAnalyser.cs | 4 +-- .../Extractor/TracingAnalyser.cs | 6 ++-- .../Semmle.Extraction/Extractor/Extractor.cs | 6 +++- .../Extractor/StandaloneExtractor.cs | 3 +- .../Extractor/TracingExtractor.cs | 4 +-- 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs index 0b575df2b69..e643d1655d2 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs @@ -11,26 +11,18 @@ namespace Semmle.Extraction.CSharp.Entities { internal readonly ConcurrentDictionary messageCounts = new(); - private static (string Cwd, string[] Args) settings; - private static int hashCode; - - public static (string Cwd, string[] Args) Settings - { - get { return settings; } - set - { - settings = value; - hashCode = settings.Cwd.GetHashCode(); - for (var i = 0; i < settings.Args.Length; i++) - { - hashCode = HashCode.Combine(hashCode, settings.Args[i].GetHashCode()); - } - } - } + private readonly (string Cwd, string[] Args) settings; + private readonly int hashCode; #nullable disable warnings private Compilation(Context cx) : base(cx, null) { + settings = (cx.Extractor.Cwd, cx.Extractor.Args); + hashCode = settings.Cwd.GetHashCode(); + for (var i = 0; i < settings.Args.Length; i++) + { + hashCode = HashCode.Combine(hashCode, settings.Args[i].GetHashCode()); + } } #nullable restore warnings @@ -38,14 +30,14 @@ namespace Semmle.Extraction.CSharp.Entities { var assembly = Assembly.CreateOutputAssembly(Context); - trapFile.compilations(this, FileUtils.ConvertToUnix(Compilation.Settings.Cwd)); + trapFile.compilations(this, FileUtils.ConvertToUnix(settings.Cwd)); trapFile.compilation_assembly(this, assembly); // Arguments var expandedIndex = 0; - for (var i = 0; i < Compilation.Settings.Args.Length; i++) + for (var i = 0; i < settings.Args.Length; i++) { - var arg = Compilation.Settings.Args[i]; + var arg = settings.Args[i]; trapFile.compilation_args(this, i, arg); if (CommandLineExtensions.IsFileArgument(arg)) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs index 03369e7b601..f6913103ad8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs @@ -97,7 +97,8 @@ namespace Semmle.Extraction.CSharp stopwatch.Start(); var options = Options.CreateWithEnvironment(args); - Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), options.CompilerArguments.ToArray()); + var workingDirectory = Directory.GetCurrentDirectory(); + var compilerArgs = options.CompilerArguments.ToArray(); using var logger = MakeLogger(options.Verbosity, options.Console); @@ -123,7 +124,7 @@ namespace Semmle.Extraction.CSharp var compilerArguments = CSharpCommandLineParser.Default.Parse( compilerVersion.ArgsWithResponse, - Entities.Compilation.Settings.Cwd, + workingDirectory, compilerVersion.FrameworkPath, compilerVersion.AdditionalReferenceDirectories ); @@ -131,7 +132,7 @@ namespace Semmle.Extraction.CSharp if (compilerArguments is null) { var sb = new StringBuilder(); - sb.Append(" Failed to parse command line: ").AppendList(" ", Entities.Compilation.Settings.Args); + sb.Append(" Failed to parse command line: ").AppendList(" ", compilerArgs); logger.Log(Severity.Error, sb.ToString()); ++analyser.CompilationErrors; return ExitCode.Failed; @@ -143,7 +144,7 @@ namespace Semmle.Extraction.CSharp return ExitCode.Ok; } - return AnalyseTracing(analyser, compilerArguments, options, canonicalPathCache, stopwatch); + return AnalyseTracing(workingDirectory, compilerArgs, analyser, compilerArguments, options, canonicalPathCache, stopwatch); } catch (Exception ex) // lgtm[cs/catch-of-all-exceptions] { @@ -376,6 +377,8 @@ namespace Semmle.Extraction.CSharp } private static ExitCode AnalyseTracing( + string cwd, + string[] args, TracingAnalyser analyser, CSharpCommandLineArguments compilerArguments, Options options, @@ -420,7 +423,7 @@ namespace Semmle.Extraction.CSharp .WithMetadataImportOptions(MetadataImportOptions.All) ); }, - (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation), + (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation, cwd, args), () => { }); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs index d559d091214..263801e6e8e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs @@ -16,12 +16,10 @@ namespace Semmle.Extraction.CSharp public void Initialize(string outputPath, IEnumerable<(string, string)> compilationInfos, CSharpCompilation compilationIn, CommonOptions options) { compilation = compilationIn; - extractor = new StandaloneExtractor(outputPath, compilationInfos, Logger, PathTransformer, options); + extractor = new StandaloneExtractor(Directory.GetCurrentDirectory(), outputPath, compilationInfos, Logger, PathTransformer, options); this.options = options; LogExtractorInfo(Extraction.Extractor.Version); SetReferencePaths(); - - Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), Array.Empty()); } #nullable disable warnings diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs index 3b73c35f55a..c609b2ba100 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs @@ -38,13 +38,15 @@ namespace Semmle.Extraction.CSharp public void EndInitialize( CSharpCommandLineArguments commandLineArguments, CommonOptions options, - CSharpCompilation compilation) + CSharpCompilation compilation, + string cwd, + string[] args) { if (!init) throw new InternalError("EndInitialize called without BeginInitialize returning true"); this.options = options; this.compilation = compilation; - this.extractor = new TracingExtractor(GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options); + this.extractor = new TracingExtractor(cwd, args, GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options); LogDiagnostics(); SetReferencePaths(); diff --git a/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs index db0b30fb2b8..32bbe140d00 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs @@ -10,6 +10,8 @@ namespace Semmle.Extraction /// public abstract class Extractor { + public string Cwd { get; init; } + public string[] Args { get; init; } public abstract ExtractorMode Mode { get; } public string OutputPath { get; } public IEnumerable CompilationInfos { get; } @@ -19,12 +21,14 @@ namespace Semmle.Extraction /// /// The object used for logging. /// The object used for path transformations. - protected Extractor(string outputPath, IEnumerable compilationInfos, ILogger logger, PathTransformer pathTransformer) + protected Extractor(string cwd, string[] args, string outputPath, IEnumerable compilationInfos, ILogger logger, PathTransformer pathTransformer) { OutputPath = outputPath; Logger = logger; PathTransformer = pathTransformer; CompilationInfos = compilationInfos; + Cwd = cwd; + Args = args; } // Limit the number of error messages in the log file diff --git a/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs index 67079a73214..7de7f2631de 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs @@ -12,7 +12,8 @@ namespace Semmle.Extraction /// /// The object used for logging. /// The object used for path transformations. - public StandaloneExtractor(string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, compilationInfos, logger, pathTransformer) + public StandaloneExtractor(string cwd, string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options) + : base(cwd, [], outputPath, compilationInfos, logger, pathTransformer) { Mode = ExtractorMode.Standalone; if (options.QlTest) diff --git a/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs b/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs index 4d54aef6d5b..54230d09ac2 100644 --- a/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs +++ b/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs @@ -1,4 +1,3 @@ -using System.Linq; using Semmle.Util.Logging; namespace Semmle.Extraction @@ -13,7 +12,8 @@ namespace Semmle.Extraction /// The name of the output DLL/EXE, or null if not specified (standalone extraction). /// The object used for logging. /// The object used for path transformations. - public TracingExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, Enumerable.Empty<(string, string)>(), logger, pathTransformer) + public TracingExtractor(string cwd, string[] args, string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) + : base(cwd, args, outputPath, [], logger, pathTransformer) { Mode = ExtractorMode.None; if (options.QlTest) From 7042f3222abc0d7c8750942271d20482382a0535 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 23 May 2024 09:49:09 +0200 Subject: [PATCH 18/38] Code quality improvements --- .../Entities/Compilations/Compilation.cs | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs index e643d1655d2..505ab8f3ed6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs @@ -11,17 +11,19 @@ namespace Semmle.Extraction.CSharp.Entities { internal readonly ConcurrentDictionary messageCounts = new(); - private readonly (string Cwd, string[] Args) settings; + private readonly string cwd; + private readonly string[] args; private readonly int hashCode; #nullable disable warnings private Compilation(Context cx) : base(cx, null) { - settings = (cx.Extractor.Cwd, cx.Extractor.Args); - hashCode = settings.Cwd.GetHashCode(); - for (var i = 0; i < settings.Args.Length; i++) + cwd = cx.Extractor.Cwd; + args = cx.Extractor.Args; + hashCode = cwd.GetHashCode(); + for (var i = 0; i < args.Length; i++) { - hashCode = HashCode.Combine(hashCode, settings.Args[i].GetHashCode()); + hashCode = HashCode.Combine(hashCode, args[i].GetHashCode()); } } #nullable restore warnings @@ -30,14 +32,14 @@ namespace Semmle.Extraction.CSharp.Entities { var assembly = Assembly.CreateOutputAssembly(Context); - trapFile.compilations(this, FileUtils.ConvertToUnix(settings.Cwd)); + trapFile.compilations(this, FileUtils.ConvertToUnix(cwd)); trapFile.compilation_assembly(this, assembly); // Arguments var expandedIndex = 0; - for (var i = 0; i < settings.Args.Length; i++) + for (var i = 0; i < args.Length; i++) { - var arg = settings.Args[i]; + var arg = args[i]; trapFile.compilation_args(this, i, arg); if (CommandLineExtensions.IsFileArgument(arg)) From 90a152a2bc4355dcf8d7833afcbdc462c3677090 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 23 May 2024 10:44:06 +0200 Subject: [PATCH 19/38] Swift: add flags and instructions for building on macOS ARM --- .bazelrc | 3 ++- swift/README.md | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.bazelrc b/.bazelrc index c2b4d3b7f03..ca2bb8caee4 100644 --- a/.bazelrc +++ b/.bazelrc @@ -11,7 +11,8 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub build --repo_env=CC=clang --repo_env=CXX=clang++ build:linux --cxxopt=-std=c++20 -build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64 +# we currently cannot built the swift extractor for ARM +build:macos --cxxopt=-std=c++20 --copt=-arch --copt=x86_64 --linkopt=-arch --linkopt=x86_64 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor # this requires developer mode, but is required to have pack installer functioning diff --git a/swift/README.md b/swift/README.md index a2ac9fca380..79621d0b9ef 100644 --- a/swift/README.md +++ b/swift/README.md @@ -16,7 +16,14 @@ brew install bazelisk then from the `ql` directory run ```bash -bazel run //swift:create-extractor-pack # --cpu=darwin_x86_64 # Uncomment on Arm-based Macs +bazel run //swift:create-extractor-pack +``` + +If you are running on macOS and you encounter errors mentioning `XXX is unavailable: introduced in macOS YY.ZZ`, +you will need to run this from the root of your `codeql` checkout: + +```bash +echo common --macos_sdk_version=$(sw_vers --productVersion) >> local.bazelrc ``` which will install `swift/extractor-pack`. From 0f864081cb74a959328e31fde0f58e4788529fbe Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 21 May 2024 14:51:31 +0200 Subject: [PATCH 20/38] Java: Remove source dispatch when there's an exact match from a manual model. --- .../code/java/dataflow/ExternalFlow.qll | 45 ++++++++++++------- .../semmle/code/java/dataflow/FlowSummary.qll | 2 + .../dataflow/internal/DataFlowDispatch.qll | 14 ++++++ .../dataflow/internal/FlowSummaryImpl.qll | 16 ++++--- java/ql/src/utils/modeleditor/ModelEditor.qll | 2 +- .../dataflow/internal/FlowSummaryImpl.qll | 14 ++++++ 6 files changed, 68 insertions(+), 25 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 68b43a6a14a..08632b661b9 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -413,25 +413,28 @@ private string paramsStringQualified(Callable c) { } private Element interpretElement0( - string package, string type, boolean subtypes, string name, string signature + string package, string type, boolean subtypes, string name, string signature, boolean isExact ) { elementSpec(package, type, subtypes, name, signature, _) and ( - exists(Member m | + exists(Member m, boolean isExact0 | ( - result = m + result = m and isExact0 = true or - subtypes = true and result.(SrcMethod).overridesOrInstantiates+(m) + subtypes = true and result.(SrcMethod).overridesOrInstantiates+(m) and isExact0 = false ) and m.hasQualifiedName(package, type, name) | - signature = "" or - paramsStringQualified(m) = signature or - paramsString(m) = signature + signature = "" and isExact = false + or + paramsStringQualified(m) = signature and isExact = isExact0 + or + paramsString(m) = signature and isExact = isExact0 ) or exists(RefType t | t.hasQualifiedName(package, type) and + isExact = false and (if subtypes = true then result.(SrcRefType).getASourceSupertype*() = t else result = t) and name = "" and signature = "" @@ -442,13 +445,16 @@ private Element interpretElement0( /** Gets the source/sink/summary/neutral element corresponding to the supplied parameters. */ cached Element interpretElement( - string package, string type, boolean subtypes, string name, string signature, string ext + string package, string type, boolean subtypes, string name, string signature, string ext, + boolean isExact ) { elementSpec(package, type, subtypes, name, signature, ext) and - exists(Element e | e = interpretElement0(package, type, subtypes, name, signature) | - ext = "" and result = e + exists(Element e, boolean isExact0 | + e = interpretElement0(package, type, subtypes, name, signature, isExact0) + | + ext = "" and result = e and isExact = isExact0 or - ext = "Annotated" and result.(Annotatable).getAnAnnotation().getType() = e + ext = "Annotated" and result.(Annotatable).getAnAnnotation().getType() = e and isExact = false ) } @@ -538,13 +544,13 @@ predicate sinkNode(Node node, string kind) { sinkNode(node, kind, _) } // adapter class for converting Mad summaries to `SummarizedCallable`s private class SummarizedCallableAdapter extends SummarizedCallable { - SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _) } + SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _, _) } private predicate relevantSummaryElementManual( string input, string output, string kind, string model ) { exists(Provenance provenance | - summaryElement(this, input, output, kind, provenance, model) and + summaryElement(this, input, output, kind, provenance, model, _) and provenance.isManual() ) } @@ -553,11 +559,11 @@ private class SummarizedCallableAdapter extends SummarizedCallable { string input, string output, string kind, string model ) { exists(Provenance provenance | - summaryElement(this, input, output, kind, provenance, model) and + summaryElement(this, input, output, kind, provenance, model, _) and provenance.isGenerated() ) and not exists(Provenance provenance | - neutralElement(this, "summary", provenance) and + neutralElement(this, "summary", provenance, _) and provenance.isManual() ) } @@ -576,18 +582,23 @@ private class SummarizedCallableAdapter extends SummarizedCallable { } override predicate hasProvenance(Provenance provenance) { - summaryElement(this, _, _, _, provenance, _) + summaryElement(this, _, _, _, provenance, _, _) } + + override predicate hasExactModel() { summaryElement(this, _, _, _, _, _, true) } } // adapter class for converting Mad neutrals to `NeutralCallable`s private class NeutralCallableAdapter extends NeutralCallable { string kind; string provenance_; + boolean exact; - NeutralCallableAdapter() { neutralElement(this, kind, provenance_) } + NeutralCallableAdapter() { neutralElement(this, kind, provenance_, exact) } override string getKind() { result = kind } override predicate hasProvenance(Provenance provenance) { provenance = provenance_ } + + override predicate hasExactModel() { exact = true } } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 51055e56212..acea2a10784 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -135,6 +135,8 @@ private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSy model = sc ) } + + override predicate hasExactModel() { any() } } deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll index a7877fdf2f9..4a7e0814013 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll @@ -19,7 +19,21 @@ private module DispatchImpl { ) } + private predicate hasExactManualModel(Call c, Callable tgt) { + tgt = c.getCallee().getSourceDeclaration() and + ( + exists(Impl::Public::SummarizedCallable sc | + sc.getACall() = c and sc.hasExactModel() and sc.hasManualModel() + ) + or + exists(Impl::Public::NeutralSummaryCallable nc | + nc.getACall() = c and nc.hasExactModel() and nc.hasManualModel() + ) + ) + } + private Callable sourceDispatch(Call c) { + not hasExactManualModel(c, result) and result = VirtualDispatch::viableCallable(c) and if VirtualDispatch::lowConfidenceDispatchTarget(c, result) then not hasHighConfidenceTarget(c) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index 5698d3f3477..0a994991e26 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -131,7 +131,7 @@ private predicate relatedArgSpec(Callable c, string spec) { sourceModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _) or sinkModel(namespace, type, subtypes, name, signature, ext, spec, _, _, _) | - c = interpretElement(namespace, type, subtypes, name, signature, ext) + c = interpretElement(namespace, type, subtypes, name, signature, ext, _) ) } @@ -202,7 +202,7 @@ module SourceSinkInterpretationInput implements sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance, madId) and model = "MaD:" + madId.toString() and - baseSource = interpretElement(namespace, type, subtypes, name, signature, ext) and + baseSource = interpretElement(namespace, type, subtypes, name, signature, ext, _) and ( e = baseSource and output = originalOutput or @@ -221,7 +221,7 @@ module SourceSinkInterpretationInput implements sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance, madId) and model = "MaD:" + madId.toString() and - baseSink = interpretElement(namespace, type, subtypes, name, signature, ext) and + baseSink = interpretElement(namespace, type, subtypes, name, signature, ext, _) and ( e = baseSink and originalInput = input or @@ -310,7 +310,7 @@ module Private { */ predicate summaryElement( Input::SummarizedCallableBase c, string input, string output, string kind, string provenance, - string model + string model, boolean isExact ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, @@ -320,7 +320,7 @@ module Private { summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, madId) and model = "MaD:" + madId.toString() and - baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext) and + baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and ( c.asCallable() = baseCallable and input = originalInput and output = originalOutput or @@ -336,10 +336,12 @@ module Private { * Holds if a neutral model exists for `c` of kind `kind` * and with provenance `provenance`. */ - predicate neutralElement(Input::SummarizedCallableBase c, string kind, string provenance) { + predicate neutralElement( + Input::SummarizedCallableBase c, string kind, string provenance, boolean isExact + ) { exists(string namespace, string type, string name, string signature | neutralModel(namespace, type, name, signature, kind, provenance) and - c.asCallable() = interpretElement(namespace, type, false, name, signature, "") + c.asCallable() = interpretElement(namespace, type, false, name, signature, "", isExact) ) } } diff --git a/java/ql/src/utils/modeleditor/ModelEditor.qll b/java/ql/src/utils/modeleditor/ModelEditor.qll index 2c1a56823f1..dd4d405b83e 100644 --- a/java/ql/src/utils/modeleditor/ModelEditor.qll +++ b/java/ql/src/utils/modeleditor/ModelEditor.qll @@ -77,7 +77,7 @@ class Endpoint extends Callable { predicate isNeutral() { exists(string namespace, string type, string name, string signature | neutralModel(namespace, type, name, signature, _, _) and - this = interpretElement(namespace, type, false, name, signature, "") + this = interpretElement(namespace, type, false, name, signature, "", _) ) } diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index 8cc0d37f29b..eb181494d5f 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -253,6 +253,13 @@ module Make< * that has provenance `provenance`. */ predicate hasProvenance(Provenance provenance) { provenance = "manual" } + + /** + * Holds if there exists a model for which this callable is an exact + * match, that is, no overriding or overloading was used to identify this + * callable from the model. + */ + predicate hasExactModel() { none() } } final private class NeutralCallableFinal = NeutralCallable; @@ -292,6 +299,13 @@ module Make< * Gets the kind of the neutral. */ abstract string getKind(); + + /** + * Holds if there exists a model for which this callable is an exact + * match, that is, no overriding or overloading was used to identify this + * callable from the model. + */ + predicate hasExactModel() { none() } } } From f353065d265266833cf1dcea5458a5c97c94b7e3 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 22 May 2024 14:26:50 +0200 Subject: [PATCH 21/38] Java: Allow overloading for exact model matches. --- .../lib/semmle/code/java/dataflow/ExternalFlow.qll | 12 ++++++------ .../codeql/dataflow/internal/FlowSummaryImpl.qll | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 08632b661b9..2337d0282aa 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -417,19 +417,19 @@ private Element interpretElement0( ) { elementSpec(package, type, subtypes, name, signature, _) and ( - exists(Member m, boolean isExact0 | + exists(Member m | ( - result = m and isExact0 = true + result = m and isExact = true or - subtypes = true and result.(SrcMethod).overridesOrInstantiates+(m) and isExact0 = false + subtypes = true and result.(SrcMethod).overridesOrInstantiates+(m) and isExact = false ) and m.hasQualifiedName(package, type, name) | - signature = "" and isExact = false + signature = "" or - paramsStringQualified(m) = signature and isExact = isExact0 + paramsStringQualified(m) = signature or - paramsString(m) = signature and isExact = isExact0 + paramsString(m) = signature ) or exists(RefType t | diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index eb181494d5f..9e0ccf82be2 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -256,8 +256,8 @@ module Make< /** * Holds if there exists a model for which this callable is an exact - * match, that is, no overriding or overloading was used to identify this - * callable from the model. + * match, that is, no overriding was used to identify this callable from + * the model. */ predicate hasExactModel() { none() } } @@ -302,8 +302,8 @@ module Make< /** * Holds if there exists a model for which this callable is an exact - * match, that is, no overriding or overloading was used to identify this - * callable from the model. + * match, that is, no overriding was used to identify this callable from + * the model. */ predicate hasExactModel() { none() } } From 4b3e35ed52ffda6875f8033083a955aacc34e96d Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 23 May 2024 12:49:57 +0200 Subject: [PATCH 22/38] Java: Fix join-order in viableImplInCallContext. --- .../code/java/dataflow/internal/DataFlowDispatch.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll index a7877fdf2f9..5ea65196f6c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll @@ -122,12 +122,18 @@ private module DispatchImpl { mayBenefitFromCallContext(call.asCall(), _, _) } + bindingset[call, tgt] + pragma[inline_late] + private predicate viableCallableFilter(DataFlowCall call, DataFlowCallable tgt) { + tgt = viableCallable(call) + } + /** * Gets a viable dispatch target of `call` in the context `ctx`. This is * restricted to those `call`s for which a context might make a difference. */ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { - result = viableCallable(call) and + viableCallableFilter(call, result) and exists(int i, Callable c, Method def, RefType t, boolean exact, MethodCall ma | ma = call.asCall() and mayBenefitFromCallContext(ma, c, i) and From bf3dbc24dea92abbfb913aa3cfaf7047a94f2788 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 15 May 2024 15:37:48 +0200 Subject: [PATCH 23/38] Java: Add support for flow through side-effects on static fields. --- .../dataflow/internal/DataFlowPrivate.qll | 5 ++++- .../test/library-tests/dataflow/fields/G.java | 21 +++++++++++++++++++ .../dataflow/fields/flow.expected | 2 ++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 java/ql/test/library-tests/dataflow/fields/G.java diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll index e6f223c195c..5d8e3047700 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll @@ -40,8 +40,11 @@ private predicate fieldStep(Node node1, Node node2) { exists(Field f | // Taint fields through assigned values only if they're static f.isStatic() and - f.getAnAssignedValue() = node1.asExpr() and node2.(FieldValueNode).getField() = f + | + f.getAnAssignedValue() = node1.asExpr() + or + f.getAnAccess() = node1.(PostUpdateNode).getPreUpdateNode().asExpr() ) or exists(Field f, FieldRead fr | diff --git a/java/ql/test/library-tests/dataflow/fields/G.java b/java/ql/test/library-tests/dataflow/fields/G.java new file mode 100644 index 00000000000..42e4e6dfd49 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/fields/G.java @@ -0,0 +1,21 @@ +public class G { + static Object[] f; + + void sink(Object o) { } + + void runsink() { + sink(f[0]); + } + + void test1() { + f[0] = new Object(); + } + + void test2() { + addObj(f); + } + + void addObj(Object[] xs) { + xs[0] = new Object(); + } +} diff --git a/java/ql/test/library-tests/dataflow/fields/flow.expected b/java/ql/test/library-tests/dataflow/fields/flow.expected index 382819fbdbb..2674dbcdcba 100644 --- a/java/ql/test/library-tests/dataflow/fields/flow.expected +++ b/java/ql/test/library-tests/dataflow/fields/flow.expected @@ -29,3 +29,5 @@ | F.java:5:14:5:25 | new Object(...) | F.java:20:10:20:17 | f.Field1 | | F.java:10:16:10:27 | new Object(...) | F.java:15:10:15:17 | f.Field1 | | F.java:24:9:24:20 | new Object(...) | F.java:33:10:33:17 | f.Field1 | +| G.java:11:12:11:23 | new Object(...) | G.java:7:10:7:13 | ...[...] | +| G.java:19:13:19:24 | new Object(...) | G.java:7:10:7:13 | ...[...] | From a523be4d0a1e2420a1884f7c4f8754a7c4fb7e21 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 8 May 2024 13:44:15 +0200 Subject: [PATCH 24/38] Tree-sitter: Add `set_tracing_level` to shared extractor module --- shared/tree-sitter-extractor/Cargo.toml | 1 + .../src/extractor/mod.rs | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/shared/tree-sitter-extractor/Cargo.toml b/shared/tree-sitter-extractor/Cargo.toml index 515ebcd573d..d51d64a3349 100644 --- a/shared/tree-sitter-extractor/Cargo.toml +++ b/shared/tree-sitter-extractor/Cargo.toml @@ -9,6 +9,7 @@ flate2 = "1.0" globset = "0.4" tree-sitter = ">= 0.22.6" tracing = "0.1" +tracing-subscriber = { version = "0.3.3", features = ["env-filter"] } rayon = "1.5.0" regex = "1.7.1" encoding = "0.2" diff --git a/shared/tree-sitter-extractor/src/extractor/mod.rs b/shared/tree-sitter-extractor/src/extractor/mod.rs index 54ae50fd69e..00e03423409 100644 --- a/shared/tree-sitter-extractor/src/extractor/mod.rs +++ b/shared/tree-sitter-extractor/src/extractor/mod.rs @@ -4,12 +4,44 @@ use crate::node_types::{self, EntryKind, Field, NodeTypeMap, Storage, TypeName}; use crate::trap; use std::collections::BTreeMap as Map; use std::collections::BTreeSet as Set; +use std::env; use std::path::Path; use tree_sitter::{Language, Node, Parser, Range, Tree}; pub mod simple; +/// Sets the tracing level based on the environment variables +/// `RUST_LOG` and `CODEQL_VERBOSITY` (prioritized in that order), +/// falling back to `warn` if neither is set. +pub fn set_tracing_level(language: &str) -> () { + tracing_subscriber::fmt() + .with_target(false) + .without_time() + .with_level(true) + .with_env_filter( + tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else( + |_| -> tracing_subscriber::EnvFilter { + let verbosity = env::var("CODEQL_VERBOSITY") + .map(|v| match v.to_lowercase().as_str() { + "off" | "errors" => "error", + "warnings" => "warn", + "info" | "progress" => "info", + "debug" | "progress+" => "debug", + "trace" | "progress++" | "progress+++" => "trace", + _ => "warn", + }) + .unwrap_or_else(|_| "warn"); + tracing_subscriber::EnvFilter::new(format!( + "{}_extractor={}", + language, verbosity + )) + }, + ), + ) + .init(); +} + pub fn populate_file(writer: &mut trap::Writer, absolute_path: &Path) -> trap::Label { let (file_label, fresh) = writer.global_id(&trap::full_id_for_file( &file_paths::normalize_path(absolute_path), From 1bc3f6b0e7175336d571b22a0838543df1fff90b Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 15 May 2024 15:45:17 +0200 Subject: [PATCH 25/38] Java: Add change note. --- .../lib/change-notes/2024-05-15-static-field-side-effect.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md diff --git a/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md b/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md new file mode 100644 index 00000000000..3f6e8d8edaf --- /dev/null +++ b/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated. From e4cd9d86f65b4e63173cfd345820a7884ca8b65a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 8 May 2024 15:38:44 +0200 Subject: [PATCH 26/38] Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY` --- ql/Cargo.lock | Bin 34047 -> 34070 bytes ql/extractor/src/extractor.rs | 7 +- ql/extractor/src/generator.rs | 7 +- ql/rust-toolchain.toml | 2 +- ruby/extractor/Cargo.lock | Bin 32216 -> 24538 bytes ruby/extractor/Cargo.toml | 2 +- ruby/extractor/cargo-bazel-lock.json | 3741 +++-------------- ruby/extractor/rust-toolchain.toml | 2 +- ruby/extractor/src/extractor.rs | 10 +- ruby/extractor/src/generator.rs | 7 +- .../tree-sitter-extractor/rust-toolchain.toml | 2 +- .../src/extractor/mod.rs | 2 +- 12 files changed, 706 insertions(+), 3076 deletions(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 493174ac8223cccbc3dcb99c922610bca05af501..ed04a4a8553336790a296df19d65b08edbfa26b7 100644 GIT binary patch delta 22 ecmez0$uzBtX+yX0WDODJ$$oL-o7V{k76JfhR|t6k delta 14 VcmbQ%#q__EX+yX0=0(CKg#a-X21oz^ diff --git a/ql/extractor/src/extractor.rs b/ql/extractor/src/extractor.rs index 5fa2c99ae83..487f1de08a8 100644 --- a/ql/extractor/src/extractor.rs +++ b/ql/extractor/src/extractor.rs @@ -20,12 +20,7 @@ pub struct Options { } pub fn run(options: Options) -> std::io::Result<()> { - tracing_subscriber::fmt() - .with_target(false) - .without_time() - .with_level(true) - .with_env_filter(tracing_subscriber::EnvFilter::from_default_env()) - .init(); + codeql_extractor::extractor::set_tracing_level("ql"); let extractor = simple::Extractor { prefix: "ql".to_string(), diff --git a/ql/extractor/src/generator.rs b/ql/extractor/src/generator.rs index ce5fcf1b12c..1dca6969f34 100644 --- a/ql/extractor/src/generator.rs +++ b/ql/extractor/src/generator.rs @@ -15,12 +15,7 @@ pub struct Options { } pub fn run(options: Options) -> std::io::Result<()> { - tracing_subscriber::fmt() - .with_target(false) - .without_time() - .with_level(true) - .with_env_filter(tracing_subscriber::EnvFilter::from_default_env()) - .init(); + codeql_extractor::extractor::set_tracing_level("ql"); let languages = vec![ Language { diff --git a/ql/rust-toolchain.toml b/ql/rust-toolchain.toml index 57d004b953c..699a593039b 100644 --- a/ql/rust-toolchain.toml +++ b/ql/rust-toolchain.toml @@ -2,6 +2,6 @@ # extractor. It is set to the lowest version of Rust we want to support. [toolchain] -channel = "1.70" +channel = "1.74" profile = "minimal" components = [ "rustfmt" ] \ No newline at end of file diff --git a/ruby/extractor/Cargo.lock b/ruby/extractor/Cargo.lock index 589d5f847ebc18c5b80f74fab4a9394ee2d8f8fd..023842e620d403c6637d789214e15f5462e14f78 100644 GIT binary patch delta 6488 zcma)>Ta4Y+b;fmOY%mmTz<6eCLohZ_NU+)W3z0cPNw_2;9z&BTki^+nXN2(>n@d4z zQlzL-U#d9!t?C19)k=A&fI8|^B@|U^Q>luC)TmWos#Hi()tji=msUyo`=1#DiuzEH z!Hj42*?X;TeV4`G{m<<0-G3qX((xIx_qc2u? zA!4#B>mo&}wN&3-E;&j!-d;X1j$e1(_`|QR?oH?G#jVYH{KeO5dNGYVcBl0g`OCY`K?u7zTI_sUh7ot7aL-?H*9MxS#wy>&6}^s846FYTJ`awnu2Z@;oJ zm!WvulXoHYScJ}eMwQ+f-MP4r{AjWvhG>OUDTt;iY!*)$tF@ zhwePLb+LSXYqPYY_g{bH=;oy}FSd)%Z=O%*&Rp0!_iEofH$J}W=#v7}r*9ArC zr3;g6Z`p+wixXMN5}mTinxcwu(lu`3RTjMlFT72{y3{1EoSrjo*?rrxI$_4muWdXe zbdoYfp-qiS*ibmNH6dkbmiL(yb9d52nUZg^+1N@|CRZaWB^>XbS{Xmu{fX7ZdyZcJ za=UnGbL;$(lShtn;}cVhH%>ZJqVUylDa9p=S4}0&U1Mp%R4W>_w!zibtSf;ox8}7F zrd#dDx?3IJJ@89owshP0@7)J?>&3aRpWiqslMcp2>fnV79e8Bnid5c4A#CY}%eLvO zCeEQL~(LY5#3=hX^$U0&d2T-tMBEZxLmw)MhIYLxtBFf_(^S-WV_d7&zg zjzap-6j*c|EWPF}&g&AV-|T?<;U%|yISR-RN+-PxK}4f-FkWQaL#2<&TF~2^vB?Ba zk8)OwQ>J-N(Na|wU|zlc+p{Gdrq;}r1hTGn>Aj@SDtiyMJlJu?fT-S83n@9_i;xXy zwFyhP2II65lKZXh{piRYy?=b>hP%f%Z#XdSd|++Q@fXv@v+c!86#3Bj;SKwjEvTEO zJ~D*7GdW(QeNZU{D{alGB?$|-Vsj~$Nzc`}kaG~JyAYby&6<$JkZUXBw{HB{u+OZH zzrOMC%wE2HdJe=@Y^r%qZi4G-6Ab(kqcu{-E|o4t_U5e68Z=u=*)o0X%5VE*mB z2gmpJK6dq{bE^WZVRR7M_iCAIL!GK?u>-msKv^o*clf|tS}7y-udr0B0N5?g{QZ6R zEGqC%`&O6yqLcF&N(rEb?_z){cuw$x6QxE5+(wwiPs5>1GqD6~z1Fhy0##`tY2<8e zeD|hjPeY3E4}eXwDWmvT2)w139=tUZ;(PW@$z%WDZ(LONxto7;{P8WvuKe`oW3z)F z64Wn@_n6%TA!SGJR8}Sd-`c@@pn2K2mf%7=F{3RxIL1#})wIoY1ttQ?!YH*Mq#qr) zYvji^=HM%-9CL{(H#j<{6ty-yD zGP47|nM>X2ngBqtbjYV=jSiU*dR09IP347d(F+X-yVs6s)o>k$doSvuvY$QpmDx0U zr{*>T`@-9x>=cVO;MAEelxWfj)oQigYH(XUq>z&4d%T3oWVSSVyt{v8)I+z73kUBU z-#fH2Qw#c1s+9@u7A^!^Eg@tv2beob{tU)+ln;I=0y1t$7UK_uvxrPg*ru;PxZ}XG zRNIuJE4Nby5z(bb5k;uJnUsna-DzeRl~JkDDee_`O`_Trxz)gc0x$ae!@Kre**x;# zwd3-AtLQ#FJGb2$qdeRw3j{#LlGL%6)*EyK841Rno;xe6$|wQ<;RFvVD%zT+=U@5U z$4^c+Vj`D6`o#VvyM1G&g=zSOK)aaBtm(4N#u%EdvlEFvWy=^9(M$3*sNMjXLAM(W znie-+KYn;DZEmbrr2%ygbiDVPd3E!>7-@ZMj4MPlF>kKG$2wn1>IuRD!@gl#lvy0M zbmESgTeOEC?m643Rz`w#>m-;mC`|AwIM5ZDV`LV+1`9ET?n;K9vx`}p1>ugrI&opw z@v?Ps$Y&0Zrysa`{N=qH>zJFMd_qV%Kik0_Du@qp)#9Q=pxz9ofS;5_TWGv=bcyka zR=L<0==_bZ>>6KotM~jLF67)Vh`Sft)$S-zupWKTmZ?;-0zBm*)TwI0C0m+LJp?Iy zb5yu01`X~FD0L7!dZ`Y~;4uQXgs5Uyu7ZLPiurwYB$5i-|(fBLW z)09pnor{>O$=^Jn*Jg2i|6?2TSRi=^hPjc8URSu=YwJrBW%6S+BRJ6nW>v)M5QOfM z=Z>5hU0vw!zv!PYS-UM;9yA5UC$-W&1TCdB7RYxz6RZt4Pz_Zq-{l~cth&PzDx86& zPLuxLzj$V3I4MAbktD`6`UtjYxEEly@-7X2u{DNck`#D7Z9ro20v=fKKd$sY{jS;N z?`*8&nIOSpE2gPr$)wcDZ{Z2RxuWl>z;+ElPGf)%2~l%?<1+TvWcSV@gi%T%!)nm-Z_DHW-tpd=*(M@ng^-onJ&v$_7s{j>4ulT#yJ zxNc)UNdt;c6YxIRDs2k3m0o}j#SEdJ(RNWhrVVGWtf-T1Vw9Z1H_?cdapu7z!2HsG2jPv&$8wchG zm*NiFG2?O)GpwBDLQ#WL%Lk=o7;l9S2sReT4%%$g9YN-31#2;*aa+y)cK+ifqJo@n z%xiM4Q|{^jxbudKkEcP`^l zryP^uiwF{nv7S)?+}K>;=CEJX6E~>KlwFF$_ctgH{UIyyw_hCj=Gnbt*V5{^?~z-_ zfzwaVvmr`B;*2l0H_0TB2oF0T$=GN-85Cy}3>bu|T3MLG$_`6pA9^3}KejU7d*q4n z;~Sn@m)svVNQ`d9C8p+qI2K)VQRXVBXAZj(f%ZbxGE`uR}fXDZrSR1=Pd+UzYcU`j02}~0}j3PtOzX&-I4xyRM zL@10=NU_&~dSm|`@d`13q-$LGnuniUSwi;Z6S#KeKrzSR4l*VQo9=KTR0-VTDX1ey zVps{Du~b2mGyYly6*BxW9(F6^XHPz|bKE*U3{=C#6BHpVf(15|lt#$IdO^WmTAk|@ zbUW#TjM0ERqmRAB_UvHb_Jt7NbL#Mtl;ihS;c{!yB;;HgMbD;i%qLilONCD)PFz7Q zNGM?ziyJar2$3WUHRfKn;rf$PPc9CFunO*iI7VQA<9Iyvv5|W)*+Btf>swTT831aq zZ!a#AVq$bS_w6WkOK`tLSBe7X5-Y-#NW9*7rX(_cdWN@O%OHAG?B>`0mDAa5hkwbtV%vj82~N;*&Zg z=mXVb1Ch<5!{2!7rfU@G)@_ST#SmyHFa=ZCE#ND$f*3dky}?V+xl?etRwO0Zqt+%m zBR^3-e6SN9-#mM0eC}889nXCJw(%!+V;*vBJ!Tjea;Th!&0W@*mC^kq0EC8pMgQ zV=`Euv$P?=mSS6M#ZZ19S7at+R`b&(`_U&XjiU+&J>=sRdsk8-f%bO7swL>@ZtK zk?}E@?S&~O%#rJbBidu+(Mt5ZX@x&e9vn{RU%BVf-lx5E0wWK8gnX{aF0x* zo7vK3P{0UE;{4+4P?)L>@0nNxp#!}&voKXxK9#;T8^2o)A?VYYCO2g#Z|pE6JRKe? zFcKOD5V5oHB~=Dltz@<^f=rIGOlh0UZxb14?Z`M=Pj4SLrwP>uB-GI=R%gf(9EOTm z9_AuOg=UzJSV*AADg!q`aTPP~jjs#I_-dPve?2=N@3obkOD13fUrh5t#FnH$61E^~ zarX`)_`~UDVtOe!f-q1Pz(j#W#W60J?Tx;58<634v+i2rTGzV@YCm+f|ln`?%1vWQc5 zLub$juAZkHG{sgrjcFihC&NONpw2WzB12-)SU^Y}mp2cNd$(>F?_W4No;!cb)pOV3 zNgO>9GI0pI4~QoeG+Ktv0L0vSr$L3ZqbLLf<*}XuIe-?E=HSVY+`YArgTpQ^yPdPK z!H^R)WTU~AE5fiRQv~dy;?4#)=kbIS7KjmiC$(uB35@JL+XDUL@P*a!?=Ku2`z{`s zejPe@?&aqfUq1{Ctlh!&ivZ$vFGJm zK0G;aErF{h-Bq@yRE#|sGfjigROVct%( zX4QeLD#fmt3~d8#XKfofgpM;Z2%p0Tkh4m=(%&M}og5hIX*}Yy4jt5@4cD(c2_2Xx+?%O_i zTGCI`=Q=jN0z#G>8ILn10w{!411S&nBXvyx!*od2W)RO5OC?)8EZ26=_Hgj+AKZ4G zT%jV$LBy+AdQG}!?`zrk1P4H&XQol(W#}Bt!~eWs?gHxo_6vnz^N~}p1#A0vPM&W( u+=}sy$z;33bsKMYHE?GDKyWqz_bH=KnT;7)0fNaMU(E9eZ zx17q1O%mkvK9_x2Ywg`X-TdFD?ct_v@9GWzj8DhieLQY+yu15y^WPuqL*2(?EjQ`Q z&Hu#x$KCC_pKkv5C?9>;@sEdNeJK36?e;hK@!=`n-PE!@ZXZ70zWc5258K_t&41nu z@813GZ;vtm8b8**|NY%Vysv!seJpo%|Ni20@4H)d+rNKz*gfs@_>q16xIG;AU;gdW z@%VW7kDq`3xIKP)O1F7;|MULoaNOL*hmSvJdB(%-cDLE`G@swU%b#lg_3(5r|0}Jx zz3Qye*}K$L)ul3&;F~X|gy>sN$#W_%v8+jCNhiwrj5H&bH{R8irH~k6nwh&KKWm?P_0?i(OOi-0?ce|VyT313_)zw{ZTWEcayZue50CrZW8EM5{fW8iw!1Ye zZ<+5xb$u5~D!Nm8h`Dzmb-@p+^|fUmTxYBfs<>8cjiIxSJ?>ns)(%}aYwq1P<+qIG znALcHWm|u1SGH}?eQ$gzomR?r%H%#d6BDP>87x(7V^g{1pa(w;N^I}?sB{=YY0b7- z+v3CF_~ou*9=GcB@0-WCKTN;#`}QI49>x#x&%C?a?KeAa>3&;IAAI@lKc4FT%lN_V zVRNke`|U%#8^3-!HvjyW7thV*_cn zQ8%Z;;I-<9$VE3@2vPUCtDWaCaN;?gGdKJDH)(S|6H_z$TRg_9X6B*mU2L|~CUrWr zp~o4g5LM|^EFl{k`jVp0W{5@m-kWMt&01M*fo^fu%*#`c9cB0XVS}@}QMcM)!Lnl` z$mRBNa@E<{)r~INdawG#?RGh3m9ufChNR5U*hAOHIM~#pO|BVJ2h)evq8>WirQpQq z*#nxk$95M#PTg?F1zS6ErrHKywCU`S`_`3GRnQ#RR)!&G0;I{I54bRbY16G_PNlLf zb!u>~^NY`qr@dPHu=?6(?VD1DE0lCLRV7;nYjROKHqKa$u~(sD2BAOqxg<--;Y;rt z{-osD1NRa!Z{8p3esr1(J}^DqKgPS=#LVHgTmNFI(p%!ZvEJy=4MDkPo#X(ur92Gm zU#k{h=z=Yk&`E;h?7%-`t;P&Q?%6YzS%BC4ZOqGpU)d+MSsS8Hk@63#z*`?%Ti!>h+%+oPq(ji`DUg0r3Rp8IV{ zTL!u4U9VVO-`A9!#Co$;-YUi;K_Lo(i$u6gn-pR60w?ETorhqyUz@9XBDyN6Rs@yqCv z$JF8B>7M-jSU-~VOQIrQANO&4Jd9sH->94S@)yQ${T>hZn}lbl4mo{;Jmhi9zb;(6 zd>0=lJI~6k9923xt2298qIAj~%n{i$r$Z_?MU`KNy$hjyg}iAebDs z_up8Q^EzIy$=W_)Xu)coi?PKf?@FpZkk)yL_;naMTm+ZQO0L&;aTp3WEf1CyubFHz zcYG$9lTvoHlmaYo?qlBX`tj?3JnfFBvvK(Ha6@Rh?S^lxgDl$RB8Y2QJEQfnFU3UL zaMPBgM)i&86z#wom>$=W5(zoQwN&4sYU5G}PPyQ5k~Q);^KN}t>Obx_^)oIbA9vFX z0@PrdK>!oXK?W!E;O9L4ty{kOuYLXPKU3~{KV)jkKB<%_4IGtLR7!gr8kJWKL+R7- z)AxRGb|0y=#k0$qr3~K{Fp}{La=BwY?dZq5T{_g``0cy+&o3ViN5Nvoukn^2^5fIV zSMKANb0G&n@_Z4_8Ob>}`S8o({1I8O=l?Nk+`2hzkJNPh)g?c2wbYyaQ~GjsZpLhR z=CqC;c)X-ne`GXbV)(U%b4E>{eY9h9cuI%7-=?#poSH=Rcr|fT?^7jhE!430kFw6= zQ(S&xH0{lmI6TIO&AvYFz&_Zr>GkQ>uL!v(p1f$xv8@f3h^*6C1$u4xwpXP#s$KjE zUu0)JnNlWWQpVY8!K-GrMQZr5;2#&@>0v8Zfa0$lKfQGhu0euJ;{~f*+kr-JOwq9m zAXtRgCXSPfs4-NNr7P0bhzl`PN6IJXNE7*4>TAs)U~Vxbd`3G?xW=Uw0!$E*S1oo0 zXXuLQ^H5xleFc?Jl<-}jaQvDyAQwj#r8Q;WV3JJ+Bv0$0LAeMY^P%yN6u97$b<=iF z4+ZzJdyt~|>fHLfLYhr}*$t?X@wOi5>~ zY)Vtn=1!n$`ztXN1L?+PETQ>f<5J_`Sa%l zq41FaG=h}lS$O&0SiX$s<8J%#>n1o;ZjfvMi7Twc^aF+AM%b zA8Q)80brig`-P+|<2H!fRsmFX(Zzw_1~e)^j>;`;_<32#x2`ftS((eK{^tD~6`oL> zXQ%RA)!xgB&q2jM;7Cd4(t&7K7)fOX#~)$?;rF`3uNcmbts&=9N;C#GD`Yac9`v{e z^MeXls`_5+IGvo!OaDX8KtE_h(CaNU9hbsFMNt3s2JG8W3=UN5q&FcL>Qx0n5eBjt zZVPrrZpyr0d}Cj~qjIlM-qbo%)A4sJCkC#uB_LFULogk3GS_r=xds5`CnB0I}3l85ooB$eq@$5z9H0 zuz@_RRv>bePlAJIYlR!A^O?=_j7^yOThUi~s9aC!aZg|Kn;J1>uUx#-9el;m(-Se=Shx_VAd(|v{0W0?*4gHNQ; zjgaAB8bU|xgs0DBQW`pjvqY8+v0W60Z8n>Dw&}wt>iB@dV?>I-Zw1bq@fX=oX)>VLWYNf$&f{2CUe}Mg$NA53LgyLOyAu8c;pHP7!2SM_s{)TcSvWT5uV%4G1uyPl>%zI1vh+nUwNR9fFIC^%t!HC!fkc z!l9(ThiW9u^%g##GT)nkJ5@L#{@cR~7@&)iI2=@DoR>%vInQ(dsWrHCAAivzw4$h* zLBYMScsWv3l1V`(!?_YhOm;2-tJ(|`0M27U!O_5+>S-Vzc*fNZ!o+u6nlG}YwbSa@ zYf2_io-T(1+m{VgIS#Q0`JkjERZJ-kjjub(N+bN5D+*883sr5yLJovL=PO2VSRHx; zS_El>%p|!9MLS%W53zUv026z!g)JsfQvU@t5Ik{nF#_ZR32@FMNZ{P2$)j(|K7QOi zw7Zj{=&ZxKdH+Wct#J)5{?PSSt}T6tuvL^uh*m7>6JRPK1;8eI(|Im#bzMU6AQ>QD zzwaG6E~KxOS|AM}Er125Qs8YN+L;cxG*A-Ve(mZOm<~t|_8NYUu;ltSKvwFEt?1~q z&!wx_t`HZ3&cPLo$^TY1*NnW-Px1TwWOM^#RYVF%; zT!}*pNjz~X)?%*^ZyaBsWU5}_ZAC|D5Lm&{fd^%zc!ioz4VpVWd%)wR3RG-PB5sj? zx!av^kddI-oOQKPv`I(`}9*LBf4)IKZk z5Ar}wX$l==QD7kO34~H`bZ#fisR5jF)IJWjfiqhy^$$|JYPiG2>)x~2v-@);+L)d) zw7qL@l5#zID+er)996YkIzWSHv?2b8L_(paK#C1oi)3)H2q=(lg3Ta!Y~)U}n-mwd z%5v4__z?O2)b!1#xc&8Myqg!Ql{pQHC=Hh{>+D~>Ue>h_2ZtL~8*!SF);f(S%p$Mi zaCdmUN?uOU3up-)n!xyQ^fhqDDMnD94kgbgo?v<7a`4YH2Dj*;(B9u|TNUZflxvdU z)ve7F28#CVh{=LCfk@zengf<0p}k9mnm0?U5t0_OfUZ5(nf- zeFT^cR3Mb%sKe3XfbtRuNN)@BP+wzH4%s1^Ltvm9kXgf~FFDJzW4L^JIV*PU>#Vgw zx6pTx|0sjCAKHKu=VmLwEmt!bb&oF`P*|Ddh;!0WfP^xFS}QlqAMh(zwvdor$}%qP zq+VLR=%DINvGhPESwl-YMSllH5vVbUiU%GlsOXSUDjP^hS^!kg20jY?d(Hsy3n6U` z*_Y2Q$p+BZ%2yA11Xe^BRQVv?mLw4&lkO65DXxjY)$>*8fFMaH?Enmk6`D>K32x}* z7N35?j9l6wH-#I!s#>Au(kqt%CpsV*-QWT#0|B!YOgHYL;$MLDROXmb);1)4x&%k; zmgwE)5pVRvi{26D=jroiAAg_GC9Iz{6$8MQok5iA4Kl9kDRuCO@cg8KfH57MZ;sGl zkq$9LjU*%}lc{u(*!2C9q(svD%bgiTx@(6yk~-ozumMF%z<0451F1IDJ?#y21^*6d&IRe$SNPtHwG7R7DoI)D-Y z14l!Fpu)tQ2Ax_Ed5R`qSq(UhoDfla?BFU4Oc=_FCG3Z%Khxxw21vEI_Fhpi-~j?k zd;Z@Pi#x^-Q2JXAUO~%A{g+h&tCMsR+9%K{*?C&nJi%wFJbn=bECicNh+t}=UB8_L z1Sb$sQLqn^HNshN%0Rf_c@4ttK;cx0MF_NN5&XwfrNDcG0?=l*)PpqkurB(#ho=o) zO53rA?%H42)%Vc3=;;!3Tq!)6<*;E3e5N5W?yXY9t3+aK#D&+|2ki-@mF6;<6KK8y zahbvJq(ks-7e$#dX2EX?@Gmv~)BPlUSR2BkyAPG52bn@;49tp!1=9dk5Zx)UcAa^cR+n0u*VnRF;DoZySkObsUESleJcKS39@XG67wq>i%* z?T(624z)O17zOe{QV((uh-``@RFT|dl-MZE=Ot>d1}|H9QXXI0htriFyLD3$z{ZSV zu;3ZFk-$w3(Fx`05XcH)4~XP=Rg_7Nu1{KkXyjxYk-m~^(XKr&z?jrBf;nB3bqf~1 zsxq!jUO#RmAx9Od7Nr{68bTz#wIcxl$( z;9Af%=vDzpoTfV!SUgC75)|dEKYZ4T1L8kOXTrjjIW?nPo7k^j)&tH*Y9|s#WX7Ue-xE6Dl1D2_XIc}nA1U1KvHxdr%2jK zVq*d9>8_fOXs;6FXHm77{`%dM-gx@GXR-3wmiXLgv$Q~C&&}1^Pynv%l5i`ukc|{F zSO^k&0=z|MNA18I3@tN2&=All0mSd2BYQ}8ri9?EX0P*Cgw;h)^H-JCzd}__ z|Hzf!9!s@#9XFgScN@BzD#T|R=P6RS92AgLn~!owbEH_3#9>B7HWgL$HV zk)9curXW={N)jkbPm8dZff(7+Hcfjp9-J{-3&oVeU;9PR3{x=81f5|*T8<{MCxF>Q%zjlm26_f@8xUP%30k9f0#Z_T;2Lp{jGtfCFFnL%ZNIgdEknK`4 zc7Tuy#*4ZOR)QYVLD~7_ew?}R;bqFeLcTNk)Q`7RGuRAL#nI3zeXp>UQWeABa(|?~ zfb3rp^F)yp@sS{Sz&}cWOXy50<5`z7&GB#E|FP!z(+d0|9o5(NODoi>l_-@90}~<# zkCtBCD=D!{4u>l3t~8PsFic2(06kU&AqbwL=f-7xZqSIBX3ZZtSMiJD>*Sx$(>9j2 z{1d%c^i3b`BB;s*S1TC8+KFy}_5*&TXr+k?#(+^0v>>4u_e_Pssi@YG^%ssbnnR#w zoTOAog_A)W+rZ77N#QPO%*9gYaL=5>-$eR;qvUqL-iqg`xs3ALeCY%MRr`5fc*X$+0^R@L1QG z0Eshh2)RA8YLLWrP*0$YD8*0;Sa3LQ7rYP05~{9&Bv^bX67>w)C=qbJhWyi}zfL2# zJh=3ytbXkh2azscpj3EkMyxnyfb}SxWeOt>2Q-h#SHMD=o08wRv`*UfT zyn;APAu)$~C3jO~J~VY28hOFaHO-x7z6gG4Rh_meE<}uRXw&6(j*(*R;E1?_z(_$0 z0D`~~o}PXZ+R*4O0)!^VraqD{6KWVLerONOhaqax;Hu1g@%vInAdr#aQs1Vzp2w10 z+bh0e)nq`l*0dIpS2Kr;QGD>SI9$4h24V;TNiu~Fegv5tqyW*wcM(x8vJ?7N5qZrs z=ocIN70xc!pRL=(5dPc&YQi}L*Kx6#ArPhI@-^(sj?Sap@ODBwgIM7c>ve@3#7 zklR8|^9^P%I#7I84OOg$G!t?c)d&8ahz73K&7X>8FDDJSV~t3pT1+jT*I`_(>lF}z z)~YLjRg^X2!)f1DWi4y{{2b!B%5RTzYe0$Lc$+k}v4DyZXsTi@c(LEe4O9uJi zOL8q=Ov2&#jmcE1(`2W!XLSZVx zM+pF4MglOu56&SHL%IT11G~;NABPkZ`Ejs6eeVZnmwMF6oqIvv@+B{p&WyCWvi%D9 zS+M=Wm|GAZrzxZN2li}$Eq9Go+49(+;Za!qy1k*LvBdIC$s<`XY0ZJeq@s!Oqe;0SG41Q0At)?q*jng%-Os4u_*nW6xS24XN< zzCIgq8bo$!gk+Daw+&FhB9kT}bj&>(P?6v#0gk}g(IgNUqCw3T;RjS?;tO;VB5{ZV zku%WgP~=mK$mjrsc~oPl zdZ0w$z1bq^)uL;~%Yj;W{xNUAdUi07f0OTT4isyLPrD;}lKR`W{tjHUYUP?5AZYCKFV<}%)IjIqRzN% zJvhxUU3Tk}&nDg)!iy^=6||`NS6>0fT-Ct%I*@SWl)n|3`5>XvQ^(0mNohC*Q0ZO z$O_V1gcyP02FPcbmc>%iYsI-@m?PpTI4=4vp*W#NJoO2O$WnyS!3DVjS-UVg=M|^_ z+9W1{KFV0m?>tK5GQ9lG55H0nF%A9`RGXGlrpxjg3P4`)Z1kEm;xRj)_IXA>C<@m) z^nl%b7Tp{oCPVm{ho1h$0za%kM|^? zT7v*kOe!Y<8_=p-MzRqx==g&c3IlwYr@wnKN}Ps=Pal6+T}g;6hn_=9P$&x*MZN?Y z9tIqLWl*+4(8a4ghRSaJeFD57;7F*FFu#UY7u zly~1Ce}V?2-;K*Ln@^rC8j;zl3G2V4h*uW?FII*Lj2c+pF~b-*EZ_|iv`~4VhawYe zncXYzp#iVtbyCu73nT-F<>sNelL2oyv=j6^ztK~R*WWY-l`tODp*e($bEt_BdK8+e z5YvFT;k5ARs6l8~MCMC66kw@o+s=#(U>wlm3mdR`Y^c6^{PkO0Dz}Fr{pcwfzl&6i zmx3t3LWomD*JG2pfx}8DWI+hQ6d7|MFJ(eiOWzWgb2h}EpMG=X?P&ElzI^7*-r(oY ze?60Td}+Ktyyc4NE|}T} zTEMBNXa~aYFa-nh2dz6b811RFLBjXBc?SKwZy#dZ=TBCDAlN{b-^&P-(|*6GtX@8H zfA}rW{aoUf{Qlz4mVWW%=$3x<^`}b@cK*cl&o76=%U!<}oP zi3PkHgV7jt3Nm5{`p!VmX=Zu^Dq;~a%1b2Vog&DB=Y=kB?AqzfF7Mj)&o6gv_Giz_ zdi}%KeUS}c{^|3sEqr47=ilD7mm_#SrPsT+{+*-b2QLB;20~&sIQU-yAq`#6_(S9o zn!yW<$YlCNrDqGd5(y41)fD~G%?=r}oWjT{{FXhkWb68nK znn$#}90>0Lrib%PB(W_wQgE8EAd_uRrrz;x#l@6tVvlUAOV= zjE;;~33PO?Be6koB!Q8311eK|Az3)HAIQ|@jRJZ}uX264=8Rc?XPAHh(#me|_9#}K zMtt%ZbWfyUjL>8bLMLxqL1q&`Xk?~7brX_kIv=Iov3<*!=WG7scLiZzq4MFL@HWE& zc|yA?t&H@cQoO-R;_m{lp+Y>008aYw$)@Sdr&1n3V)PWEE%%?j_`&_24MkS z(4YaPiS~jH9C}z_lszM|Ja0je*9JI5QE1fY%;DW;qKHNN%ec!$G4J#78V#8{TkCr< z25s7g?4WGLrJprpAQSfA~Yc_d)9GV_bk_^>_vB9eNX&{82b-ugvL z*54EQoVg2?SsQe5OCus;iGVJKCJ;oTOv!?mLL&koj_^g(mWcX^@mWkIkQd9TZ&~sh z(|-ItK@3hD!AtQLUq%>%NAe~jZZa(bu-;7PfWb!YL32KEC9nNsYCjRhQY|BXAnW_a zrYxJX{;tr8k$B~Yv?-zcr=Sw$3OYhWp7iMPA0C%C4uBBy%3I?Vvl2ucPb!Y|8sYDE znxmDi6LURH*u}pWM4UAW&@scEDZaBC=7d*-@ Lz(+b`-@p5R6Q5BH diff --git a/ruby/extractor/Cargo.toml b/ruby/extractor/Cargo.toml index 453d34302cb..bee9079faf8 100644 --- a/ruby/extractor/Cargo.toml +++ b/ruby/extractor/Cargo.toml @@ -34,7 +34,7 @@ lazy_static = "1.4.0" # of lock-file update time, but `rules_rust` pins generates a bazel rule that unconditionally downloads `main`, which # breaks build hermeticity. So, rev-pinning it is. # See also https://github.com/bazelbuild/rules_rust/issues/2502. -codeql-extractor = { git = "https://github.com/github/codeql.git", rev = "bc1283c7152b0bb4d27ff6a004869f493e93d2b3" } +codeql-extractor = { git = "https://github.com/github/codeql.git", rev = "a523be4d0a1e2420a1884f7c4f8754a7c4fb7e21" } [patch.crates-io] tree-sitter = {git = "https://github.com/redsun82/tree-sitter.git", rev = "1f5c1112ceaa8fc6aff61d1852690407670d2a96"} diff --git a/ruby/extractor/cargo-bazel-lock.json b/ruby/extractor/cargo-bazel-lock.json index b7f5f041632..716f999b16c 100644 --- a/ruby/extractor/cargo-bazel-lock.json +++ b/ruby/extractor/cargo-bazel-lock.json @@ -1,5 +1,5 @@ { - "checksum": "c50e77889b9291b968272c6e3a2953664e4ac18807c9546bac76d51fdc2e7d6b", + "checksum": "ec7840d3326d3ea97d8b1ce0f748dc4e7e3528695e3302133cb5e8518aa3d7a1", "crates": { "adler 1.0.2": { "name": "adler", @@ -38,14 +38,14 @@ ], "license_file": null }, - "aho-corasick 1.1.2": { + "aho-corasick 1.1.3": { "name": "aho-corasick", - "version": "1.1.2", + "version": "1.1.3", "package_url": "https://github.com/BurntSushi/aho-corasick", "repository": { "Http": { - "url": "https://static.crates.io/crates/aho-corasick/1.1.2/download", - "sha256": "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" + "url": "https://static.crates.io/crates/aho-corasick/1.1.3/download", + "sha256": "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" } }, "targets": [ @@ -75,14 +75,14 @@ "deps": { "common": [ { - "id": "memchr 2.7.1", + "id": "memchr 2.7.2", "target": "memchr" } ], "selects": {} }, "edition": "2021", - "version": "1.1.2" + "version": "1.1.3" }, "license": "Unlicense OR MIT", "license_ids": [ @@ -91,6 +91,42 @@ ], "license_file": null }, + "android-tzdata 0.1.1": { + "name": "android-tzdata", + "version": "0.1.1", + "package_url": "https://github.com/RumovZ/android-tzdata", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/android-tzdata/0.1.1/download", + "sha256": "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" + } + }, + "targets": [ + { + "Library": { + "crate_name": "android_tzdata", + "crate_root": "src/lib.rs", + "srcs": [ + "**/*.rs" + ] + } + } + ], + "library_target_name": "android_tzdata", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "edition": "2018", + "version": "0.1.1" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "android_system_properties 0.1.5": { "name": "android_system_properties", "version": "0.1.5", @@ -120,7 +156,7 @@ "deps": { "common": [ { - "id": "libc 0.2.141", + "id": "libc 0.2.155", "target": "libc" } ], @@ -136,14 +172,14 @@ ], "license_file": null }, - "anstream 0.2.6": { + "anstream 0.6.14": { "name": "anstream", - "version": "0.2.6", + "version": "0.6.14", "package_url": "https://github.com/rust-cli/anstyle.git", "repository": { "Http": { - "url": "https://static.crates.io/crates/anstream/0.2.6/download", - "sha256": "342258dd14006105c2b75ab1bd7543a03bdf0cfc94383303ac212a04939dff6f" + "url": "https://static.crates.io/crates/anstream/0.6.14/download", + "sha256": "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" } }, "targets": [ @@ -173,24 +209,24 @@ "deps": { "common": [ { - "id": "anstyle 0.3.5", + "id": "anstyle 1.0.7", "target": "anstyle" }, { - "id": "anstyle-parse 0.1.1", + "id": "anstyle-parse 0.2.4", "target": "anstyle_parse" }, { - "id": "concolor-override 1.0.0", - "target": "concolor_override" + "id": "anstyle-query 1.0.3", + "target": "anstyle_query" }, { - "id": "concolor-query 0.3.3", - "target": "concolor_query" + "id": "colorchoice 1.0.1", + "target": "colorchoice" }, { - "id": "is-terminal 0.4.6", - "target": "is_terminal" + "id": "is_terminal_polyfill 1.70.0", + "target": "is_terminal_polyfill" }, { "id": "utf8parse 0.2.1", @@ -200,14 +236,14 @@ "selects": { "cfg(windows)": [ { - "id": "anstyle-wincon 0.2.0", + "id": "anstyle-wincon 3.0.3", "target": "anstyle_wincon" } ] } }, "edition": "2021", - "version": "0.2.6" + "version": "0.6.14" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -216,14 +252,14 @@ ], "license_file": null }, - "anstyle 0.3.5": { + "anstyle 1.0.7": { "name": "anstyle", - "version": "0.3.5", + "version": "1.0.7", "package_url": "https://github.com/rust-cli/anstyle.git", "repository": { "Http": { - "url": "https://static.crates.io/crates/anstyle/0.3.5/download", - "sha256": "23ea9e81bd02e310c216d080f6223c179012256e5151c41db88d12c88a1684d2" + "url": "https://static.crates.io/crates/anstyle/1.0.7/download", + "sha256": "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" } }, "targets": [ @@ -250,7 +286,7 @@ "selects": {} }, "edition": "2021", - "version": "0.3.5" + "version": "1.0.7" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -259,14 +295,14 @@ ], "license_file": null }, - "anstyle-parse 0.1.1": { + "anstyle-parse 0.2.4": { "name": "anstyle-parse", - "version": "0.1.1", + "version": "0.2.4", "package_url": "https://github.com/rust-cli/anstyle.git", "repository": { "Http": { - "url": "https://static.crates.io/crates/anstyle-parse/0.1.1/download", - "sha256": "a7d1bb534e9efed14f3e5f44e7dd1a4f709384023a4165199a4241e18dff0116" + "url": "https://static.crates.io/crates/anstyle-parse/0.2.4/download", + "sha256": "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" } }, "targets": [ @@ -302,7 +338,7 @@ "selects": {} }, "edition": "2021", - "version": "0.1.1" + "version": "0.2.4" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -311,14 +347,61 @@ ], "license_file": null }, - "anstyle-wincon 0.2.0": { + "anstyle-query 1.0.3": { + "name": "anstyle-query", + "version": "1.0.3", + "package_url": "https://github.com/rust-cli/anstyle", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/anstyle-query/1.0.3/download", + "sha256": "a64c907d4e79225ac72e2a354c9ce84d50ebb4586dee56c82b3ee73004f537f5" + } + }, + "targets": [ + { + "Library": { + "crate_name": "anstyle_query", + "crate_root": "src/lib.rs", + "srcs": [ + "**/*.rs" + ] + } + } + ], + "library_target_name": "anstyle_query", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [], + "selects": { + "cfg(windows)": [ + { + "id": "windows-sys 0.52.0", + "target": "windows_sys" + } + ] + } + }, + "edition": "2021", + "version": "1.0.3" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, + "anstyle-wincon 3.0.3": { "name": "anstyle-wincon", - "version": "0.2.0", + "version": "3.0.3", "package_url": "https://github.com/rust-cli/anstyle.git", "repository": { "Http": { - "url": "https://static.crates.io/crates/anstyle-wincon/0.2.0/download", - "sha256": "c3127af6145b149f3287bb9a0d10ad9c5692dba8c53ad48285e5bec4063834fa" + "url": "https://static.crates.io/crates/anstyle-wincon/3.0.3/download", + "sha256": "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" } }, "targets": [ @@ -340,21 +423,21 @@ "deps": { "common": [ { - "id": "anstyle 0.3.5", + "id": "anstyle 1.0.7", "target": "anstyle" } ], "selects": { "cfg(windows)": [ { - "id": "windows-sys 0.45.0", + "id": "windows-sys 0.52.0", "target": "windows_sys" } ] } }, "edition": "2021", - "version": "0.2.0" + "version": "3.0.3" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -363,14 +446,14 @@ ], "license_file": null }, - "autocfg 1.1.0": { + "autocfg 1.3.0": { "name": "autocfg", - "version": "1.1.0", + "version": "1.3.0", "package_url": "https://github.com/cuviper/autocfg", "repository": { "Http": { - "url": "https://static.crates.io/crates/autocfg/1.1.0/download", - "sha256": "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + "url": "https://static.crates.io/crates/autocfg/1.3.0/download", + "sha256": "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" } }, "targets": [ @@ -390,7 +473,7 @@ "**" ], "edition": "2015", - "version": "1.1.0" + "version": "1.3.0" }, "license": "Apache-2.0 OR MIT", "license_ids": [ @@ -399,56 +482,14 @@ ], "license_file": null }, - "bitflags 1.3.2": { - "name": "bitflags", - "version": "1.3.2", - "package_url": "https://github.com/bitflags/bitflags", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/bitflags/1.3.2/download", - "sha256": "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - } - }, - "targets": [ - { - "Library": { - "crate_name": "bitflags", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "bitflags", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "default" - ], - "selects": {} - }, - "edition": "2018", - "version": "1.3.2" - }, - "license": "MIT/Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "bstr 1.9.0": { + "bstr 1.9.1": { "name": "bstr", - "version": "1.9.0", + "version": "1.9.1", "package_url": "https://github.com/BurntSushi/bstr", "repository": { "Http": { - "url": "https://static.crates.io/crates/bstr/1.9.0/download", - "sha256": "c48f0051a4b4c5e0b6d365cd04af53aeaa209e3cc15ec2cdb69e73cc87fbd0dc" + "url": "https://static.crates.io/crates/bstr/1.9.1/download", + "sha256": "05efc5cfd9110c8416e471df0e96702d58690178e206e61b7173706673c93706" } }, "targets": [ @@ -477,14 +518,14 @@ "deps": { "common": [ { - "id": "memchr 2.7.1", + "id": "memchr 2.7.2", "target": "memchr" } ], "selects": {} }, "edition": "2021", - "version": "1.9.0" + "version": "1.9.1" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -493,14 +534,14 @@ ], "license_file": null }, - "bumpalo 3.12.0": { + "bumpalo 3.16.0": { "name": "bumpalo", - "version": "3.12.0", + "version": "3.16.0", "package_url": "https://github.com/fitzgen/bumpalo", "repository": { "Http": { - "url": "https://static.crates.io/crates/bumpalo/3.12.0/download", - "sha256": "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" + "url": "https://static.crates.io/crates/bumpalo/3.16.0/download", + "sha256": "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" } }, "targets": [ @@ -526,9 +567,9 @@ "selects": {} }, "edition": "2021", - "version": "3.12.0" + "version": "3.16.0" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" @@ -607,14 +648,14 @@ ], "license_file": null }, - "chrono 0.4.24": { + "chrono 0.4.38": { "name": "chrono", - "version": "0.4.24", + "version": "0.4.38", "package_url": "https://github.com/chronotope/chrono", "repository": { "Http": { - "url": "https://static.crates.io/crates/chrono/0.4.24/download", - "sha256": "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b" + "url": "https://static.crates.io/crates/chrono/0.4.38/download", + "sha256": "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" } }, "targets": [ @@ -635,82 +676,83 @@ ], "crate_features": { "common": [ + "alloc", + "android-tzdata", "clock", "default", "iana-time-zone", "js-sys", + "now", "oldtime", "serde", "std", - "time", "wasm-bindgen", "wasmbind", - "winapi" + "winapi", + "windows-targets" ], "selects": {} }, "deps": { "common": [ { - "id": "num-integer 0.1.45", - "target": "num_integer" - }, - { - "id": "num-traits 0.2.15", + "id": "num-traits 0.2.19", "target": "num_traits" }, { - "id": "serde 1.0.159", + "id": "serde 1.0.202", "target": "serde" - }, - { - "id": "time 0.1.45", - "target": "time" } ], "selects": { "cfg(all(target_arch = \"wasm32\", not(any(target_os = \"emscripten\", target_os = \"wasi\"))))": [ { - "id": "js-sys 0.3.61", + "id": "js-sys 0.3.69", "target": "js_sys" }, { - "id": "wasm-bindgen 0.2.84", + "id": "wasm-bindgen 0.2.92", "target": "wasm_bindgen" } ], + "cfg(target_os = \"android\")": [ + { + "id": "android-tzdata 0.1.1", + "target": "android_tzdata" + } + ], "cfg(unix)": [ { - "id": "iana-time-zone 0.1.56", + "id": "iana-time-zone 0.1.60", "target": "iana_time_zone" } ], "cfg(windows)": [ { - "id": "winapi 0.3.9", - "target": "winapi" + "id": "windows-targets 0.52.5", + "target": "windows_targets" } ] } }, - "edition": "2018", - "version": "0.4.24" + "edition": "2021", + "version": "0.4.38" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "clap 4.2.1": { + "clap 4.5.4": { "name": "clap", - "version": "4.2.1", + "version": "4.5.4", "package_url": "https://github.com/clap-rs/clap", "repository": { "Http": { - "url": "https://static.crates.io/crates/clap/4.2.1/download", - "sha256": "046ae530c528f252094e4a77886ee1374437744b2bff1497aa898bbddbbb29b3" + "url": "https://static.crates.io/crates/clap/4.5.4/download", + "sha256": "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" } }, "targets": [ @@ -745,12 +787,8 @@ "deps": { "common": [ { - "id": "clap_builder 4.2.1", + "id": "clap_builder 4.5.2", "target": "clap_builder" - }, - { - "id": "once_cell 1.17.1", - "target": "once_cell" } ], "selects": {} @@ -759,13 +797,13 @@ "proc_macro_deps": { "common": [ { - "id": "clap_derive 4.2.0", + "id": "clap_derive 4.5.4", "target": "clap_derive" } ], "selects": {} }, - "version": "4.2.1" + "version": "4.5.4" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -774,14 +812,14 @@ ], "license_file": null }, - "clap_builder 4.2.1": { + "clap_builder 4.5.2": { "name": "clap_builder", - "version": "4.2.1", + "version": "4.5.2", "package_url": "https://github.com/clap-rs/clap", "repository": { "Http": { - "url": "https://static.crates.io/crates/clap_builder/4.2.1/download", - "sha256": "223163f58c9a40c3b0a43e1c4b50a9ce09f007ea2cb1ec258a687945b4b7929f" + "url": "https://static.crates.io/crates/clap_builder/4.5.2/download", + "sha256": "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" } }, "targets": [ @@ -814,30 +852,26 @@ "deps": { "common": [ { - "id": "anstream 0.2.6", + "id": "anstream 0.6.14", "target": "anstream" }, { - "id": "anstyle 0.3.5", + "id": "anstyle 1.0.7", "target": "anstyle" }, { - "id": "bitflags 1.3.2", - "target": "bitflags" - }, - { - "id": "clap_lex 0.4.1", + "id": "clap_lex 0.7.0", "target": "clap_lex" }, { - "id": "strsim 0.10.0", + "id": "strsim 0.11.1", "target": "strsim" } ], "selects": {} }, "edition": "2021", - "version": "4.2.1" + "version": "4.5.2" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -846,14 +880,14 @@ ], "license_file": null }, - "clap_derive 4.2.0": { + "clap_derive 4.5.4": { "name": "clap_derive", - "version": "4.2.0", + "version": "4.5.4", "package_url": "https://github.com/clap-rs/clap/tree/master/clap_derive", "repository": { "Http": { - "url": "https://static.crates.io/crates/clap_derive/4.2.0/download", - "sha256": "3f9644cd56d6b87dbe899ef8b053e331c0637664e9e21a33dfcdc36093f5c5c4" + "url": "https://static.crates.io/crates/clap_derive/4.5.4/download", + "sha256": "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" } }, "targets": [ @@ -881,26 +915,26 @@ "deps": { "common": [ { - "id": "heck 0.4.1", + "id": "heck 0.5.0", "target": "heck" }, { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "syn 2.0.13", + "id": "syn 2.0.65", "target": "syn" } ], "selects": {} }, "edition": "2021", - "version": "4.2.0" + "version": "4.5.4" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -909,14 +943,14 @@ ], "license_file": null }, - "clap_lex 0.4.1": { + "clap_lex 0.7.0": { "name": "clap_lex", - "version": "0.4.1", + "version": "0.7.0", "package_url": "https://github.com/clap-rs/clap/tree/master/clap_lex", "repository": { "Http": { - "url": "https://static.crates.io/crates/clap_lex/0.4.1/download", - "sha256": "8a2dd5a6fe8c6e3502f568a6353e5273bbb15193ad9a89e457b9970798efbea1" + "url": "https://static.crates.io/crates/clap_lex/0.7.0/download", + "sha256": "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" } }, "targets": [ @@ -936,7 +970,7 @@ "**" ], "edition": "2021", - "version": "0.4.1" + "version": "0.7.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -953,7 +987,7 @@ "Git": { "remote": "https://github.com/github/codeql.git", "commitish": { - "Rev": "bc1283c7152b0bb4d27ff6a004869f493e93d2b3" + "Rev": "a523be4d0a1e2420a1884f7c4f8754a7c4fb7e21" }, "strip_prefix": "shared/tree-sitter-extractor" } @@ -977,7 +1011,7 @@ "deps": { "common": [ { - "id": "chrono 0.4.24", + "id": "chrono 0.4.38", "target": "chrono" }, { @@ -985,7 +1019,7 @@ "target": "encoding" }, { - "id": "flate2 1.0.25", + "id": "flate2 1.0.30", "target": "flate2" }, { @@ -997,11 +1031,11 @@ "target": "lazy_static" }, { - "id": "num_cpus 1.15.0", + "id": "num_cpus 1.16.0", "target": "num_cpus" }, { - "id": "rayon 1.7.0", + "id": "rayon 1.10.0", "target": "rayon" }, { @@ -1009,17 +1043,21 @@ "target": "regex" }, { - "id": "serde 1.0.159", + "id": "serde 1.0.202", "target": "serde" }, { - "id": "serde_json 1.0.95", + "id": "serde_json 1.0.117", "target": "serde_json" }, { - "id": "tracing 0.1.37", + "id": "tracing 0.1.40", "target": "tracing" }, + { + "id": "tracing-subscriber 0.3.18", + "target": "tracing_subscriber" + }, { "id": "tree-sitter 0.22.6", "target": "tree_sitter" @@ -1048,7 +1086,7 @@ "deps": { "common": [ { - "id": "clap 4.2.1", + "id": "clap 4.5.4", "target": "clap" }, { @@ -1064,7 +1102,7 @@ "target": "lazy_static" }, { - "id": "rayon 1.7.0", + "id": "rayon 1.10.0", "target": "rayon" }, { @@ -1072,11 +1110,11 @@ "target": "regex" }, { - "id": "tracing 0.1.37", + "id": "tracing 0.1.40", "target": "tracing" }, { - "id": "tracing-subscriber 0.3.16", + "id": "tracing-subscriber 0.3.18", "target": "tracing_subscriber" }, { @@ -1101,20 +1139,20 @@ "license_ids": [], "license_file": null }, - "codespan-reporting 0.11.1": { - "name": "codespan-reporting", - "version": "0.11.1", - "package_url": "https://github.com/brendanzab/codespan", + "colorchoice 1.0.1": { + "name": "colorchoice", + "version": "1.0.1", + "package_url": "https://github.com/rust-cli/anstyle", "repository": { "Http": { - "url": "https://static.crates.io/crates/codespan-reporting/0.11.1/download", - "sha256": "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" + "url": "https://static.crates.io/crates/colorchoice/1.0.1/download", + "sha256": "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" } }, "targets": [ { "Library": { - "crate_name": "codespan_reporting", + "crate_name": "colorchoice", "crate_root": "src/lib.rs", "srcs": [ "**/*.rs" @@ -1122,61 +1160,13 @@ } } ], - "library_target_name": "codespan_reporting", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "termcolor 1.2.0", - "target": "termcolor" - }, - { - "id": "unicode-width 0.1.10", - "target": "unicode_width" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.11.1" - }, - "license": "Apache-2.0", - "license_ids": [ - "Apache-2.0" - ], - "license_file": null - }, - "concolor-override 1.0.0": { - "name": "concolor-override", - "version": "1.0.0", - "package_url": "https://github.com/rust-cli/concolor", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/concolor-override/1.0.0/download", - "sha256": "a855d4a1978dc52fb0536a04d384c2c0c1aa273597f08b77c8c4d3b2eec6037f" - } - }, - "targets": [ - { - "Library": { - "crate_name": "concolor_override", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "concolor_override", + "library_target_name": "colorchoice", "common_attrs": { "compile_data_glob": [ "**" ], "edition": "2021", - "version": "1.0.0" + "version": "1.0.1" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -1185,61 +1175,14 @@ ], "license_file": null }, - "concolor-query 0.3.3": { - "name": "concolor-query", - "version": "0.3.3", - "package_url": "https://github.com/rust-cli/concolor", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/concolor-query/0.3.3/download", - "sha256": "88d11d52c3d7ca2e6d0040212be9e4dbbcd78b6447f535b6b561f449427944cf" - } - }, - "targets": [ - { - "Library": { - "crate_name": "concolor_query", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "concolor_query", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [], - "selects": { - "cfg(windows)": [ - { - "id": "windows-sys 0.45.0", - "target": "windows_sys" - } - ] - } - }, - "edition": "2021", - "version": "0.3.3" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "core-foundation-sys 0.8.4": { + "core-foundation-sys 0.8.6": { "name": "core-foundation-sys", - "version": "0.8.4", + "version": "0.8.6", "package_url": "https://github.com/servo/core-foundation-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/core-foundation-sys/0.8.4/download", - "sha256": "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" + "url": "https://static.crates.io/crates/core-foundation-sys/0.8.6/download", + "sha256": "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" } }, "targets": [ @@ -1258,24 +1201,31 @@ "compile_data_glob": [ "**" ], - "edition": "2015", - "version": "0.8.4" + "crate_features": { + "common": [ + "default", + "link" + ], + "selects": {} + }, + "edition": "2018", + "version": "0.8.6" }, - "license": "MIT / Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "crc32fast 1.3.2": { + "crc32fast 1.4.2": { "name": "crc32fast", - "version": "1.3.2", + "version": "1.4.2", "package_url": "https://github.com/srijs/rust-crc32fast", "repository": { "Http": { - "url": "https://static.crates.io/crates/crc32fast/1.3.2/download", - "sha256": "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" + "url": "https://static.crates.io/crates/crc32fast/1.4.2/download", + "sha256": "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" } }, "targets": [ @@ -1287,15 +1237,6 @@ "**/*.rs" ] } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } } ], "library_target_name": "crc32fast", @@ -1315,21 +1256,12 @@ { "id": "cfg-if 1.0.0", "target": "cfg_if" - }, - { - "id": "crc32fast 1.3.2", - "target": "build_script_build" } ], "selects": {} }, "edition": "2015", - "version": "1.3.2" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] + "version": "1.4.2" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -1338,71 +1270,14 @@ ], "license_file": null }, - "crossbeam-channel 0.5.7": { - "name": "crossbeam-channel", - "version": "0.5.7", - "package_url": "https://github.com/crossbeam-rs/crossbeam", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/crossbeam-channel/0.5.7/download", - "sha256": "cf2b3e8478797446514c91ef04bafcb59faba183e621ad488df88983cc14128c" - } - }, - "targets": [ - { - "Library": { - "crate_name": "crossbeam_channel", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "crossbeam_channel", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "crossbeam-utils", - "default", - "std" - ], - "selects": {} - }, - "deps": { - "common": [ - { - "id": "cfg-if 1.0.0", - "target": "cfg_if" - }, - { - "id": "crossbeam-utils 0.8.15", - "target": "crossbeam_utils" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.5.7" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "crossbeam-deque 0.8.3": { + "crossbeam-deque 0.8.5": { "name": "crossbeam-deque", - "version": "0.8.3", + "version": "0.8.5", "package_url": "https://github.com/crossbeam-rs/crossbeam", "repository": { "Http": { - "url": "https://static.crates.io/crates/crossbeam-deque/0.8.3/download", - "sha256": "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" + "url": "https://static.crates.io/crates/crossbeam-deque/0.8.5/download", + "sha256": "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" } }, "targets": [ @@ -1423,8 +1298,6 @@ ], "crate_features": { "common": [ - "crossbeam-epoch", - "crossbeam-utils", "default", "std" ], @@ -1433,22 +1306,18 @@ "deps": { "common": [ { - "id": "cfg-if 1.0.0", - "target": "cfg_if" - }, - { - "id": "crossbeam-epoch 0.9.14", + "id": "crossbeam-epoch 0.9.18", "target": "crossbeam_epoch" }, { - "id": "crossbeam-utils 0.8.15", + "id": "crossbeam-utils 0.8.20", "target": "crossbeam_utils" } ], "selects": {} }, - "edition": "2018", - "version": "0.8.3" + "edition": "2021", + "version": "0.8.5" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -1457,14 +1326,14 @@ ], "license_file": null }, - "crossbeam-epoch 0.9.14": { + "crossbeam-epoch 0.9.18": { "name": "crossbeam-epoch", - "version": "0.9.14", + "version": "0.9.18", "package_url": "https://github.com/crossbeam-rs/crossbeam", "repository": { "Http": { - "url": "https://static.crates.io/crates/crossbeam-epoch/0.9.14/download", - "sha256": "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" + "url": "https://static.crates.io/crates/crossbeam-epoch/0.9.18/download", + "sha256": "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" } }, "targets": [ @@ -1476,15 +1345,6 @@ "**/*.rs" ] } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } } ], "library_target_name": "crossbeam_epoch", @@ -1502,44 +1362,14 @@ "deps": { "common": [ { - "id": "cfg-if 1.0.0", - "target": "cfg_if" - }, - { - "id": "crossbeam-epoch 0.9.14", - "target": "build_script_build" - }, - { - "id": "crossbeam-utils 0.8.15", + "id": "crossbeam-utils 0.8.20", "target": "crossbeam_utils" - }, - { - "id": "memoffset 0.8.0", - "target": "memoffset" - }, - { - "id": "scopeguard 1.1.0", - "target": "scopeguard" } ], "selects": {} }, - "edition": "2018", - "version": "0.9.14" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "autocfg 1.1.0", - "target": "autocfg" - } - ], - "selects": {} - } + "edition": "2021", + "version": "0.9.18" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -1548,14 +1378,14 @@ ], "license_file": null }, - "crossbeam-utils 0.8.15": { + "crossbeam-utils 0.8.20": { "name": "crossbeam-utils", - "version": "0.8.15", + "version": "0.8.20", "package_url": "https://github.com/crossbeam-rs/crossbeam", "repository": { "Http": { - "url": "https://static.crates.io/crates/crossbeam-utils/0.8.15/download", - "sha256": "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" + "url": "https://static.crates.io/crates/crossbeam-utils/0.8.20/download", + "sha256": "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" } }, "targets": [ @@ -1593,18 +1423,14 @@ "deps": { "common": [ { - "id": "cfg-if 1.0.0", - "target": "cfg_if" - }, - { - "id": "crossbeam-utils 0.8.15", + "id": "crossbeam-utils 0.8.20", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.8.15" + "edition": "2021", + "version": "0.8.20" }, "build_script_attrs": { "data_glob": [ @@ -1618,267 +1444,14 @@ ], "license_file": null }, - "cxx 1.0.94": { - "name": "cxx", - "version": "1.0.94", - "package_url": "https://github.com/dtolnay/cxx", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/cxx/1.0.94/download", - "sha256": "f61f1b6389c3fe1c316bf8a4dccc90a38208354b330925bce1f74a6c4756eb93" - } - }, - "targets": [ - { - "Library": { - "crate_name": "cxx", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "cxx", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "cxx 1.0.94", - "target": "build_script_build" - }, - { - "id": "link-cplusplus 1.0.8", - "target": "link_cplusplus" - } - ], - "selects": {} - }, - "edition": "2018", - "proc_macro_deps": { - "common": [ - { - "id": "cxxbridge-macro 1.0.94", - "target": "cxxbridge_macro" - } - ], - "selects": {} - }, - "version": "1.0.94" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "cc 1.0.98", - "target": "cc" - }, - { - "id": "cxxbridge-flags 1.0.94", - "target": "cxxbridge_flags" - } - ], - "selects": {} - }, - "link_deps": { - "common": [ - { - "id": "link-cplusplus 1.0.8", - "target": "link_cplusplus" - } - ], - "selects": {} - }, - "links": "cxxbridge1" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "cxx-build 1.0.94": { - "name": "cxx-build", - "version": "1.0.94", - "package_url": "https://github.com/dtolnay/cxx", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/cxx-build/1.0.94/download", - "sha256": "12cee708e8962df2aeb38f594aae5d827c022b6460ac71a7a3e2c3c2aae5a07b" - } - }, - "targets": [ - { - "Library": { - "crate_name": "cxx_build", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "cxx_build", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "cc 1.0.98", - "target": "cc" - }, - { - "id": "codespan-reporting 0.11.1", - "target": "codespan_reporting" - }, - { - "id": "once_cell 1.17.1", - "target": "once_cell" - }, - { - "id": "proc-macro2 1.0.56", - "target": "proc_macro2" - }, - { - "id": "quote 1.0.26", - "target": "quote" - }, - { - "id": "scratch 1.0.5", - "target": "scratch" - }, - { - "id": "syn 2.0.13", - "target": "syn" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "1.0.94" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "cxxbridge-flags 1.0.94": { - "name": "cxxbridge-flags", - "version": "1.0.94", - "package_url": "https://github.com/dtolnay/cxx", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/cxxbridge-flags/1.0.94/download", - "sha256": "7944172ae7e4068c533afbb984114a56c46e9ccddda550499caa222902c7f7bb" - } - }, - "targets": [ - { - "Library": { - "crate_name": "cxxbridge_flags", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "cxxbridge_flags", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "edition": "2018", - "version": "1.0.94" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "cxxbridge-macro 1.0.94": { - "name": "cxxbridge-macro", - "version": "1.0.94", - "package_url": "https://github.com/dtolnay/cxx", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/cxxbridge-macro/1.0.94/download", - "sha256": "2345488264226bf682893e25de0769f3360aac9957980ec49361b083ddaa5bc5" - } - }, - "targets": [ - { - "ProcMacro": { - "crate_name": "cxxbridge_macro", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "cxxbridge_macro", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "proc-macro2 1.0.56", - "target": "proc_macro2" - }, - { - "id": "quote 1.0.26", - "target": "quote" - }, - { - "id": "syn 2.0.13", - "target": "syn" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "1.0.94" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "either 1.8.1": { + "either 1.12.0": { "name": "either", - "version": "1.8.1", - "package_url": "https://github.com/bluss/either", + "version": "1.12.0", + "package_url": "https://github.com/rayon-rs/either", "repository": { "Http": { - "url": "https://static.crates.io/crates/either/1.8.1/download", - "sha256": "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" + "url": "https://static.crates.io/crates/either/1.12.0/download", + "sha256": "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" } }, "targets": [ @@ -1898,7 +1471,7 @@ "**" ], "edition": "2018", - "version": "1.8.1" + "version": "1.12.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2222,156 +1795,14 @@ ], "license_file": null }, - "errno 0.3.0": { - "name": "errno", - "version": "0.3.0", - "package_url": "https://github.com/lambda-fairy/rust-errno", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/errno/0.3.0/download", - "sha256": "50d6a0976c999d473fe89ad888d5a284e55366d9dc9038b1ba2aa15128c4afa0" - } - }, - "targets": [ - { - "Library": { - "crate_name": "errno", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "errno", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [], - "selects": { - "cfg(target_os = \"dragonfly\")": [ - { - "id": "errno-dragonfly 0.1.2", - "target": "errno_dragonfly" - } - ], - "cfg(target_os = \"hermit\")": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "cfg(target_os = \"wasi\")": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "cfg(unix)": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "cfg(windows)": [ - { - "id": "windows-sys 0.45.0", - "target": "windows_sys" - } - ] - } - }, - "edition": "2018", - "version": "0.3.0" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "errno-dragonfly 0.1.2": { - "name": "errno-dragonfly", - "version": "0.1.2", - "package_url": "https://github.com/mneumann/errno-dragonfly-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/errno-dragonfly/0.1.2/download", - "sha256": "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" - } - }, - "targets": [ - { - "Library": { - "crate_name": "errno_dragonfly", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "errno_dragonfly", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "errno-dragonfly 0.1.2", - "target": "build_script_build" - }, - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.1.2" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "cc 1.0.98", - "target": "cc" - } - ], - "selects": {} - } - }, - "license": "MIT", - "license_ids": [ - "MIT" - ], - "license_file": null - }, - "flate2 1.0.25": { + "flate2 1.0.30": { "name": "flate2", - "version": "1.0.25", + "version": "1.0.30", "package_url": "https://github.com/rust-lang/flate2-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/flate2/1.0.25/download", - "sha256": "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841" + "url": "https://static.crates.io/crates/flate2/1.0.30/download", + "sha256": "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" } }, "targets": [ @@ -2392,6 +1823,7 @@ ], "crate_features": { "common": [ + "any_impl", "default", "miniz_oxide", "rust_backend" @@ -2401,18 +1833,18 @@ "deps": { "common": [ { - "id": "crc32fast 1.3.2", + "id": "crc32fast 1.4.2", "target": "crc32fast" }, { - "id": "miniz_oxide 0.6.2", + "id": "miniz_oxide 0.7.3", "target": "miniz_oxide" } ], "selects": {} }, "edition": "2018", - "version": "1.0.25" + "version": "1.0.30" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2457,15 +1889,15 @@ "deps": { "common": [ { - "id": "aho-corasick 1.1.2", + "id": "aho-corasick 1.1.3", "target": "aho_corasick" }, { - "id": "bstr 1.9.0", + "id": "bstr 1.9.1", "target": "bstr" }, { - "id": "log 0.4.20", + "id": "log 0.4.21", "target": "log" }, { @@ -2473,7 +1905,7 @@ "target": "regex_automata" }, { - "id": "regex-syntax 0.8.2", + "id": "regex-syntax 0.8.3", "target": "regex_syntax" } ], @@ -2489,14 +1921,14 @@ ], "license_file": null }, - "heck 0.4.1": { + "heck 0.5.0": { "name": "heck", - "version": "0.4.1", + "version": "0.5.0", "package_url": "https://github.com/withoutboats/heck", "repository": { "Http": { - "url": "https://static.crates.io/crates/heck/0.4.1/download", - "sha256": "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" + "url": "https://static.crates.io/crates/heck/0.5.0/download", + "sha256": "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" } }, "targets": [ @@ -2515,14 +1947,8 @@ "compile_data_glob": [ "**" ], - "crate_features": { - "common": [ - "default" - ], - "selects": {} - }, - "edition": "2018", - "version": "0.4.1" + "edition": "2021", + "version": "0.5.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2531,59 +1957,14 @@ ], "license_file": null }, - "hermit-abi 0.2.6": { + "hermit-abi 0.3.9": { "name": "hermit-abi", - "version": "0.2.6", - "package_url": "https://github.com/hermitcore/rusty-hermit", + "version": "0.3.9", + "package_url": "https://github.com/hermit-os/hermit-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/hermit-abi/0.2.6/download", - "sha256": "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7" - } - }, - "targets": [ - { - "Library": { - "crate_name": "hermit_abi", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "hermit_abi", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "selects": {} - }, - "edition": "2021", - "version": "0.2.6" - }, - "license": "MIT/Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "hermit-abi 0.3.1": { - "name": "hermit-abi", - "version": "0.3.1", - "package_url": "https://github.com/hermitcore/rusty-hermit", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/hermit-abi/0.3.1/download", - "sha256": "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286" + "url": "https://static.crates.io/crates/hermit-abi/0.3.9/download", + "sha256": "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" } }, "targets": [ @@ -2603,7 +1984,7 @@ "**" ], "edition": "2021", - "version": "0.3.1" + "version": "0.3.9" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2612,14 +1993,14 @@ ], "license_file": null }, - "iana-time-zone 0.1.56": { + "iana-time-zone 0.1.60": { "name": "iana-time-zone", - "version": "0.1.56", + "version": "0.1.60", "package_url": "https://github.com/strawlab/iana-time-zone", "repository": { "Http": { - "url": "https://static.crates.io/crates/iana-time-zone/0.1.56/download", - "sha256": "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c" + "url": "https://static.crates.io/crates/iana-time-zone/0.1.60/download", + "sha256": "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" } }, "targets": [ @@ -2649,17 +2030,17 @@ "selects": { "cfg(any(target_os = \"macos\", target_os = \"ios\"))": [ { - "id": "core-foundation-sys 0.8.4", + "id": "core-foundation-sys 0.8.6", "target": "core_foundation_sys" } ], "cfg(target_arch = \"wasm32\")": [ { - "id": "js-sys 0.3.61", + "id": "js-sys 0.3.69", "target": "js_sys" }, { - "id": "wasm-bindgen 0.2.84", + "id": "wasm-bindgen 0.2.92", "target": "wasm_bindgen" } ], @@ -2671,20 +2052,20 @@ ], "cfg(target_os = \"haiku\")": [ { - "id": "iana-time-zone-haiku 0.1.1", + "id": "iana-time-zone-haiku 0.1.2", "target": "iana_time_zone_haiku" } ], "cfg(target_os = \"windows\")": [ { - "id": "windows 0.48.0", - "target": "windows" + "id": "windows-core 0.52.0", + "target": "windows_core" } ] } }, "edition": "2018", - "version": "0.1.56" + "version": "0.1.60" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2693,14 +2074,14 @@ ], "license_file": null }, - "iana-time-zone-haiku 0.1.1": { + "iana-time-zone-haiku 0.1.2": { "name": "iana-time-zone-haiku", - "version": "0.1.1", + "version": "0.1.2", "package_url": "https://github.com/strawlab/iana-time-zone", "repository": { "Http": { - "url": "https://static.crates.io/crates/iana-time-zone-haiku/0.1.1/download", - "sha256": "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca" + "url": "https://static.crates.io/crates/iana-time-zone-haiku/0.1.2/download", + "sha256": "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" } }, "targets": [ @@ -2731,18 +2112,14 @@ "deps": { "common": [ { - "id": "cxx 1.0.94", - "target": "cxx" - }, - { - "id": "iana-time-zone-haiku 0.1.1", + "id": "iana-time-zone-haiku 0.1.2", "target": "build_script_build" } ], "selects": {} }, "edition": "2018", - "version": "0.1.1" + "version": "0.1.2" }, "build_script_attrs": { "data_glob": [ @@ -2751,17 +2128,8 @@ "deps": { "common": [ { - "id": "cxx-build 1.0.94", - "target": "cxx_build" - } - ], - "selects": {} - }, - "link_deps": { - "common": [ - { - "id": "cxx 1.0.94", - "target": "cxx" + "id": "cc 1.0.98", + "target": "cc" } ], "selects": {} @@ -2774,165 +2142,56 @@ ], "license_file": null }, - "io-lifetimes 1.0.10": { - "name": "io-lifetimes", - "version": "1.0.10", - "package_url": "https://github.com/sunfishcode/io-lifetimes", + "is_terminal_polyfill 1.70.0": { + "name": "is_terminal_polyfill", + "version": "1.70.0", + "package_url": "https://github.com/polyfill-rs/is_terminal_polyfill", "repository": { "Http": { - "url": "https://static.crates.io/crates/io-lifetimes/1.0.10/download", - "sha256": "9c66c74d2ae7e79a5a8f7ac924adbe38ee42a859c6539ad869eb51f0b52dc220" + "url": "https://static.crates.io/crates/is_terminal_polyfill/1.70.0/download", + "sha256": "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" } }, "targets": [ { "Library": { - "crate_name": "io_lifetimes", + "crate_name": "is_terminal_polyfill", "crate_root": "src/lib.rs", "srcs": [ "**/*.rs" ] } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } } ], - "library_target_name": "io_lifetimes", + "library_target_name": "is_terminal_polyfill", "common_attrs": { "compile_data_glob": [ "**" ], "crate_features": { "common": [ - "close", - "default", - "hermit-abi", - "libc", - "windows-sys" + "default" ], "selects": {} }, - "deps": { - "common": [ - { - "id": "io-lifetimes 1.0.10", - "target": "build_script_build" - } - ], - "selects": { - "cfg(not(windows))": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "cfg(target_os = \"hermit\")": [ - { - "id": "hermit-abi 0.3.1", - "target": "hermit_abi" - } - ], - "cfg(windows)": [ - { - "id": "windows-sys 0.48.0", - "target": "windows_sys" - } - ] - } - }, - "edition": "2018", - "version": "1.0.10" + "edition": "2021", + "version": "1.70.0" }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "is-terminal 0.4.6": { - "name": "is-terminal", - "version": "0.4.6", - "package_url": "https://github.com/sunfishcode/is-terminal", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/is-terminal/0.4.6/download", - "sha256": "256017f749ab3117e93acb91063009e1f1bb56d03965b14c2c8df4eb02c524d8" - } - }, - "targets": [ - { - "Library": { - "crate_name": "is_terminal", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "is_terminal", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "io-lifetimes 1.0.10", - "target": "io_lifetimes" - } - ], - "selects": { - "cfg(not(any(windows, target_os = \"hermit\", target_os = \"unknown\")))": [ - { - "id": "rustix 0.37.7", - "target": "rustix" - } - ], - "cfg(target_os = \"hermit\")": [ - { - "id": "hermit-abi 0.3.1", - "target": "hermit_abi" - } - ], - "cfg(windows)": [ - { - "id": "windows-sys 0.45.0", - "target": "windows_sys" - } - ] - } - }, - "edition": "2018", - "version": "0.4.6" - }, - "license": "MIT", - "license_ids": [ - "MIT" - ], - "license_file": null - }, - "itoa 1.0.6": { + "itoa 1.0.11": { "name": "itoa", - "version": "1.0.6", + "version": "1.0.11", "package_url": "https://github.com/dtolnay/itoa", "repository": { "Http": { - "url": "https://static.crates.io/crates/itoa/1.0.6/download", - "sha256": "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" + "url": "https://static.crates.io/crates/itoa/1.0.11/download", + "sha256": "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" } }, "targets": [ @@ -2952,7 +2211,7 @@ "**" ], "edition": "2018", - "version": "1.0.6" + "version": "1.0.11" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -2961,14 +2220,14 @@ ], "license_file": null }, - "js-sys 0.3.61": { + "js-sys 0.3.69": { "name": "js-sys", - "version": "0.3.61", + "version": "0.3.69", "package_url": "https://github.com/rustwasm/wasm-bindgen/tree/master/crates/js-sys", "repository": { "Http": { - "url": "https://static.crates.io/crates/js-sys/0.3.61/download", - "sha256": "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" + "url": "https://static.crates.io/crates/js-sys/0.3.69/download", + "sha256": "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" } }, "targets": [ @@ -2990,16 +2249,16 @@ "deps": { "common": [ { - "id": "wasm-bindgen 0.2.84", + "id": "wasm-bindgen 0.2.92", "target": "wasm_bindgen" } ], "selects": {} }, "edition": "2018", - "version": "0.3.61" + "version": "0.3.69" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" @@ -3042,14 +2301,14 @@ ], "license_file": null }, - "libc 0.2.141": { + "libc 0.2.155": { "name": "libc", - "version": "0.2.141", + "version": "0.2.155", "package_url": "https://github.com/rust-lang/libc", "repository": { "Http": { - "url": "https://static.crates.io/crates/libc/0.2.141/download", - "sha256": "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5" + "url": "https://static.crates.io/crates/libc/0.2.155/download", + "sha256": "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" } }, "targets": [ @@ -3082,110 +2341,19 @@ "default", "std" ], - "selects": { - "aarch64-apple-darwin": [ - "extra_traits" - ], - "aarch64-apple-ios": [ - "extra_traits" - ], - "aarch64-apple-ios-sim": [ - "extra_traits" - ], - "aarch64-fuchsia": [ - "extra_traits" - ], - "aarch64-linux-android": [ - "extra_traits" - ], - "aarch64-unknown-linux-gnu": [ - "extra_traits" - ], - "aarch64-unknown-nixos-gnu": [ - "extra_traits" - ], - "aarch64-unknown-nto-qnx710": [ - "extra_traits" - ], - "arm-unknown-linux-gnueabi": [ - "extra_traits" - ], - "armv7-linux-androideabi": [ - "extra_traits" - ], - "armv7-unknown-linux-gnueabi": [ - "extra_traits" - ], - "i686-apple-darwin": [ - "extra_traits" - ], - "i686-linux-android": [ - "extra_traits" - ], - "i686-unknown-freebsd": [ - "extra_traits" - ], - "i686-unknown-linux-gnu": [ - "extra_traits" - ], - "powerpc-unknown-linux-gnu": [ - "extra_traits" - ], - "riscv32imc-unknown-none-elf": [ - "extra_traits" - ], - "riscv64gc-unknown-none-elf": [ - "extra_traits" - ], - "s390x-unknown-linux-gnu": [ - "extra_traits" - ], - "thumbv7em-none-eabi": [ - "extra_traits" - ], - "thumbv8m.main-none-eabi": [ - "extra_traits" - ], - "wasm32-wasi": [ - "extra_traits" - ], - "x86_64-apple-darwin": [ - "extra_traits" - ], - "x86_64-apple-ios": [ - "extra_traits" - ], - "x86_64-fuchsia": [ - "extra_traits" - ], - "x86_64-linux-android": [ - "extra_traits" - ], - "x86_64-unknown-freebsd": [ - "extra_traits" - ], - "x86_64-unknown-linux-gnu": [ - "extra_traits" - ], - "x86_64-unknown-nixos-gnu": [ - "extra_traits" - ], - "x86_64-unknown-none": [ - "extra_traits" - ] - } + "selects": {} }, "deps": { "common": [ { - "id": "libc 0.2.141", + "id": "libc 0.2.155", "target": "build_script_build" } ], "selects": {} }, "edition": "2015", - "version": "0.2.141" + "version": "0.2.155" }, "build_script_attrs": { "data_glob": [ @@ -3199,155 +2367,14 @@ ], "license_file": null }, - "link-cplusplus 1.0.8": { - "name": "link-cplusplus", - "version": "1.0.8", - "package_url": "https://github.com/dtolnay/link-cplusplus", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/link-cplusplus/1.0.8/download", - "sha256": "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5" - } - }, - "targets": [ - { - "Library": { - "crate_name": "link_cplusplus", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "link_cplusplus", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "link-cplusplus 1.0.8", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "1.0.8" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "cc 1.0.98", - "target": "cc" - } - ], - "selects": {} - }, - "links": "cplusplus" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "linux-raw-sys 0.3.1": { - "name": "linux-raw-sys", - "version": "0.3.1", - "package_url": "https://github.com/sunfishcode/linux-raw-sys", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/linux-raw-sys/0.3.1/download", - "sha256": "d59d8c75012853d2e872fb56bc8a2e53718e2cafe1a4c823143141c6d90c322f" - } - }, - "targets": [ - { - "Library": { - "crate_name": "linux_raw_sys", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "linux_raw_sys", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "general", - "no_std" - ], - "selects": { - "aarch64-unknown-linux-gnu": [ - "errno", - "ioctl" - ], - "aarch64-unknown-nixos-gnu": [ - "errno", - "ioctl" - ], - "arm-unknown-linux-gnueabi": [ - "errno", - "ioctl" - ], - "armv7-unknown-linux-gnueabi": [ - "errno", - "ioctl" - ], - "i686-unknown-linux-gnu": [ - "errno", - "ioctl" - ], - "x86_64-unknown-linux-gnu": [ - "errno", - "ioctl" - ], - "x86_64-unknown-nixos-gnu": [ - "errno", - "ioctl" - ] - } - }, - "edition": "2018", - "version": "0.3.1" - }, - "license": "Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "log 0.4.20": { + "log 0.4.21": { "name": "log", - "version": "0.4.20", + "version": "0.4.21", "package_url": "https://github.com/rust-lang/log", "repository": { "Http": { - "url": "https://static.crates.io/crates/log/0.4.20/download", - "sha256": "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + "url": "https://static.crates.io/crates/log/0.4.21/download", + "sha256": "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" } }, "targets": [ @@ -3372,8 +2399,8 @@ ], "selects": {} }, - "edition": "2015", - "version": "0.4.20" + "edition": "2021", + "version": "0.4.21" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -3426,14 +2453,14 @@ ], "license_file": null }, - "memchr 2.7.1": { + "memchr 2.7.2": { "name": "memchr", - "version": "2.7.1", + "version": "2.7.2", "package_url": "https://github.com/BurntSushi/memchr", "repository": { "Http": { - "url": "https://static.crates.io/crates/memchr/2.7.1/download", - "sha256": "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" + "url": "https://static.crates.io/crates/memchr/2.7.2/download", + "sha256": "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" } }, "targets": [ @@ -3460,7 +2487,7 @@ "selects": {} }, "edition": "2021", - "version": "2.7.1" + "version": "2.7.2" }, "license": "Unlicense OR MIT", "license_ids": [ @@ -3469,87 +2496,14 @@ ], "license_file": null }, - "memoffset 0.8.0": { - "name": "memoffset", - "version": "0.8.0", - "package_url": "https://github.com/Gilnaa/memoffset", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/memoffset/0.8.0/download", - "sha256": "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" - } - }, - "targets": [ - { - "Library": { - "crate_name": "memoffset", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "memoffset", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "default" - ], - "selects": {} - }, - "deps": { - "common": [ - { - "id": "memoffset 0.8.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2015", - "version": "0.8.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "autocfg 1.1.0", - "target": "autocfg" - } - ], - "selects": {} - } - }, - "license": "MIT", - "license_ids": [ - "MIT" - ], - "license_file": null - }, - "miniz_oxide 0.6.2": { + "miniz_oxide 0.7.3": { "name": "miniz_oxide", - "version": "0.6.2", + "version": "0.7.3", "package_url": "https://github.com/Frommi/miniz_oxide/tree/master/miniz_oxide", "repository": { "Http": { - "url": "https://static.crates.io/crates/miniz_oxide/0.6.2/download", - "sha256": "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa" + "url": "https://static.crates.io/crates/miniz_oxide/0.7.3/download", + "sha256": "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae" } }, "targets": [ @@ -3584,7 +2538,7 @@ "selects": {} }, "edition": "2018", - "version": "0.6.2" + "version": "0.7.3" }, "license": "MIT OR Zlib OR Apache-2.0", "license_ids": [ @@ -3645,86 +2599,14 @@ ], "license_file": null }, - "num-integer 0.1.45": { - "name": "num-integer", - "version": "0.1.45", - "package_url": "https://github.com/rust-num/num-integer", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/num-integer/0.1.45/download", - "sha256": "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" - } - }, - "targets": [ - { - "Library": { - "crate_name": "num_integer", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "num_integer", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "num-integer 0.1.45", - "target": "build_script_build" - }, - { - "id": "num-traits 0.2.15", - "target": "num_traits" - } - ], - "selects": {} - }, - "edition": "2015", - "version": "0.1.45" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "autocfg 1.1.0", - "target": "autocfg" - } - ], - "selects": {} - } - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "num-traits 0.2.15": { + "num-traits 0.2.19": { "name": "num-traits", - "version": "0.2.15", + "version": "0.2.19", "package_url": "https://github.com/rust-num/num-traits", "repository": { "Http": { - "url": "https://static.crates.io/crates/num-traits/0.2.15/download", - "sha256": "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" + "url": "https://static.crates.io/crates/num-traits/0.2.19/download", + "sha256": "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" } }, "targets": [ @@ -3755,14 +2637,14 @@ "deps": { "common": [ { - "id": "num-traits 0.2.15", + "id": "num-traits 0.2.19", "target": "build_script_build" } ], "selects": {} }, - "edition": "2015", - "version": "0.2.15" + "edition": "2021", + "version": "0.2.19" }, "build_script_attrs": { "data_glob": [ @@ -3771,7 +2653,7 @@ "deps": { "common": [ { - "id": "autocfg 1.1.0", + "id": "autocfg 1.3.0", "target": "autocfg" } ], @@ -3785,14 +2667,14 @@ ], "license_file": null }, - "num_cpus 1.15.0": { + "num_cpus 1.16.0": { "name": "num_cpus", - "version": "1.15.0", + "version": "1.16.0", "package_url": "https://github.com/seanmonstar/num_cpus", "repository": { "Http": { - "url": "https://static.crates.io/crates/num_cpus/1.15.0/download", - "sha256": "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b" + "url": "https://static.crates.io/crates/num_cpus/1.16.0/download", + "sha256": "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" } }, "targets": [ @@ -3814,22 +2696,22 @@ "deps": { "common": [], "selects": { - "cfg(all(any(target_arch = \"x86_64\", target_arch = \"aarch64\"), target_os = \"hermit\"))": [ - { - "id": "hermit-abi 0.2.6", - "target": "hermit_abi" - } - ], "cfg(not(windows))": [ { - "id": "libc 0.2.141", + "id": "libc 0.2.155", "target": "libc" } + ], + "cfg(target_os = \"hermit\")": [ + { + "id": "hermit-abi 0.3.9", + "target": "hermit_abi" + } ] } }, "edition": "2015", - "version": "1.15.0" + "version": "1.16.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -3838,14 +2720,14 @@ ], "license_file": null }, - "once_cell 1.17.1": { + "once_cell 1.19.0": { "name": "once_cell", - "version": "1.17.1", + "version": "1.19.0", "package_url": "https://github.com/matklad/once_cell", "repository": { "Http": { - "url": "https://static.crates.io/crates/once_cell/1.17.1/download", - "sha256": "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" + "url": "https://static.crates.io/crates/once_cell/1.19.0/download", + "sha256": "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" } }, "targets": [ @@ -3874,7 +2756,7 @@ "selects": {} }, "edition": "2021", - "version": "1.17.1" + "version": "1.19.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -3918,14 +2800,14 @@ ], "license_file": null }, - "pin-project-lite 0.2.9": { + "pin-project-lite 0.2.14": { "name": "pin-project-lite", - "version": "0.2.9", + "version": "0.2.14", "package_url": "https://github.com/taiki-e/pin-project-lite", "repository": { "Http": { - "url": "https://static.crates.io/crates/pin-project-lite/0.2.9/download", - "sha256": "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" + "url": "https://static.crates.io/crates/pin-project-lite/0.2.14/download", + "sha256": "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" } }, "targets": [ @@ -3945,7 +2827,7 @@ "**" ], "edition": "2018", - "version": "0.2.9" + "version": "0.2.14" }, "license": "Apache-2.0 OR MIT", "license_ids": [ @@ -3954,14 +2836,14 @@ ], "license_file": null }, - "proc-macro2 1.0.56": { + "proc-macro2 1.0.83": { "name": "proc-macro2", - "version": "1.0.56", + "version": "1.0.83", "package_url": "https://github.com/dtolnay/proc-macro2", "repository": { "Http": { - "url": "https://static.crates.io/crates/proc-macro2/1.0.56/download", - "sha256": "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435" + "url": "https://static.crates.io/crates/proc-macro2/1.0.83/download", + "sha256": "0b33eb56c327dec362a9e55b3ad14f9d2f0904fb5a5b03b513ab5465399e9f43" } }, "targets": [ @@ -3999,18 +2881,18 @@ "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "build_script_build" }, { - "id": "unicode-ident 1.0.8", + "id": "unicode-ident 1.0.12", "target": "unicode_ident" } ], "selects": {} }, - "edition": "2018", - "version": "1.0.56" + "edition": "2021", + "version": "1.0.83" }, "build_script_attrs": { "data_glob": [ @@ -4024,14 +2906,14 @@ ], "license_file": null }, - "quote 1.0.26": { + "quote 1.0.36": { "name": "quote", - "version": "1.0.26", + "version": "1.0.36", "package_url": "https://github.com/dtolnay/quote", "repository": { "Http": { - "url": "https://static.crates.io/crates/quote/1.0.26/download", - "sha256": "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" + "url": "https://static.crates.io/crates/quote/1.0.36/download", + "sha256": "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" } }, "targets": [ @@ -4043,15 +2925,6 @@ "**/*.rs" ] } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } } ], "library_target_name": "quote", @@ -4069,23 +2942,14 @@ "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" - }, - { - "id": "quote 1.0.26", - "target": "build_script_build" } ], "selects": {} }, "edition": "2018", - "version": "1.0.26" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] + "version": "1.0.36" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -4094,14 +2958,14 @@ ], "license_file": null }, - "rayon 1.7.0": { + "rayon 1.10.0": { "name": "rayon", - "version": "1.7.0", + "version": "1.10.0", "package_url": "https://github.com/rayon-rs/rayon", "repository": { "Http": { - "url": "https://static.crates.io/crates/rayon/1.7.0/download", - "sha256": "1d2df5196e37bcc87abebc0053e20787d73847bb33134a69841207dd0a47f03b" + "url": "https://static.crates.io/crates/rayon/1.10.0/download", + "sha256": "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" } }, "targets": [ @@ -4123,18 +2987,18 @@ "deps": { "common": [ { - "id": "either 1.8.1", + "id": "either 1.12.0", "target": "either" }, { - "id": "rayon-core 1.11.0", + "id": "rayon-core 1.12.1", "target": "rayon_core" } ], "selects": {} }, "edition": "2021", - "version": "1.7.0" + "version": "1.10.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -4143,14 +3007,14 @@ ], "license_file": null }, - "rayon-core 1.11.0": { + "rayon-core 1.12.1": { "name": "rayon-core", - "version": "1.11.0", + "version": "1.12.1", "package_url": "https://github.com/rayon-rs/rayon", "repository": { "Http": { - "url": "https://static.crates.io/crates/rayon-core/1.11.0/download", - "sha256": "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d" + "url": "https://static.crates.io/crates/rayon-core/1.12.1/download", + "sha256": "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" } }, "targets": [ @@ -4181,30 +3045,22 @@ "deps": { "common": [ { - "id": "crossbeam-channel 0.5.7", - "target": "crossbeam_channel" - }, - { - "id": "crossbeam-deque 0.8.3", + "id": "crossbeam-deque 0.8.5", "target": "crossbeam_deque" }, { - "id": "crossbeam-utils 0.8.15", + "id": "crossbeam-utils 0.8.20", "target": "crossbeam_utils" }, { - "id": "num_cpus 1.15.0", - "target": "num_cpus" - }, - { - "id": "rayon-core 1.11.0", + "id": "rayon-core 1.12.1", "target": "build_script_build" } ], "selects": {} }, "edition": "2021", - "version": "1.11.0" + "version": "1.12.1" }, "build_script_attrs": { "data_glob": [ @@ -4270,11 +3126,11 @@ "deps": { "common": [ { - "id": "aho-corasick 1.1.2", + "id": "aho-corasick 1.1.3", "target": "aho_corasick" }, { - "id": "memchr 2.7.1", + "id": "memchr 2.7.2", "target": "memchr" }, { @@ -4282,7 +3138,7 @@ "target": "regex_automata" }, { - "id": "regex-syntax 0.8.2", + "id": "regex-syntax 0.8.3", "target": "regex_syntax" } ], @@ -4409,15 +3265,15 @@ "deps": { "common": [ { - "id": "aho-corasick 1.1.2", + "id": "aho-corasick 1.1.3", "target": "aho_corasick" }, { - "id": "memchr 2.7.1", + "id": "memchr 2.7.2", "target": "memchr" }, { - "id": "regex-syntax 0.8.2", + "id": "regex-syntax 0.8.3", "target": "regex_syntax" } ], @@ -4483,14 +3339,14 @@ ], "license_file": null }, - "regex-syntax 0.8.2": { + "regex-syntax 0.8.3": { "name": "regex-syntax", - "version": "0.8.2", + "version": "0.8.3", "package_url": "https://github.com/rust-lang/regex/tree/master/regex-syntax", "repository": { "Http": { - "url": "https://static.crates.io/crates/regex-syntax/0.8.2/download", - "sha256": "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" + "url": "https://static.crates.io/crates/regex-syntax/0.8.3/download", + "sha256": "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" } }, "targets": [ @@ -4525,7 +3381,7 @@ "selects": {} }, "edition": "2021", - "version": "0.8.2" + "version": "0.8.3" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -4534,126 +3390,14 @@ ], "license_file": null }, - "rustix 0.37.7": { - "name": "rustix", - "version": "0.37.7", - "package_url": "https://github.com/bytecodealliance/rustix", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/rustix/0.37.7/download", - "sha256": "2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d" - } - }, - "targets": [ - { - "Library": { - "crate_name": "rustix", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "rustix", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "default", - "io-lifetimes", - "libc", - "std", - "termios", - "use-libc-auxv" - ], - "selects": {} - }, - "deps": { - "common": [ - { - "id": "bitflags 1.3.2", - "target": "bitflags" - }, - { - "id": "io-lifetimes 1.0.10", - "target": "io_lifetimes" - }, - { - "id": "rustix 0.37.7", - "target": "build_script_build" - } - ], - "selects": { - "cfg(all(any(target_os = \"android\", target_os = \"linux\"), any(rustix_use_libc, miri, not(all(target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\"))))))))": [ - { - "id": "linux-raw-sys 0.3.1", - "target": "linux_raw_sys" - } - ], - "cfg(all(not(rustix_use_libc), not(miri), target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\")))))": [ - { - "id": "libc 0.2.141", - "target": "libc" - }, - { - "id": "linux-raw-sys 0.3.1", - "target": "linux_raw_sys" - } - ], - "cfg(any(rustix_use_libc, miri, not(all(target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\")))))))": [ - { - "id": "errno 0.3.0", - "target": "errno", - "alias": "libc_errno" - }, - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "cfg(windows)": [ - { - "id": "windows-sys 0.45.0", - "target": "windows_sys" - } - ] - } - }, - "edition": "2018", - "version": "0.37.7" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "ryu 1.0.13": { + "ryu 1.0.18": { "name": "ryu", - "version": "1.0.13", + "version": "1.0.18", "package_url": "https://github.com/dtolnay/ryu", "repository": { "Http": { - "url": "https://static.crates.io/crates/ryu/1.0.13/download", - "sha256": "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" + "url": "https://static.crates.io/crates/ryu/1.0.18/download", + "sha256": "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" } }, "targets": [ @@ -4673,7 +3417,7 @@ "**" ], "edition": "2018", - "version": "1.0.13" + "version": "1.0.18" }, "license": "Apache-2.0 OR BSL-1.0", "license_ids": [ @@ -4682,109 +3426,14 @@ ], "license_file": null }, - "scopeguard 1.1.0": { - "name": "scopeguard", - "version": "1.1.0", - "package_url": "https://github.com/bluss/scopeguard", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/scopeguard/1.1.0/download", - "sha256": "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" - } - }, - "targets": [ - { - "Library": { - "crate_name": "scopeguard", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "scopeguard", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "edition": "2015", - "version": "1.1.0" - }, - "license": "MIT/Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "scratch 1.0.5": { - "name": "scratch", - "version": "1.0.5", - "package_url": "https://github.com/dtolnay/scratch", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/scratch/1.0.5/download", - "sha256": "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1" - } - }, - "targets": [ - { - "Library": { - "crate_name": "scratch", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "scratch", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "scratch 1.0.5", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2015", - "version": "1.0.5" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "serde 1.0.159": { + "serde 1.0.202": { "name": "serde", - "version": "1.0.159", + "version": "1.0.202", "package_url": "https://github.com/serde-rs/serde", "repository": { "Http": { - "url": "https://static.crates.io/crates/serde/1.0.159/download", - "sha256": "3c04e8343c3daeec41f58990b9d77068df31209f2af111e059e9fe9646693065" + "url": "https://static.crates.io/crates/serde/1.0.202/download", + "sha256": "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" } }, "targets": [ @@ -4824,23 +3473,23 @@ "deps": { "common": [ { - "id": "serde 1.0.159", + "id": "serde 1.0.202", "target": "build_script_build" } ], "selects": {} }, - "edition": "2015", + "edition": "2018", "proc_macro_deps": { "common": [ { - "id": "serde_derive 1.0.159", + "id": "serde_derive 1.0.202", "target": "serde_derive" } ], "selects": {} }, - "version": "1.0.159" + "version": "1.0.202" }, "build_script_attrs": { "data_glob": [ @@ -4854,14 +3503,14 @@ ], "license_file": null }, - "serde_derive 1.0.159": { + "serde_derive 1.0.202": { "name": "serde_derive", - "version": "1.0.159", + "version": "1.0.202", "package_url": "https://github.com/serde-rs/serde", "repository": { "Http": { - "url": "https://static.crates.io/crates/serde_derive/1.0.159/download", - "sha256": "4c614d17805b093df4b147b51339e7e44bf05ef59fba1e45d83500bcfb4d8585" + "url": "https://static.crates.io/crates/serde_derive/1.0.202/download", + "sha256": "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" } }, "targets": [ @@ -4873,15 +3522,6 @@ "**/*.rs" ] } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } } ], "library_target_name": "serde_derive", @@ -4898,31 +3538,22 @@ "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "serde_derive 1.0.159", - "target": "build_script_build" - }, - { - "id": "syn 2.0.13", + "id": "syn 2.0.65", "target": "syn" } ], "selects": {} }, "edition": "2015", - "version": "1.0.159" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] + "version": "1.0.202" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -4931,14 +3562,14 @@ ], "license_file": null }, - "serde_json 1.0.95": { + "serde_json 1.0.117": { "name": "serde_json", - "version": "1.0.95", + "version": "1.0.117", "package_url": "https://github.com/serde-rs/json", "repository": { "Http": { - "url": "https://static.crates.io/crates/serde_json/1.0.95/download", - "sha256": "d721eca97ac802aa7777b701877c8004d950fc142651367300d21c1cc0194744" + "url": "https://static.crates.io/crates/serde_json/1.0.117/download", + "sha256": "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" } }, "targets": [ @@ -4976,26 +3607,26 @@ "deps": { "common": [ { - "id": "itoa 1.0.6", + "id": "itoa 1.0.11", "target": "itoa" }, { - "id": "ryu 1.0.13", + "id": "ryu 1.0.18", "target": "ryu" }, { - "id": "serde 1.0.159", + "id": "serde 1.0.202", "target": "serde" }, { - "id": "serde_json 1.0.95", + "id": "serde_json 1.0.117", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "1.0.95" + "edition": "2021", + "version": "1.0.117" }, "build_script_attrs": { "data_glob": [ @@ -5009,14 +3640,14 @@ ], "license_file": null }, - "sharded-slab 0.1.4": { + "sharded-slab 0.1.7": { "name": "sharded-slab", - "version": "0.1.4", + "version": "0.1.7", "package_url": "https://github.com/hawkw/sharded-slab", "repository": { "Http": { - "url": "https://static.crates.io/crates/sharded-slab/0.1.4/download", - "sha256": "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" + "url": "https://static.crates.io/crates/sharded-slab/0.1.7/download", + "sha256": "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" } }, "targets": [ @@ -5045,7 +3676,7 @@ "selects": {} }, "edition": "2018", - "version": "0.1.4" + "version": "0.1.7" }, "license": "MIT", "license_ids": [ @@ -5053,14 +3684,14 @@ ], "license_file": null }, - "smallvec 1.10.0": { + "smallvec 1.13.2": { "name": "smallvec", - "version": "1.10.0", + "version": "1.13.2", "package_url": "https://github.com/servo/rust-smallvec", "repository": { "Http": { - "url": "https://static.crates.io/crates/smallvec/1.10.0/download", - "sha256": "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" + "url": "https://static.crates.io/crates/smallvec/1.13.2/download", + "sha256": "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" } }, "targets": [ @@ -5080,7 +3711,7 @@ "**" ], "edition": "2018", - "version": "1.10.0" + "version": "1.13.2" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -5089,14 +3720,14 @@ ], "license_file": null }, - "strsim 0.10.0": { + "strsim 0.11.1": { "name": "strsim", - "version": "0.10.0", - "package_url": "https://github.com/dguo/strsim-rs", + "version": "0.11.1", + "package_url": "https://github.com/rapidfuzz/strsim-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/strsim/0.10.0/download", - "sha256": "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" + "url": "https://static.crates.io/crates/strsim/0.11.1/download", + "sha256": "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" } }, "targets": [ @@ -5116,7 +3747,7 @@ "**" ], "edition": "2015", - "version": "0.10.0" + "version": "0.11.1" }, "license": "MIT", "license_ids": [ @@ -5124,104 +3755,14 @@ ], "license_file": null }, - "syn 1.0.109": { + "syn 2.0.65": { "name": "syn", - "version": "1.0.109", + "version": "2.0.65", "package_url": "https://github.com/dtolnay/syn", "repository": { "Http": { - "url": "https://static.crates.io/crates/syn/1.0.109/download", - "sha256": "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" - } - }, - "targets": [ - { - "Library": { - "crate_name": "syn", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "syn", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "clone-impls", - "extra-traits", - "full", - "parsing", - "printing", - "proc-macro", - "quote", - "visit", - "visit-mut" - ], - "selects": { - "wasm32-unknown-unknown": [ - "default", - "derive" - ] - } - }, - "deps": { - "common": [ - { - "id": "proc-macro2 1.0.56", - "target": "proc_macro2" - }, - { - "id": "quote 1.0.26", - "target": "quote" - }, - { - "id": "syn 1.0.109", - "target": "build_script_build" - }, - { - "id": "unicode-ident 1.0.8", - "target": "unicode_ident" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "1.0.109" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "syn 2.0.13": { - "name": "syn", - "version": "2.0.13", - "package_url": "https://github.com/dtolnay/syn", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/syn/2.0.13/download", - "sha256": "4c9da457c5285ac1f936ebd076af6dac17a61cfe7826f2076b4d015cf47bc8ec" + "url": "https://static.crates.io/crates/syn/2.0.65/download", + "sha256": "d2863d96a84c6439701d7a38f9de935ec562c8832cc55d1dde0f513b52fad106" } }, "targets": [ @@ -5245,33 +3786,38 @@ "clone-impls", "default", "derive", + "extra-traits", "full", "parsing", "printing", "proc-macro", - "quote" + "visit-mut" ], - "selects": {} + "selects": { + "wasm32-unknown-unknown": [ + "visit" + ] + } }, "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "unicode-ident 1.0.8", + "id": "unicode-ident 1.0.12", "target": "unicode_ident" } ], "selects": {} }, "edition": "2021", - "version": "2.0.13" + "version": "2.0.65" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -5280,61 +3826,14 @@ ], "license_file": null }, - "termcolor 1.2.0": { - "name": "termcolor", - "version": "1.2.0", - "package_url": "https://github.com/BurntSushi/termcolor", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/termcolor/1.2.0/download", - "sha256": "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" - } - }, - "targets": [ - { - "Library": { - "crate_name": "termcolor", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "termcolor", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [], - "selects": { - "cfg(windows)": [ - { - "id": "winapi-util 0.1.5", - "target": "winapi_util" - } - ] - } - }, - "edition": "2018", - "version": "1.2.0" - }, - "license": "Unlicense OR MIT", - "license_ids": [ - "MIT", - "Unlicense" - ], - "license_file": null - }, - "thread_local 1.1.7": { + "thread_local 1.1.8": { "name": "thread_local", - "version": "1.1.7", + "version": "1.1.8", "package_url": "https://github.com/Amanieu/thread_local-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/thread_local/1.1.7/download", - "sha256": "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" + "url": "https://static.crates.io/crates/thread_local/1.1.8/download", + "sha256": "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" } }, "targets": [ @@ -5360,14 +3859,14 @@ "target": "cfg_if" }, { - "id": "once_cell 1.17.1", + "id": "once_cell 1.19.0", "target": "once_cell" } ], "selects": {} }, "edition": "2021", - "version": "1.1.7" + "version": "1.1.8" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -5376,72 +3875,14 @@ ], "license_file": null }, - "time 0.1.45": { - "name": "time", - "version": "0.1.45", - "package_url": "https://github.com/time-rs/time", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/time/0.1.45/download", - "sha256": "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a" - } - }, - "targets": [ - { - "Library": { - "crate_name": "time", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "time", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "libc 0.2.141", - "target": "libc" - } - ], - "selects": { - "cfg(target_os = \"wasi\")": [ - { - "id": "wasi 0.10.0+wasi-snapshot-preview1", - "target": "wasi" - } - ], - "cfg(windows)": [ - { - "id": "winapi 0.3.9", - "target": "winapi" - } - ] - } - }, - "edition": "2015", - "version": "0.1.45" - }, - "license": "MIT/Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "tracing 0.1.37": { + "tracing 0.1.40": { "name": "tracing", - "version": "0.1.37", + "version": "0.1.40", "package_url": "https://github.com/tokio-rs/tracing", "repository": { "Http": { - "url": "https://static.crates.io/crates/tracing/0.1.37/download", - "sha256": "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" + "url": "https://static.crates.io/crates/tracing/0.1.40/download", + "sha256": "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" } }, "targets": [ @@ -5472,15 +3913,11 @@ "deps": { "common": [ { - "id": "cfg-if 1.0.0", - "target": "cfg_if" - }, - { - "id": "pin-project-lite 0.2.9", + "id": "pin-project-lite 0.2.14", "target": "pin_project_lite" }, { - "id": "tracing-core 0.1.30", + "id": "tracing-core 0.1.32", "target": "tracing_core" } ], @@ -5490,13 +3927,13 @@ "proc_macro_deps": { "common": [ { - "id": "tracing-attributes 0.1.23", + "id": "tracing-attributes 0.1.27", "target": "tracing_attributes" } ], "selects": {} }, - "version": "0.1.37" + "version": "0.1.40" }, "license": "MIT", "license_ids": [ @@ -5504,14 +3941,14 @@ ], "license_file": null }, - "tracing-attributes 0.1.23": { + "tracing-attributes 0.1.27": { "name": "tracing-attributes", - "version": "0.1.23", + "version": "0.1.27", "package_url": "https://github.com/tokio-rs/tracing", "repository": { "Http": { - "url": "https://static.crates.io/crates/tracing-attributes/0.1.23/download", - "sha256": "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" + "url": "https://static.crates.io/crates/tracing-attributes/0.1.27/download", + "sha256": "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" } }, "targets": [ @@ -5533,22 +3970,22 @@ "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "syn 1.0.109", + "id": "syn 2.0.65", "target": "syn" } ], "selects": {} }, "edition": "2018", - "version": "0.1.23" + "version": "0.1.27" }, "license": "MIT", "license_ids": [ @@ -5556,14 +3993,14 @@ ], "license_file": null }, - "tracing-core 0.1.30": { + "tracing-core 0.1.32": { "name": "tracing-core", - "version": "0.1.30", + "version": "0.1.32", "package_url": "https://github.com/tokio-rs/tracing", "repository": { "Http": { - "url": "https://static.crates.io/crates/tracing-core/0.1.30/download", - "sha256": "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" + "url": "https://static.crates.io/crates/tracing-core/0.1.32/download", + "sha256": "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" } }, "targets": [ @@ -5593,7 +4030,7 @@ "deps": { "common": [ { - "id": "once_cell 1.17.1", + "id": "once_cell 1.19.0", "target": "once_cell" } ], @@ -5607,7 +4044,7 @@ } }, "edition": "2018", - "version": "0.1.30" + "version": "0.1.32" }, "license": "MIT", "license_ids": [ @@ -5615,14 +4052,14 @@ ], "license_file": null }, - "tracing-log 0.1.3": { + "tracing-log 0.2.0": { "name": "tracing-log", - "version": "0.1.3", + "version": "0.2.0", "package_url": "https://github.com/tokio-rs/tracing", "repository": { "Http": { - "url": "https://static.crates.io/crates/tracing-log/0.1.3/download", - "sha256": "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922" + "url": "https://static.crates.io/crates/tracing-log/0.2.0/download", + "sha256": "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" } }, "targets": [ @@ -5651,22 +4088,22 @@ "deps": { "common": [ { - "id": "lazy_static 1.4.0", - "target": "lazy_static" - }, - { - "id": "log 0.4.20", + "id": "log 0.4.21", "target": "log" }, { - "id": "tracing-core 0.1.30", + "id": "once_cell 1.19.0", + "target": "once_cell" + }, + { + "id": "tracing-core 0.1.32", "target": "tracing_core" } ], "selects": {} }, "edition": "2018", - "version": "0.1.3" + "version": "0.2.0" }, "license": "MIT", "license_ids": [ @@ -5674,14 +4111,14 @@ ], "license_file": null }, - "tracing-subscriber 0.3.16": { + "tracing-subscriber 0.3.18": { "name": "tracing-subscriber", - "version": "0.3.16", + "version": "0.3.18", "package_url": "https://github.com/tokio-rs/tracing", "repository": { "Http": { - "url": "https://static.crates.io/crates/tracing-subscriber/0.3.16/download", - "sha256": "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70" + "url": "https://static.crates.io/crates/tracing-subscriber/0.3.18/download", + "sha256": "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b" } }, "targets": [ @@ -5732,7 +4169,7 @@ "target": "nu_ansi_term" }, { - "id": "once_cell 1.17.1", + "id": "once_cell 1.19.0", "target": "once_cell" }, { @@ -5740,34 +4177,34 @@ "target": "regex" }, { - "id": "sharded-slab 0.1.4", + "id": "sharded-slab 0.1.7", "target": "sharded_slab" }, { - "id": "smallvec 1.10.0", + "id": "smallvec 1.13.2", "target": "smallvec" }, { - "id": "thread_local 1.1.7", + "id": "thread_local 1.1.8", "target": "thread_local" }, { - "id": "tracing 0.1.37", + "id": "tracing 0.1.40", "target": "tracing" }, { - "id": "tracing-core 0.1.30", + "id": "tracing-core 0.1.32", "target": "tracing_core" }, { - "id": "tracing-log 0.1.3", + "id": "tracing-log 0.2.0", "target": "tracing_log" } ], "selects": {} }, "edition": "2018", - "version": "0.3.16" + "version": "0.3.18" }, "license": "MIT", "license_ids": [ @@ -6014,14 +4451,14 @@ ], "license_file": null }, - "unicode-ident 1.0.8": { + "unicode-ident 1.0.12": { "name": "unicode-ident", - "version": "1.0.8", + "version": "1.0.12", "package_url": "https://github.com/dtolnay/unicode-ident", "repository": { "Http": { - "url": "https://static.crates.io/crates/unicode-ident/1.0.8/download", - "sha256": "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" + "url": "https://static.crates.io/crates/unicode-ident/1.0.12/download", + "sha256": "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" } }, "targets": [ @@ -6041,7 +4478,7 @@ "**" ], "edition": "2018", - "version": "1.0.8" + "version": "1.0.12" }, "license": "(MIT OR Apache-2.0) AND Unicode-DFS-2016", "license_ids": [ @@ -6051,42 +4488,6 @@ ], "license_file": null }, - "unicode-width 0.1.10": { - "name": "unicode-width", - "version": "0.1.10", - "package_url": "https://github.com/unicode-rs/unicode-width", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/unicode-width/0.1.10/download", - "sha256": "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" - } - }, - "targets": [ - { - "Library": { - "crate_name": "unicode_width", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "unicode_width", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "edition": "2015", - "version": "0.1.10" - }, - "license": "MIT/Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, "utf8parse 0.2.1": { "name": "utf8parse", "version": "0.2.1", @@ -6187,57 +4588,14 @@ ], "license_file": null }, - "wasi 0.10.0+wasi-snapshot-preview1": { - "name": "wasi", - "version": "0.10.0+wasi-snapshot-preview1", - "package_url": "https://github.com/bytecodealliance/wasi", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/wasi/0.10.0+wasi-snapshot-preview1/download", - "sha256": "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f" - } - }, - "targets": [ - { - "Library": { - "crate_name": "wasi", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "wasi", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "default", - "std" - ], - "selects": {} - }, - "edition": "2018", - "version": "0.10.0+wasi-snapshot-preview1" - }, - "license": "Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "wasm-bindgen 0.2.84": { + "wasm-bindgen 0.2.92": { "name": "wasm-bindgen", - "version": "0.2.84", + "version": "0.2.92", "package_url": "https://github.com/rustwasm/wasm-bindgen", "repository": { "Http": { - "url": "https://static.crates.io/crates/wasm-bindgen/0.2.84/download", - "sha256": "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" + "url": "https://static.crates.io/crates/wasm-bindgen/0.2.92/download", + "sha256": "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" } }, "targets": [ @@ -6280,7 +4638,7 @@ "target": "cfg_if" }, { - "id": "wasm-bindgen 0.2.84", + "id": "wasm-bindgen 0.2.92", "target": "build_script_build" } ], @@ -6290,34 +4648,34 @@ "proc_macro_deps": { "common": [ { - "id": "wasm-bindgen-macro 0.2.84", + "id": "wasm-bindgen-macro 0.2.92", "target": "wasm_bindgen_macro" } ], "selects": {} }, - "version": "0.2.84" + "version": "0.2.92" }, "build_script_attrs": { "data_glob": [ "**" ] }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "wasm-bindgen-backend 0.2.84": { + "wasm-bindgen-backend 0.2.92": { "name": "wasm-bindgen-backend", - "version": "0.2.84", + "version": "0.2.92", "package_url": "https://github.com/rustwasm/wasm-bindgen/tree/master/crates/backend", "repository": { "Http": { - "url": "https://static.crates.io/crates/wasm-bindgen-backend/0.2.84/download", - "sha256": "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" + "url": "https://static.crates.io/crates/wasm-bindgen-backend/0.2.92/download", + "sha256": "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" } }, "targets": [ @@ -6345,54 +4703,54 @@ "deps": { "common": [ { - "id": "bumpalo 3.12.0", + "id": "bumpalo 3.16.0", "target": "bumpalo" }, { - "id": "log 0.4.20", + "id": "log 0.4.21", "target": "log" }, { - "id": "once_cell 1.17.1", + "id": "once_cell 1.19.0", "target": "once_cell" }, { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "syn 1.0.109", + "id": "syn 2.0.65", "target": "syn" }, { - "id": "wasm-bindgen-shared 0.2.84", + "id": "wasm-bindgen-shared 0.2.92", "target": "wasm_bindgen_shared" } ], "selects": {} }, "edition": "2018", - "version": "0.2.84" + "version": "0.2.92" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "wasm-bindgen-macro 0.2.84": { + "wasm-bindgen-macro 0.2.92": { "name": "wasm-bindgen-macro", - "version": "0.2.84", + "version": "0.2.92", "package_url": "https://github.com/rustwasm/wasm-bindgen/tree/master/crates/macro", "repository": { "Http": { - "url": "https://static.crates.io/crates/wasm-bindgen-macro/0.2.84/download", - "sha256": "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" + "url": "https://static.crates.io/crates/wasm-bindgen-macro/0.2.92/download", + "sha256": "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" } }, "targets": [ @@ -6420,34 +4778,34 @@ "deps": { "common": [ { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "wasm-bindgen-macro-support 0.2.84", + "id": "wasm-bindgen-macro-support 0.2.92", "target": "wasm_bindgen_macro_support" } ], "selects": {} }, "edition": "2018", - "version": "0.2.84" + "version": "0.2.92" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "wasm-bindgen-macro-support 0.2.84": { + "wasm-bindgen-macro-support 0.2.92": { "name": "wasm-bindgen-macro-support", - "version": "0.2.84", + "version": "0.2.92", "package_url": "https://github.com/rustwasm/wasm-bindgen/tree/master/crates/macro-support", "repository": { "Http": { - "url": "https://static.crates.io/crates/wasm-bindgen-macro-support/0.2.84/download", - "sha256": "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" + "url": "https://static.crates.io/crates/wasm-bindgen-macro-support/0.2.92/download", + "sha256": "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" } }, "targets": [ @@ -6475,46 +4833,46 @@ "deps": { "common": [ { - "id": "proc-macro2 1.0.56", + "id": "proc-macro2 1.0.83", "target": "proc_macro2" }, { - "id": "quote 1.0.26", + "id": "quote 1.0.36", "target": "quote" }, { - "id": "syn 1.0.109", + "id": "syn 2.0.65", "target": "syn" }, { - "id": "wasm-bindgen-backend 0.2.84", + "id": "wasm-bindgen-backend 0.2.92", "target": "wasm_bindgen_backend" }, { - "id": "wasm-bindgen-shared 0.2.84", + "id": "wasm-bindgen-shared 0.2.92", "target": "wasm_bindgen_shared" } ], "selects": {} }, "edition": "2018", - "version": "0.2.84" + "version": "0.2.92" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" ], "license_file": null }, - "wasm-bindgen-shared 0.2.84": { + "wasm-bindgen-shared 0.2.92": { "name": "wasm-bindgen-shared", - "version": "0.2.84", + "version": "0.2.92", "package_url": "https://github.com/rustwasm/wasm-bindgen/tree/master/crates/shared", "repository": { "Http": { - "url": "https://static.crates.io/crates/wasm-bindgen-shared/0.2.84/download", - "sha256": "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" + "url": "https://static.crates.io/crates/wasm-bindgen-shared/0.2.92/download", + "sha256": "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" } }, "targets": [ @@ -6545,14 +4903,14 @@ "deps": { "common": [ { - "id": "wasm-bindgen-shared 0.2.84", + "id": "wasm-bindgen-shared 0.2.92", "target": "build_script_build" } ], "selects": {} }, "edition": "2018", - "version": "0.2.84" + "version": "0.2.92" }, "build_script_attrs": { "data_glob": [ @@ -6560,7 +4918,7 @@ ], "links": "wasm_bindgen" }, - "license": "MIT/Apache-2.0", + "license": "MIT OR Apache-2.0", "license_ids": [ "Apache-2.0", "MIT" @@ -6608,14 +4966,7 @@ "errhandlingapi", "fileapi", "handleapi", - "minwinbase", - "minwindef", - "ntdef", - "processenv", - "profileapi", - "std", - "sysinfoapi", - "timezoneapi" + "processenv" ], "selects": {} }, @@ -6715,53 +5066,6 @@ ], "license_file": null }, - "winapi-util 0.1.5": { - "name": "winapi-util", - "version": "0.1.5", - "package_url": "https://github.com/BurntSushi/winapi-util", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/winapi-util/0.1.5/download", - "sha256": "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" - } - }, - "targets": [ - { - "Library": { - "crate_name": "winapi_util", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "winapi_util", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [], - "selects": { - "cfg(windows)": [ - { - "id": "winapi 0.3.9", - "target": "winapi" - } - ] - } - }, - "edition": "2018", - "version": "0.1.5" - }, - "license": "Unlicense/MIT", - "license_ids": [ - "MIT", - "Unlicense" - ], - "license_file": null - }, "winapi-x86_64-pc-windows-gnu 0.4.0": { "name": "winapi-x86_64-pc-windows-gnu", "version": "0.4.0", @@ -6821,20 +5125,20 @@ ], "license_file": null }, - "windows 0.48.0": { - "name": "windows", - "version": "0.48.0", + "windows-core 0.52.0": { + "name": "windows-core", + "version": "0.52.0", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows/0.48.0/download", - "sha256": "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" + "url": "https://static.crates.io/crates/windows-core/0.52.0/download", + "sha256": "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" } }, "targets": [ { "Library": { - "crate_name": "windows", + "crate_name": "windows_core", "crate_root": "src/lib.rs", "srcs": [ "**/*.rs" @@ -6842,7 +5146,7 @@ } } ], - "library_target_name": "windows", + "library_target_name": "windows_core", "common_attrs": { "compile_data_glob": [ "**" @@ -6850,14 +5154,14 @@ "deps": { "common": [ { - "id": "windows-targets 0.48.0", + "id": "windows-targets 0.52.5", "target": "windows_targets" } ], "selects": {} }, - "edition": "2018", - "version": "0.48.0" + "edition": "2021", + "version": "0.52.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -6866,14 +5170,14 @@ ], "license_file": null }, - "windows-sys 0.45.0": { + "windows-sys 0.52.0": { "name": "windows-sys", - "version": "0.45.0", + "version": "0.52.0", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows-sys/0.45.0/download", - "sha256": "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" + "url": "https://static.crates.io/crates/windows-sys/0.52.0/download", + "sha256": "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" } }, "targets": [ @@ -6896,88 +5200,23 @@ "common": [ "Win32", "Win32_Foundation", - "Win32_Storage", - "Win32_Storage_FileSystem", "Win32_System", "Win32_System_Console", "default" ], "selects": {} }, - "deps": { - "common": [], - "selects": { - "cfg(not(windows_raw_dylib))": [ - { - "id": "windows-targets 0.42.2", - "target": "windows_targets" - } - ] - } - }, - "edition": "2018", - "version": "0.45.0" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows-sys 0.48.0": { - "name": "windows-sys", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows-sys/0.48.0/download", - "sha256": "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_sys", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_sys", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "crate_features": { - "common": [ - "Win32", - "Win32_Foundation", - "Win32_Networking", - "Win32_Networking_WinSock", - "Win32_Security", - "Win32_Storage", - "Win32_Storage_FileSystem", - "Win32_System", - "Win32_System_IO", - "Win32_System_Threading", - "default" - ], - "selects": {} - }, "deps": { "common": [ { - "id": "windows-targets 0.48.0", + "id": "windows-targets 0.52.5", "target": "windows_targets" } ], "selects": {} }, - "edition": "2018", - "version": "0.48.0" + "edition": "2021", + "version": "0.52.0" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -6986,14 +5225,14 @@ ], "license_file": null }, - "windows-targets 0.42.2": { + "windows-targets 0.52.5": { "name": "windows-targets", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows-targets/0.42.2/download", - "sha256": "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" + "url": "https://static.crates.io/crates/windows-targets/0.52.5/download", + "sha256": "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" } }, "targets": [ @@ -7017,163 +5256,56 @@ "selects": { "aarch64-pc-windows-gnullvm": [ { - "id": "windows_aarch64_gnullvm 0.42.2", + "id": "windows_aarch64_gnullvm 0.52.5", "target": "windows_aarch64_gnullvm" } ], - "aarch64-pc-windows-msvc": [ + "cfg(all(any(target_arch = \"x86_64\", target_arch = \"arm64ec\"), target_env = \"msvc\", not(windows_raw_dylib)))": [ { - "id": "windows_aarch64_msvc 0.42.2", - "target": "windows_aarch64_msvc" - } - ], - "aarch64-uwp-windows-msvc": [ - { - "id": "windows_aarch64_msvc 0.42.2", - "target": "windows_aarch64_msvc" - } - ], - "i686-pc-windows-gnu": [ - { - "id": "windows_i686_gnu 0.42.2", - "target": "windows_i686_gnu" - } - ], - "i686-pc-windows-msvc": [ - { - "id": "windows_i686_msvc 0.42.2", - "target": "windows_i686_msvc" - } - ], - "i686-uwp-windows-gnu": [ - { - "id": "windows_i686_gnu 0.42.2", - "target": "windows_i686_gnu" - } - ], - "i686-uwp-windows-msvc": [ - { - "id": "windows_i686_msvc 0.42.2", - "target": "windows_i686_msvc" - } - ], - "x86_64-pc-windows-gnu": [ - { - "id": "windows_x86_64_gnu 0.42.2", - "target": "windows_x86_64_gnu" - } - ], - "x86_64-pc-windows-gnullvm": [ - { - "id": "windows_x86_64_gnullvm 0.42.2", - "target": "windows_x86_64_gnullvm" - } - ], - "x86_64-pc-windows-msvc": [ - { - "id": "windows_x86_64_msvc 0.42.2", + "id": "windows_x86_64_msvc 0.52.5", "target": "windows_x86_64_msvc" } ], - "x86_64-uwp-windows-gnu": [ - { - "id": "windows_x86_64_gnu 0.42.2", - "target": "windows_x86_64_gnu" - } - ], - "x86_64-uwp-windows-msvc": [ - { - "id": "windows_x86_64_msvc 0.42.2", - "target": "windows_x86_64_msvc" - } - ] - } - }, - "edition": "2018", - "version": "0.42.2" - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows-targets 0.48.0": { - "name": "windows-targets", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows-targets/0.48.0/download", - "sha256": "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_targets", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_targets", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [], - "selects": { - "cfg(all(target_arch = \"aarch64\", target_env = \"gnu\", target_abi = \"llvm\", not(windows_raw_dylib)))": [ - { - "id": "windows_aarch64_gnullvm 0.48.0", - "target": "windows_aarch64_gnullvm" - } - ], "cfg(all(target_arch = \"aarch64\", target_env = \"msvc\", not(windows_raw_dylib)))": [ { - "id": "windows_aarch64_msvc 0.48.0", + "id": "windows_aarch64_msvc 0.52.5", "target": "windows_aarch64_msvc" } ], - "cfg(all(target_arch = \"x86\", target_env = \"gnu\", not(windows_raw_dylib)))": [ + "cfg(all(target_arch = \"x86\", target_env = \"gnu\", not(target_abi = \"llvm\"), not(windows_raw_dylib)))": [ { - "id": "windows_i686_gnu 0.48.0", + "id": "windows_i686_gnu 0.52.5", "target": "windows_i686_gnu" } ], "cfg(all(target_arch = \"x86\", target_env = \"msvc\", not(windows_raw_dylib)))": [ { - "id": "windows_i686_msvc 0.48.0", + "id": "windows_i686_msvc 0.52.5", "target": "windows_i686_msvc" } ], "cfg(all(target_arch = \"x86_64\", target_env = \"gnu\", not(target_abi = \"llvm\"), not(windows_raw_dylib)))": [ { - "id": "windows_x86_64_gnu 0.48.0", + "id": "windows_x86_64_gnu 0.52.5", "target": "windows_x86_64_gnu" } ], - "cfg(all(target_arch = \"x86_64\", target_env = \"gnu\", target_abi = \"llvm\", not(windows_raw_dylib)))": [ + "i686-pc-windows-gnullvm": [ { - "id": "windows_x86_64_gnullvm 0.48.0", - "target": "windows_x86_64_gnullvm" + "id": "windows_i686_gnullvm 0.52.5", + "target": "windows_i686_gnullvm" } ], - "cfg(all(target_arch = \"x86_64\", target_env = \"msvc\", not(windows_raw_dylib)))": [ + "x86_64-pc-windows-gnullvm": [ { - "id": "windows_x86_64_msvc 0.48.0", - "target": "windows_x86_64_msvc" + "id": "windows_x86_64_gnullvm 0.52.5", + "target": "windows_x86_64_gnullvm" } ] } }, - "edition": "2018", - "version": "0.48.0" + "edition": "2021", + "version": "0.52.5" }, "license": "MIT OR Apache-2.0", "license_ids": [ @@ -7182,14 +5314,14 @@ ], "license_file": null }, - "windows_aarch64_gnullvm 0.42.2": { + "windows_aarch64_gnullvm 0.52.5": { "name": "windows_aarch64_gnullvm", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_aarch64_gnullvm/0.42.2/download", - "sha256": "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + "url": "https://static.crates.io/crates/windows_aarch64_gnullvm/0.52.5/download", + "sha256": "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" } }, "targets": [ @@ -7220,14 +5352,14 @@ "deps": { "common": [ { - "id": "windows_aarch64_gnullvm 0.42.2", + "id": "windows_aarch64_gnullvm 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7241,73 +5373,14 @@ ], "license_file": null }, - "windows_aarch64_gnullvm 0.48.0": { - "name": "windows_aarch64_gnullvm", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_aarch64_gnullvm/0.48.0/download", - "sha256": "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_aarch64_gnullvm", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_aarch64_gnullvm", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_aarch64_gnullvm 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_aarch64_msvc 0.42.2": { + "windows_aarch64_msvc 0.52.5": { "name": "windows_aarch64_msvc", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_aarch64_msvc/0.42.2/download", - "sha256": "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + "url": "https://static.crates.io/crates/windows_aarch64_msvc/0.52.5/download", + "sha256": "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" } }, "targets": [ @@ -7338,14 +5411,14 @@ "deps": { "common": [ { - "id": "windows_aarch64_msvc 0.42.2", + "id": "windows_aarch64_msvc 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7359,73 +5432,14 @@ ], "license_file": null }, - "windows_aarch64_msvc 0.48.0": { - "name": "windows_aarch64_msvc", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_aarch64_msvc/0.48.0/download", - "sha256": "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_aarch64_msvc", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_aarch64_msvc", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_aarch64_msvc 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_i686_gnu 0.42.2": { + "windows_i686_gnu 0.52.5": { "name": "windows_i686_gnu", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_i686_gnu/0.42.2/download", - "sha256": "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + "url": "https://static.crates.io/crates/windows_i686_gnu/0.52.5/download", + "sha256": "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" } }, "targets": [ @@ -7456,14 +5470,14 @@ "deps": { "common": [ { - "id": "windows_i686_gnu 0.42.2", + "id": "windows_i686_gnu 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7477,20 +5491,20 @@ ], "license_file": null }, - "windows_i686_gnu 0.48.0": { - "name": "windows_i686_gnu", - "version": "0.48.0", + "windows_i686_gnullvm 0.52.5": { + "name": "windows_i686_gnullvm", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_i686_gnu/0.48.0/download", - "sha256": "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" + "url": "https://static.crates.io/crates/windows_i686_gnullvm/0.52.5/download", + "sha256": "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" } }, "targets": [ { "Library": { - "crate_name": "windows_i686_gnu", + "crate_name": "windows_i686_gnullvm", "crate_root": "src/lib.rs", "srcs": [ "**/*.rs" @@ -7507,7 +5521,7 @@ } } ], - "library_target_name": "windows_i686_gnu", + "library_target_name": "windows_i686_gnullvm", "common_attrs": { "compile_data_glob": [ "**" @@ -7515,14 +5529,14 @@ "deps": { "common": [ { - "id": "windows_i686_gnu 0.48.0", + "id": "windows_i686_gnullvm 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.48.0" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7536,14 +5550,14 @@ ], "license_file": null }, - "windows_i686_msvc 0.42.2": { + "windows_i686_msvc 0.52.5": { "name": "windows_i686_msvc", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_i686_msvc/0.42.2/download", - "sha256": "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + "url": "https://static.crates.io/crates/windows_i686_msvc/0.52.5/download", + "sha256": "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" } }, "targets": [ @@ -7574,14 +5588,14 @@ "deps": { "common": [ { - "id": "windows_i686_msvc 0.42.2", + "id": "windows_i686_msvc 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7595,73 +5609,14 @@ ], "license_file": null }, - "windows_i686_msvc 0.48.0": { - "name": "windows_i686_msvc", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_i686_msvc/0.48.0/download", - "sha256": "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_i686_msvc", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_i686_msvc", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_i686_msvc 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_x86_64_gnu 0.42.2": { + "windows_x86_64_gnu 0.52.5": { "name": "windows_x86_64_gnu", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_gnu/0.42.2/download", - "sha256": "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + "url": "https://static.crates.io/crates/windows_x86_64_gnu/0.52.5/download", + "sha256": "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" } }, "targets": [ @@ -7692,14 +5647,14 @@ "deps": { "common": [ { - "id": "windows_x86_64_gnu 0.42.2", + "id": "windows_x86_64_gnu 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7713,73 +5668,14 @@ ], "license_file": null }, - "windows_x86_64_gnu 0.48.0": { - "name": "windows_x86_64_gnu", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_gnu/0.48.0/download", - "sha256": "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_x86_64_gnu", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_x86_64_gnu", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_x86_64_gnu 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_x86_64_gnullvm 0.42.2": { + "windows_x86_64_gnullvm 0.52.5": { "name": "windows_x86_64_gnullvm", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_gnullvm/0.42.2/download", - "sha256": "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + "url": "https://static.crates.io/crates/windows_x86_64_gnullvm/0.52.5/download", + "sha256": "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" } }, "targets": [ @@ -7810,14 +5706,14 @@ "deps": { "common": [ { - "id": "windows_x86_64_gnullvm 0.42.2", + "id": "windows_x86_64_gnullvm 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -7831,73 +5727,14 @@ ], "license_file": null }, - "windows_x86_64_gnullvm 0.48.0": { - "name": "windows_x86_64_gnullvm", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_gnullvm/0.48.0/download", - "sha256": "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_x86_64_gnullvm", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_x86_64_gnullvm", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_x86_64_gnullvm 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_x86_64_msvc 0.42.2": { + "windows_x86_64_msvc 0.52.5": { "name": "windows_x86_64_msvc", - "version": "0.42.2", + "version": "0.52.5", "package_url": "https://github.com/microsoft/windows-rs", "repository": { "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_msvc/0.42.2/download", - "sha256": "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + "url": "https://static.crates.io/crates/windows_x86_64_msvc/0.52.5/download", + "sha256": "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" } }, "targets": [ @@ -7928,73 +5765,14 @@ "deps": { "common": [ { - "id": "windows_x86_64_msvc 0.42.2", + "id": "windows_x86_64_msvc 0.52.5", "target": "build_script_build" } ], "selects": {} }, - "edition": "2018", - "version": "0.42.2" - }, - "build_script_attrs": { - "data_glob": [ - "**" - ] - }, - "license": "MIT OR Apache-2.0", - "license_ids": [ - "Apache-2.0", - "MIT" - ], - "license_file": null - }, - "windows_x86_64_msvc 0.48.0": { - "name": "windows_x86_64_msvc", - "version": "0.48.0", - "package_url": "https://github.com/microsoft/windows-rs", - "repository": { - "Http": { - "url": "https://static.crates.io/crates/windows_x86_64_msvc/0.48.0/download", - "sha256": "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" - } - }, - "targets": [ - { - "Library": { - "crate_name": "windows_x86_64_msvc", - "crate_root": "src/lib.rs", - "srcs": [ - "**/*.rs" - ] - } - }, - { - "BuildScript": { - "crate_name": "build_script_build", - "crate_root": "build.rs", - "srcs": [ - "**/*.rs" - ] - } - } - ], - "library_target_name": "windows_x86_64_msvc", - "common_attrs": { - "compile_data_glob": [ - "**" - ], - "deps": { - "common": [ - { - "id": "windows_x86_64_msvc 0.48.0", - "target": "build_script_build" - } - ], - "selects": {} - }, - "edition": "2018", - "version": "0.48.0" + "edition": "2021", + "version": "0.52.5" }, "build_script_attrs": { "data_glob": [ @@ -8042,7 +5820,6 @@ "aarch64-unknown-nto-qnx710": [ "aarch64-unknown-nto-qnx710" ], - "aarch64-uwp-windows-msvc": [], "arm-unknown-linux-gnueabi": [ "arm-unknown-linux-gnueabi" ], @@ -8052,32 +5829,16 @@ "armv7-unknown-linux-gnueabi": [ "armv7-unknown-linux-gnueabi" ], - "cfg(all(any(target_arch = \"x86_64\", target_arch = \"aarch64\"), target_os = \"hermit\"))": [], - "cfg(all(any(target_os = \"android\", target_os = \"linux\"), any(rustix_use_libc, miri, not(all(target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\"))))))))": [ - "aarch64-linux-android", - "armv7-linux-androideabi", - "i686-linux-android", - "powerpc-unknown-linux-gnu", - "s390x-unknown-linux-gnu", - "x86_64-linux-android" + "cfg(all(any(target_arch = \"x86_64\", target_arch = \"arm64ec\"), target_env = \"msvc\", not(windows_raw_dylib)))": [ + "x86_64-pc-windows-msvc" ], - "cfg(all(not(rustix_use_libc), not(miri), target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\")))))": [ - "aarch64-unknown-linux-gnu", - "aarch64-unknown-nixos-gnu", - "arm-unknown-linux-gnueabi", - "armv7-unknown-linux-gnueabi", - "i686-unknown-linux-gnu", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-nixos-gnu" - ], - "cfg(all(target_arch = \"aarch64\", target_env = \"gnu\", target_abi = \"llvm\", not(windows_raw_dylib)))": [], "cfg(all(target_arch = \"aarch64\", target_env = \"msvc\", not(windows_raw_dylib)))": [ "aarch64-pc-windows-msvc" ], "cfg(all(target_arch = \"wasm32\", not(any(target_os = \"emscripten\", target_os = \"wasi\"))))": [ "wasm32-unknown-unknown" ], - "cfg(all(target_arch = \"x86\", target_env = \"gnu\", not(windows_raw_dylib)))": [ + "cfg(all(target_arch = \"x86\", target_env = \"gnu\", not(target_abi = \"llvm\"), not(windows_raw_dylib)))": [ "i686-unknown-linux-gnu" ], "cfg(all(target_arch = \"x86\", target_env = \"msvc\", not(windows_raw_dylib)))": [ @@ -8087,39 +5848,6 @@ "x86_64-unknown-linux-gnu", "x86_64-unknown-nixos-gnu" ], - "cfg(all(target_arch = \"x86_64\", target_env = \"gnu\", target_abi = \"llvm\", not(windows_raw_dylib)))": [], - "cfg(all(target_arch = \"x86_64\", target_env = \"msvc\", not(windows_raw_dylib)))": [ - "x86_64-pc-windows-msvc" - ], - "cfg(any(rustix_use_libc, miri, not(all(target_os = \"linux\", any(target_arch = \"x86\", all(target_arch = \"x86_64\", target_pointer_width = \"64\"), all(target_endian = \"little\", any(target_arch = \"arm\", all(target_arch = \"aarch64\", target_pointer_width = \"64\"), target_arch = \"powerpc64\", target_arch = \"riscv64\", target_arch = \"mips\", target_arch = \"mips64\")))))))": [ - "aarch64-apple-darwin", - "aarch64-apple-ios", - "aarch64-apple-ios-sim", - "aarch64-fuchsia", - "aarch64-linux-android", - "aarch64-pc-windows-msvc", - "aarch64-unknown-nto-qnx710", - "armv7-linux-androideabi", - "i686-apple-darwin", - "i686-linux-android", - "i686-pc-windows-msvc", - "i686-unknown-freebsd", - "powerpc-unknown-linux-gnu", - "riscv32imc-unknown-none-elf", - "riscv64gc-unknown-none-elf", - "s390x-unknown-linux-gnu", - "thumbv7em-none-eabi", - "thumbv8m.main-none-eabi", - "wasm32-unknown-unknown", - "wasm32-wasi", - "x86_64-apple-darwin", - "x86_64-apple-ios", - "x86_64-fuchsia", - "x86_64-linux-android", - "x86_64-pc-windows-msvc", - "x86_64-unknown-freebsd", - "x86_64-unknown-none" - ], "cfg(any(target_os = \"macos\", target_os = \"ios\"))": [ "aarch64-apple-darwin", "aarch64-apple-ios", @@ -8128,38 +5856,6 @@ "x86_64-apple-darwin", "x86_64-apple-ios" ], - "cfg(not(any(windows, target_os = \"hermit\", target_os = \"unknown\")))": [ - "aarch64-apple-darwin", - "aarch64-apple-ios", - "aarch64-apple-ios-sim", - "aarch64-fuchsia", - "aarch64-linux-android", - "aarch64-unknown-linux-gnu", - "aarch64-unknown-nixos-gnu", - "aarch64-unknown-nto-qnx710", - "arm-unknown-linux-gnueabi", - "armv7-linux-androideabi", - "armv7-unknown-linux-gnueabi", - "i686-apple-darwin", - "i686-linux-android", - "i686-unknown-freebsd", - "i686-unknown-linux-gnu", - "powerpc-unknown-linux-gnu", - "riscv32imc-unknown-none-elf", - "riscv64gc-unknown-none-elf", - "s390x-unknown-linux-gnu", - "thumbv7em-none-eabi", - "thumbv8m.main-none-eabi", - "wasm32-wasi", - "x86_64-apple-darwin", - "x86_64-apple-ios", - "x86_64-fuchsia", - "x86_64-linux-android", - "x86_64-unknown-freebsd", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-nixos-gnu", - "x86_64-unknown-none" - ], "cfg(not(windows))": [ "aarch64-apple-darwin", "aarch64-apple-ios", @@ -8193,42 +5889,6 @@ "x86_64-unknown-nixos-gnu", "x86_64-unknown-none" ], - "cfg(not(windows_raw_dylib))": [ - "aarch64-apple-darwin", - "aarch64-apple-ios", - "aarch64-apple-ios-sim", - "aarch64-fuchsia", - "aarch64-linux-android", - "aarch64-pc-windows-msvc", - "aarch64-unknown-linux-gnu", - "aarch64-unknown-nixos-gnu", - "aarch64-unknown-nto-qnx710", - "arm-unknown-linux-gnueabi", - "armv7-linux-androideabi", - "armv7-unknown-linux-gnueabi", - "i686-apple-darwin", - "i686-linux-android", - "i686-pc-windows-msvc", - "i686-unknown-freebsd", - "i686-unknown-linux-gnu", - "powerpc-unknown-linux-gnu", - "riscv32imc-unknown-none-elf", - "riscv64gc-unknown-none-elf", - "s390x-unknown-linux-gnu", - "thumbv7em-none-eabi", - "thumbv8m.main-none-eabi", - "wasm32-unknown-unknown", - "wasm32-wasi", - "x86_64-apple-darwin", - "x86_64-apple-ios", - "x86_64-fuchsia", - "x86_64-linux-android", - "x86_64-pc-windows-msvc", - "x86_64-unknown-freebsd", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-nixos-gnu", - "x86_64-unknown-none" - ], "cfg(target_arch = \"wasm32\")": [ "wasm32-unknown-unknown", "wasm32-wasi" @@ -8239,12 +5899,8 @@ "i686-linux-android", "x86_64-linux-android" ], - "cfg(target_os = \"dragonfly\")": [], "cfg(target_os = \"haiku\")": [], "cfg(target_os = \"hermit\")": [], - "cfg(target_os = \"wasi\")": [ - "wasm32-wasi" - ], "cfg(target_os = \"windows\")": [ "aarch64-pc-windows-msvc", "i686-pc-windows-msvc", @@ -8289,6 +5945,7 @@ "i686-linux-android" ], "i686-pc-windows-gnu": [], + "i686-pc-windows-gnullvm": [], "i686-pc-windows-msvc": [ "i686-pc-windows-msvc" ], @@ -8298,8 +5955,6 @@ "i686-unknown-linux-gnu": [ "i686-unknown-linux-gnu" ], - "i686-uwp-windows-gnu": [], - "i686-uwp-windows-msvc": [], "powerpc-unknown-linux-gnu": [ "powerpc-unknown-linux-gnu" ], @@ -8352,19 +6007,17 @@ ], "x86_64-unknown-none": [ "x86_64-unknown-none" - ], - "x86_64-uwp-windows-gnu": [], - "x86_64-uwp-windows-msvc": [] + ] }, "direct_deps": [ - "clap 4.2.1", + "clap 4.5.4", "codeql-extractor 0.2.0", "encoding 0.2.33", "lazy_static 1.4.0", - "rayon 1.7.0", + "rayon 1.10.0", "regex 1.10.4", - "tracing 0.1.37", - "tracing-subscriber 0.3.16", + "tracing 0.1.40", + "tracing-subscriber 0.3.18", "tree-sitter 0.22.6", "tree-sitter-embedded-template 0.21.0", "tree-sitter-ruby 0.21.0" diff --git a/ruby/extractor/rust-toolchain.toml b/ruby/extractor/rust-toolchain.toml index 1295f479382..aa02ff3d0bd 100644 --- a/ruby/extractor/rust-toolchain.toml +++ b/ruby/extractor/rust-toolchain.toml @@ -2,6 +2,6 @@ # extractor. It is set to the lowest version of Rust we want to support. [toolchain] -channel = "1.70" +channel = "1.74" profile = "minimal" components = [ "rustfmt" ] diff --git a/ruby/extractor/src/extractor.rs b/ruby/extractor/src/extractor.rs index b287d297164..c8119c1679c 100644 --- a/ruby/extractor/src/extractor.rs +++ b/ruby/extractor/src/extractor.rs @@ -25,15 +25,7 @@ pub struct Options { } pub fn run(options: Options) -> std::io::Result<()> { - tracing_subscriber::fmt() - .with_target(false) - .without_time() - .with_level(true) - .with_env_filter( - tracing_subscriber::EnvFilter::try_from_default_env() - .unwrap_or_else(|_| tracing_subscriber::EnvFilter::new("ruby_extractor=warn")), - ) - .init(); + extractor::set_tracing_level("ruby"); let diagnostics = diagnostics::DiagnosticLoggers::new("ruby"); let mut main_thread_logger = diagnostics.logger(); let num_threads = match codeql_extractor::options::num_threads() { diff --git a/ruby/extractor/src/generator.rs b/ruby/extractor/src/generator.rs index 485dbd56b59..00d878243ae 100644 --- a/ruby/extractor/src/generator.rs +++ b/ruby/extractor/src/generator.rs @@ -15,12 +15,7 @@ pub struct Options { } pub fn run(options: Options) -> std::io::Result<()> { - tracing_subscriber::fmt() - .with_target(false) - .without_time() - .with_level(true) - .with_env_filter(tracing_subscriber::EnvFilter::from_default_env()) - .init(); + codeql_extractor::extractor::set_tracing_level("ruby"); let languages = vec![ Language { diff --git a/shared/tree-sitter-extractor/rust-toolchain.toml b/shared/tree-sitter-extractor/rust-toolchain.toml index 7fe5bcb46f8..fc7eb0871cd 100644 --- a/shared/tree-sitter-extractor/rust-toolchain.toml +++ b/shared/tree-sitter-extractor/rust-toolchain.toml @@ -2,6 +2,6 @@ # extractor. It is set to the lowest version of Rust we want to support. [toolchain] -channel = "1.70" +channel = "1.74" profile = "minimal" components = [ "clippy", "rustfmt" ] \ No newline at end of file diff --git a/shared/tree-sitter-extractor/src/extractor/mod.rs b/shared/tree-sitter-extractor/src/extractor/mod.rs index 00e03423409..7afe5d3a0c0 100644 --- a/shared/tree-sitter-extractor/src/extractor/mod.rs +++ b/shared/tree-sitter-extractor/src/extractor/mod.rs @@ -14,7 +14,7 @@ pub mod simple; /// Sets the tracing level based on the environment variables /// `RUST_LOG` and `CODEQL_VERBOSITY` (prioritized in that order), /// falling back to `warn` if neither is set. -pub fn set_tracing_level(language: &str) -> () { +pub fn set_tracing_level(language: &str) { tracing_subscriber::fmt() .with_target(false) .without_time() From d540675b9ec5c36fff442cb79089359fcc41b8d9 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 23 May 2024 12:21:37 +0200 Subject: [PATCH 27/38] Update TrustBoundaryViolation.ql --- java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql index 9bc90f49c1f..41c2acac33b 100644 --- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql @@ -17,4 +17,4 @@ import TrustBoundaryFlow::PathGraph from TrustBoundaryFlow::PathNode source, TrustBoundaryFlow::PathNode sink where TrustBoundaryFlow::flowPath(source, sink) select sink.getNode(), sink, source, - "This servlet reads data from a remote source and writes it to a session variable." + "This servlet reads data from a $@ and writes it to a session variable.", source, "remote source" From 1e54422662f442e2999616d681622f5a731c5884 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 23 May 2024 14:54:23 +0200 Subject: [PATCH 28/38] Java: Add neutral implementations. --- .../dataflow/p/Inheritance.java | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java index f21c8d89747..c7697be6d17 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java @@ -88,4 +88,29 @@ public class Inheritance { return s; } } + + public interface INeutral { + String id(String s); + } + + public class F implements INeutral { + // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated + public String id(String s) { + return ""; + } + } + + public class G implements INeutral { + // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated + public String id(String s) { + return ""; + } + } + + private class H implements INeutral { + // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated + public String id(String s) { + return ""; + } + } } From 5c4eb3c943016b6ba02d232a5d50813c412ce0f4 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 23 May 2024 13:06:01 +0000 Subject: [PATCH 29/38] Java: add change note --- .../src/change-notes/2024-05-23-trusted-boundary-violation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/src/change-notes/2024-05-23-trusted-boundary-violation.md diff --git a/java/ql/src/change-notes/2024-05-23-trusted-boundary-violation.md b/java/ql/src/change-notes/2024-05-23-trusted-boundary-violation.md new file mode 100644 index 00000000000..50c12e32bd2 --- /dev/null +++ b/java/ql/src/change-notes/2024-05-23-trusted-boundary-violation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The alert message for the query "Trust boundary violation" (`java/trust-boundary-violation`) has been updated to include a link to the remote source. \ No newline at end of file From b5b5fef6421a8d7a29323863f44e992cd96cf8c1 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 23 May 2024 15:53:12 +0200 Subject: [PATCH 30/38] Switch source and sink in TrustBoundaryViolation.ql --- java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql index 41c2acac33b..0fa9913caf1 100644 --- a/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +++ b/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql @@ -16,5 +16,5 @@ import TrustBoundaryFlow::PathGraph from TrustBoundaryFlow::PathNode source, TrustBoundaryFlow::PathNode sink where TrustBoundaryFlow::flowPath(source, sink) -select sink.getNode(), sink, source, +select sink.getNode(), source, sink, "This servlet reads data from a $@ and writes it to a session variable.", source, "remote source" From 6f5bdfba657ed3ac32a79e16053760e174205d5b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 23 May 2024 16:32:45 +0200 Subject: [PATCH 31/38] Java: Do not lift neutrals and only generate for public endpoints. --- .../internal/CaptureModelsSpecific.qll | 30 +++++++++++-------- .../internal/CaptureSummaryFlowQuery.qll | 1 + 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll index 57456a5cfb9..70e750b2ee8 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll @@ -80,10 +80,11 @@ predicate isUninterestingForDataFlowModels(Callable api) { predicate isUninterestingForTypeBasedFlowModels(Callable api) { none() } /** - * A class of Callables that are relevant for generating summary, source and sinks models for. + * A class of callables that are potentially relevant for generating summary, source, sink + * and neutral models. * - * In the Standard library and 3rd party libraries it the Callables that can be called - * from outside the library itself. + * In the Standard library and 3rd party libraries it is the callables (or callables that have a + * super implementation) that can be called from outside the library itself. */ class TargetApiSpecific extends Callable { private Callable lift; @@ -97,6 +98,11 @@ class TargetApiSpecific extends Callable { * Gets the callable that a model will be lifted to. */ Callable lift() { result = lift } + + /** + * Holds if this callable is relevant in terms of generating models. + */ + predicate isRelevant() { relevant(this) } } private string isExtensible(Callable c) { @@ -114,15 +120,13 @@ private string typeAsModel(Callable c) { ) } -private predicate partialLiftedModel( - TargetApiSpecific api, string type, string extensible, string name, string parameters +private predicate partialModel( + Callable api, string type, string extensible, string name, string parameters ) { - exists(Callable c | c = api.lift() | - type = typeAsModel(c) and - extensible = isExtensible(c) and - name = c.getName() and - parameters = ExternalFlow::paramsString(c) - ) + type = typeAsModel(api) and + extensible = isExtensible(api) and + name = api.getName() and + parameters = ExternalFlow::paramsString(api) } /** @@ -130,7 +134,7 @@ private predicate partialLiftedModel( */ string asPartialModel(TargetApiSpecific api) { exists(string type, string extensible, string name, string parameters | - partialLiftedModel(api, type, extensible, name, parameters) and + partialModel(api.lift(), type, extensible, name, parameters) and result = type + ";" // + extensible + ";" // @@ -145,7 +149,7 @@ string asPartialModel(TargetApiSpecific api) { */ string asPartialNeutralModel(TargetApiSpecific api) { exists(string type, string name, string parameters | - partialLiftedModel(api, type, _, name, parameters) and + partialModel(api, type, _, name, parameters) and result = type + ";" // + name + ";" // diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll b/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll index 40190711e40..24e8cd92d51 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll @@ -79,5 +79,6 @@ string captureFlow(DataFlowTargetApi api) { */ string captureNoFlow(DataFlowTargetApi api) { not exists(DataFlowTargetApi api0 | exists(captureFlow(api0)) and api0.lift() = api.lift()) and + api.isRelevant() and result = ModelPrinting::asNeutralSummaryModel(api) } From 9cf0995720015b2aed7219775d8815de4ce7b6c2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 23 May 2024 16:33:04 +0200 Subject: [PATCH 32/38] Java: Update test expected output. --- .../utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java | 2 +- .../ql/test/utils/modelgenerator/dataflow/p/Inheritance.java | 5 ++--- .../dataflow/p/PrivateFlowViaPublicInterface.java | 1 - 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java b/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java index 596be687c23..a2e2992c8a6 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java @@ -7,7 +7,7 @@ import java.nio.file.Files; public class ImplOfExternalSPI extends AbstractImplOfExternalSPI { // sink=p;AbstractImplOfExternalSPI;true;accept;(File);;Argument[0];path-injection;df-generated - // neutral=p;AbstractImplOfExternalSPI;accept;(File);summary;df-generated + // neutral=p;ImplOfExternalSPI;accept;(File);summary;df-generated @Override public boolean accept(File pathname) { try { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java index c7697be6d17..8c083cd3972 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java @@ -94,21 +94,20 @@ public class Inheritance { } public class F implements INeutral { - // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated + // neutral=p;Inheritance$F;id;(String);summary;df-generated public String id(String s) { return ""; } } public class G implements INeutral { - // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated + // neutral=p;Inheritance$G;id;(String);summary;df-generated public String id(String s) { return ""; } } private class H implements INeutral { - // SPURIOUS-neutral=p;Inheritance$INeutral;id;(String);summary;df-generated public String id(String s) { return ""; } diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java index 25c62172121..7ef4df33b66 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java @@ -45,7 +45,6 @@ public class PrivateFlowViaPublicInterface { return null; } - // neutral=p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated @Override public OutputStream openStreamNone() throws IOException { return new FileOutputStream(new RandomPojo().someFile); From 5928ede32401583e79e31bbf064a3c8734a3cf8b Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 23 May 2024 16:47:35 +0200 Subject: [PATCH 33/38] C#: Fix integration test expected file --- .../diagnostics.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected index 5f298cd3a11..8633aedab76 100644 --- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected @@ -13,12 +13,12 @@ } } { - "markdownMessage": "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.", + "markdownMessage": "C# was extracted with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.", "severity": "note", "source": { "extractorName": "csharp", "id": "csharp/autobuilder/buildless/mode-active", - "name": "C# with build-mode set to 'none'" + "name": "C# was extracted with build-mode set to 'none'" }, "visibility": { "cliSummaryTable": true, From 1129df9cb76356b730b4017a46df5ac35d2b4bef Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Thu, 23 May 2024 16:20:45 +0100 Subject: [PATCH 34/38] 'monotonicAggregates' can apply to modules (see language spec) --- docs/codeql/ql-language-reference/annotations.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index fa1f9bfc76e..0ddb28c3a9d 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -446,7 +446,7 @@ The ``pragma[assume_small_delta]`` annotation has no effect and can be safely re Language pragmas ================ -**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates| +**Available for**: |modules|, |classes|, |characteristic predicates|, |member predicates|, |non-member predicates| ``language[monotonicAggregates]`` --------------------------------- From 613ccaac1d924ab05949c365e69345e0bf92bc29 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Thu, 23 May 2024 13:01:22 -0400 Subject: [PATCH 35/38] Add change note to all v1.0.0 packs --- cpp/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ cpp/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ csharp/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ csharp/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ go/ql/consistency-queries/change-notes/2024-05-23-Version1.md | 4 ++++ go/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ go/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ java/ql/automodel/src/change-notes/2024-05-23-Version1.md | 4 ++++ java/ql/automodel/test/change-notes/2024-05-23-Version1.md | 4 ++++ java/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ java/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ javascript/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ javascript/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ misc/suite-helpers/change-notes/2024-05-23-Version1.md | 4 ++++ python/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ python/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ ql/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ ruby/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ ruby/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ shared/controlflow/change-notes/2024-05-23-Version1.md | 4 ++++ shared/dataflow/change-notes/2024-05-23-Version1.md | 4 ++++ shared/mad/change-notes/2024-05-23-Version1.md | 4 ++++ shared/rangeanalysis/change-notes/2024-05-23-Version1.md | 4 ++++ shared/regex/change-notes/2024-05-23-Version1.md | 4 ++++ shared/ssa/change-notes/2024-05-23-Version1.md | 4 ++++ shared/threat-models/change-notes/2024-05-23-Version1.md | 4 ++++ shared/tutorial/change-notes/2024-05-23-Version1.md | 4 ++++ shared/typeflow/change-notes/2024-05-23-Version1.md | 4 ++++ shared/typetracking/change-notes/2024-05-23-Version1.md | 4 ++++ shared/typos/change-notes/2024-05-23-Version1.md | 4 ++++ shared/util/change-notes/2024-05-23-Version1.md | 4 ++++ shared/xml/change-notes/2024-05-23-Version1.md | 4 ++++ shared/yaml/change-notes/2024-05-23-Version1.md | 4 ++++ swift/ql/lib/change-notes/2024-05-23-Version1.md | 4 ++++ swift/ql/src/change-notes/2024-05-23-Version1.md | 4 ++++ 35 files changed, 140 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 cpp/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 csharp/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 csharp/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 go/ql/consistency-queries/change-notes/2024-05-23-Version1.md create mode 100644 go/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 go/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 java/ql/automodel/src/change-notes/2024-05-23-Version1.md create mode 100644 java/ql/automodel/test/change-notes/2024-05-23-Version1.md create mode 100644 java/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 java/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 javascript/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 javascript/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 misc/suite-helpers/change-notes/2024-05-23-Version1.md create mode 100644 python/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 python/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 ql/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 ruby/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 ruby/ql/src/change-notes/2024-05-23-Version1.md create mode 100644 shared/controlflow/change-notes/2024-05-23-Version1.md create mode 100644 shared/dataflow/change-notes/2024-05-23-Version1.md create mode 100644 shared/mad/change-notes/2024-05-23-Version1.md create mode 100644 shared/rangeanalysis/change-notes/2024-05-23-Version1.md create mode 100644 shared/regex/change-notes/2024-05-23-Version1.md create mode 100644 shared/ssa/change-notes/2024-05-23-Version1.md create mode 100644 shared/threat-models/change-notes/2024-05-23-Version1.md create mode 100644 shared/tutorial/change-notes/2024-05-23-Version1.md create mode 100644 shared/typeflow/change-notes/2024-05-23-Version1.md create mode 100644 shared/typetracking/change-notes/2024-05-23-Version1.md create mode 100644 shared/typos/change-notes/2024-05-23-Version1.md create mode 100644 shared/util/change-notes/2024-05-23-Version1.md create mode 100644 shared/xml/change-notes/2024-05-23-Version1.md create mode 100644 shared/yaml/change-notes/2024-05-23-Version1.md create mode 100644 swift/ql/lib/change-notes/2024-05-23-Version1.md create mode 100644 swift/ql/src/change-notes/2024-05-23-Version1.md diff --git a/cpp/ql/lib/change-notes/2024-05-23-Version1.md b/cpp/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/cpp/ql/src/change-notes/2024-05-23-Version1.md b/cpp/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/cpp/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/csharp/ql/lib/change-notes/2024-05-23-Version1.md b/csharp/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/csharp/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/csharp/ql/src/change-notes/2024-05-23-Version1.md b/csharp/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/csharp/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/go/ql/consistency-queries/change-notes/2024-05-23-Version1.md b/go/ql/consistency-queries/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/go/ql/consistency-queries/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/go/ql/lib/change-notes/2024-05-23-Version1.md b/go/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/go/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/go/ql/src/change-notes/2024-05-23-Version1.md b/go/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/go/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/java/ql/automodel/src/change-notes/2024-05-23-Version1.md b/java/ql/automodel/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/java/ql/automodel/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/java/ql/automodel/test/change-notes/2024-05-23-Version1.md b/java/ql/automodel/test/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/java/ql/automodel/test/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/java/ql/lib/change-notes/2024-05-23-Version1.md b/java/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/java/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/java/ql/src/change-notes/2024-05-23-Version1.md b/java/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/java/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/javascript/ql/lib/change-notes/2024-05-23-Version1.md b/javascript/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/javascript/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/javascript/ql/src/change-notes/2024-05-23-Version1.md b/javascript/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/javascript/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/misc/suite-helpers/change-notes/2024-05-23-Version1.md b/misc/suite-helpers/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/misc/suite-helpers/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/python/ql/lib/change-notes/2024-05-23-Version1.md b/python/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/python/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/python/ql/src/change-notes/2024-05-23-Version1.md b/python/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/python/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/ql/ql/src/change-notes/2024-05-23-Version1.md b/ql/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/ql/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/ruby/ql/lib/change-notes/2024-05-23-Version1.md b/ruby/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/ruby/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/ruby/ql/src/change-notes/2024-05-23-Version1.md b/ruby/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/ruby/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/controlflow/change-notes/2024-05-23-Version1.md b/shared/controlflow/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/controlflow/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/dataflow/change-notes/2024-05-23-Version1.md b/shared/dataflow/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/dataflow/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/mad/change-notes/2024-05-23-Version1.md b/shared/mad/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/mad/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/rangeanalysis/change-notes/2024-05-23-Version1.md b/shared/rangeanalysis/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/rangeanalysis/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/regex/change-notes/2024-05-23-Version1.md b/shared/regex/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/regex/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/ssa/change-notes/2024-05-23-Version1.md b/shared/ssa/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/ssa/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/threat-models/change-notes/2024-05-23-Version1.md b/shared/threat-models/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/threat-models/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/tutorial/change-notes/2024-05-23-Version1.md b/shared/tutorial/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/tutorial/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/typeflow/change-notes/2024-05-23-Version1.md b/shared/typeflow/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/typeflow/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/typetracking/change-notes/2024-05-23-Version1.md b/shared/typetracking/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/typetracking/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/typos/change-notes/2024-05-23-Version1.md b/shared/typos/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/typos/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/util/change-notes/2024-05-23-Version1.md b/shared/util/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/util/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/xml/change-notes/2024-05-23-Version1.md b/shared/xml/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/xml/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/shared/yaml/change-notes/2024-05-23-Version1.md b/shared/yaml/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/shared/yaml/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/swift/ql/lib/change-notes/2024-05-23-Version1.md b/swift/ql/lib/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/swift/ql/lib/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. diff --git a/swift/ql/src/change-notes/2024-05-23-Version1.md b/swift/ql/src/change-notes/2024-05-23-Version1.md new file mode 100644 index 00000000000..5840e51017b --- /dev/null +++ b/swift/ql/src/change-notes/2024-05-23-Version1.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0. From 9aee2dc0027ecb9e8376530eb97b0385cf150a1d Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 23 May 2024 15:54:25 +0200 Subject: [PATCH 36/38] C#: Adjust compiler argument integration test --- .../compiler_args/CompilerArgs.expected | 20 +++++++++++++++++++ .../linux-only/compiler_args/CompilerArgs.ql | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.expected b/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.expected index c877d01a695..888a4be5409 100644 --- a/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.expected +++ b/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.expected @@ -1,9 +1,14 @@ | 0 | /noconfig | | 1 | /unsafe- | | 2 | /checked- | +| 3 | /nowarn:1701,1702,1701,1702 | | 4 | /fullpaths | | 5 | /nostdlib+ | +| 6 | /errorreport:prompt | +| 7 | /warn:8 | +| 8 | /define:TRACE;DEBUG;NET;NET8_0;NETCOREAPP;NET5_0_OR_GREATER;NET6_0_OR_GREATER;NET7_0_OR_GREATER;NET8_0_OR_GREATER;NETCOREAPP1_0_OR_GREATER;NETCOREAPP1_1_OR_GREATER;NETCOREAPP2_0_OR_GREATER;NETCOREAPP2_1_OR_GREATER;NETCOREAPP2_2_OR_GREATER;NETCOREAPP3_0_OR_GREATER;NETCOREAPP3_1_OR_GREATER | | 9 | /highentropyva+ | +| 10 | /nullable:enable | | 11 | /reference:[...]/8.0.1/ref/net8.0/Microsoft.CSharp.dll | | 12 | /reference:[...]/8.0.1/ref/net8.0/Microsoft.VisualBasic.Core.dll | | 13 | /reference:[...]/8.0.1/ref/net8.0/Microsoft.VisualBasic.dll | @@ -168,10 +173,24 @@ | 172 | /reference:[...]/8.0.1/ref/net8.0/System.Xml.XPath.XDocument.dll | | 173 | /reference:[...]/8.0.1/ref/net8.0/WindowsBase.dll | | 174 | /debug+ | +| 175 | /debug:portable | +| 176 | /filealign:512 | +| 177 | /generatedfilesout:obj/Debug/net8.0//generated | | 178 | /optimize- | +| 179 | /out:obj/Debug/net8.0/test.dll | +| 180 | /refout:obj/Debug/net8.0/refint/test.dll | +| 181 | /target:exe | | 182 | /warnaserror- | | 183 | /utf8output | | 184 | /deterministic+ | +| 185 | /sourcelink:obj/Debug/net8.0/test.sourcelink.json | +| 186 | /langversion:12.0 | +| 187 | /embed:Program.cs | +| 188 | /embed:obj/Debug/net8.0/test.GlobalUsings.g.cs | +| 189 | /embed:"obj/Debug/net8.0/.NETCoreApp,Version=v8.0.AssemblyAttributes.cs" | +| 190 | /embed:obj/Debug/net8.0/test.AssemblyInfo.cs | +| 191 | /analyzerconfig:/home/runner/work/semmle-code/semmle-code/.editorconfig | +| 192 | /analyzerconfig:obj/Debug/net8.0/test.GeneratedMSBuildEditorConfig.editorconfig | | 193 | /analyzerconfig:[...]/8.0.101/Sdks/Microsoft.NET.Sdk/analyzers/build/config/analysislevel_8_default.globalconfig | | 194 | /analyzer:[...]/8.0.101/Sdks/Microsoft.NET.Sdk/targets/../analyzers/Microsoft.CodeAnalysis.CSharp.NetAnalyzers.dll | | 195 | /analyzer:[...]/8.0.101/Sdks/Microsoft.NET.Sdk/targets/../analyzers/Microsoft.CodeAnalysis.NetAnalyzers.dll | @@ -185,3 +204,4 @@ | 203 | obj/Debug/net8.0/test.GlobalUsings.g.cs | | 204 | obj/Debug/net8.0/.NETCoreApp,Version=v8.0.AssemblyAttributes.cs | | 205 | obj/Debug/net8.0/test.AssemblyInfo.cs | +| 206 | /warnaserror+:NU1605,SYSLIB0011 | diff --git a/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.ql b/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.ql index 774388896e9..f2aa5c8c4a0 100644 --- a/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.ql +++ b/csharp/ql/integration-tests/linux-only/compiler_args/CompilerArgs.ql @@ -3,7 +3,8 @@ import semmle.code.csharp.commons.Compilation bindingset[arg] private string normalize(string arg) { - not exists(arg.indexOf(":")) and result = arg + (not exists(arg.indexOf(":")) or not exists(arg.indexOf("/8.0"))) and + result = arg or exists(int i, int j | i = arg.indexOf(":") and From 7490472772d7133aeef0b13795e50385c2160486 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 24 May 2024 13:05:39 +0200 Subject: [PATCH 37/38] Update Python to use Rust 1.74 --- python/extractor/tsg-python/rust-toolchain.toml | 2 +- ruby/extractor/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/extractor/tsg-python/rust-toolchain.toml b/python/extractor/tsg-python/rust-toolchain.toml index fe5c5df29ff..5e0bcd3a476 100644 --- a/python/extractor/tsg-python/rust-toolchain.toml +++ b/python/extractor/tsg-python/rust-toolchain.toml @@ -2,6 +2,6 @@ # extractor. It is set to the lowest version of Rust we want to support. [toolchain] -channel = "1.68" +channel = "1.74" profile = "minimal" components = [ "rustfmt" ] diff --git a/ruby/extractor/Cargo.toml b/ruby/extractor/Cargo.toml index bee9079faf8..07cdd969ec4 100644 --- a/ruby/extractor/Cargo.toml +++ b/ruby/extractor/Cargo.toml @@ -34,7 +34,7 @@ lazy_static = "1.4.0" # of lock-file update time, but `rules_rust` pins generates a bazel rule that unconditionally downloads `main`, which # breaks build hermeticity. So, rev-pinning it is. # See also https://github.com/bazelbuild/rules_rust/issues/2502. -codeql-extractor = { git = "https://github.com/github/codeql.git", rev = "a523be4d0a1e2420a1884f7c4f8754a7c4fb7e21" } +codeql-extractor = { git = "https://github.com/github/codeql.git", rev = "0dbce3d077f6f31a8d660aea104ee31cacf6bacd" } [patch.crates-io] tree-sitter = {git = "https://github.com/redsun82/tree-sitter.git", rev = "1f5c1112ceaa8fc6aff61d1852690407670d2a96"} From 386bc1eb0320074d49dcff317c844069b4f4a1eb Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 24 May 2024 13:13:27 +0200 Subject: [PATCH 38/38] Bazel: repin --- python/extractor/tsg-python/Cargo.Bazel.lock | 5 ++--- python/extractor/tsg-python/Cargo.toml | 2 +- ruby/extractor/Cargo.lock | Bin 24538 -> 24538 bytes ruby/extractor/cargo-bazel-lock.json | 4 ++-- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/python/extractor/tsg-python/Cargo.Bazel.lock b/python/extractor/tsg-python/Cargo.Bazel.lock index e3b5a249e4f..1208fe8f970 100644 --- a/python/extractor/tsg-python/Cargo.Bazel.lock +++ b/python/extractor/tsg-python/Cargo.Bazel.lock @@ -1,5 +1,5 @@ { - "checksum": "35a1ce4b6c4f997c496c11d3a8fcfaadc5833dfd41bebb022941687d73dde159", + "checksum": "14572337bc5747880ff328af42451cce3549f743dc79eac7314f3b3f55b74d25", "crates": { "ahash 0.4.7": { "name": "ahash", @@ -1755,7 +1755,7 @@ ], "selects": {} }, - "edition": "2018", + "edition": "2021", "version": "0.1.0" }, "license": null, @@ -1986,7 +1986,6 @@ "crate_features": { "common": [ "consoleapi", - "errhandlingapi", "minwinbase", "minwindef", "processenv", diff --git a/python/extractor/tsg-python/Cargo.toml b/python/extractor/tsg-python/Cargo.toml index 1266f94f2b2..cca6c991566 100644 --- a/python/extractor/tsg-python/Cargo.toml +++ b/python/extractor/tsg-python/Cargo.toml @@ -4,7 +4,7 @@ name = "tsg-python" version = "0.1.0" authors = ["Taus Brock-Nannestad "] -edition = "2018" +edition = "2021" # When changing/updating these, the `Cargo.Bazel.lock` file has to be regenerated. # Run `CARGO_BAZEL_REPIN=true CARGO_BAZEL_REPIN_ONLY=py_deps ./tools/bazel sync --only=py_deps` diff --git a/ruby/extractor/Cargo.lock b/ruby/extractor/Cargo.lock index 023842e620d403c6637d789214e15f5462e14f78..e8e25c0f7e9b9a0b19cf7fea42ba29149ea7284f 100644 GIT binary patch delta 100 zcmcb$pYhgy#tr8M0}WD=l2eUS49v~b%+ibv6D?BA%nTA!6AcYaQd5l$lM|EE%#sq5 SQ{QlOZzz delta 99 zcmcb$pYhgy#tr8M0}@S*jFVDLQVbFeQ;kfFfRu%WNt$`GNt%VZsYxP;kz}4~WT;G} P!pVxfVw+8cmiht!A*CId diff --git a/ruby/extractor/cargo-bazel-lock.json b/ruby/extractor/cargo-bazel-lock.json index 716f999b16c..cb5cf130511 100644 --- a/ruby/extractor/cargo-bazel-lock.json +++ b/ruby/extractor/cargo-bazel-lock.json @@ -1,5 +1,5 @@ { - "checksum": "ec7840d3326d3ea97d8b1ce0f748dc4e7e3528695e3302133cb5e8518aa3d7a1", + "checksum": "93d0053faf939037ac2cd61edfa1ee0f5d5918cb9e1773a0e0574fcbc13325c3", "crates": { "adler 1.0.2": { "name": "adler", @@ -987,7 +987,7 @@ "Git": { "remote": "https://github.com/github/codeql.git", "commitish": { - "Rev": "a523be4d0a1e2420a1884f7c4f8754a7c4fb7e21" + "Rev": "0dbce3d077f6f31a8d660aea104ee31cacf6bacd" }, "strip_prefix": "shared/tree-sitter-extractor" }