From 6173b112747de6ab2292e551873d18db567954d9 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Mon, 25 Oct 2021 14:39:43 +0300 Subject: [PATCH 01/31] Add files via upload --- .../CWE-266/IncorrectPrivilegeAssignment.cpp | 15 ++++ .../IncorrectPrivilegeAssignment.qhelp | 23 ++++++ .../CWE-266/IncorrectPrivilegeAssignment.ql | 77 +++++++++++++++++++ 3 files changed, 115 insertions(+) create mode 100644 cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp create mode 100644 cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.qhelp create mode 100644 cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp new file mode 100644 index 00000000000..f376d8fd62f --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp @@ -0,0 +1,15 @@ +... + umask(0); // BAD +... + cmusk = umask(S_IRWXG | S_IRWXO); // GOOD + ... + fchmod(fileno(fp), 0555 - cmusk); // BAD + ... + fchmod(fileno(fp), 0555 & ~curumsk); // GOOD +... + umask(0666); + chmod(0666); // BAD +... + umask(0022); + chmod(0666); // GOOD +... diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.qhelp new file mode 100644 index 00000000000..530f6764294 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.qhelp @@ -0,0 +1,23 @@ + + + +

Finding for function calls that set file permissions that may have errors in use. Incorrect arithmetic for calculating the resolution mask, using the same mask in opposite functions, using a mask that is too wide.

+ + + + +

The following example demonstrates erroneous and fixed ways to use functions.

+ + + + + +
  • + CERT C Coding Standard: + FIO06-C. Create files with appropriate access permissions. +
    • + +     +     diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql new file mode 100644 index 00000000000..c3ffeec0745 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -0,0 +1,77 @@ +/** + * @name Find the wrong use of the umask function. + * @description Incorrectly evaluated argument to the umask function may have security implications. + * @kind problem + * @id cpp/wrong-use-of-the-umask + * @problem.severity warning + * @precision medium + * @tags correctness + * maintainability + * security + * external/cwe/cwe-266 + * external/cwe/cwe-264 + * external/cwe/cwe-200 + * external/cwe/cwe-560 + * external/cwe/cwe-687 + */ + +import cpp +import semmle.code.cpp.exprs.BitwiseOperation +import semmle.code.cpp.valuenumbering.GlobalValueNumbering + +/** Holds for a function `f` that has an argument at index `apos` used to set file permissions. */ +predicate numberArgumentModFunctions(Function f, int apos) { + f.hasGlobalOrStdName("umask") and apos = 0 + or + f.hasGlobalOrStdName("fchmod") and apos = 1 + or + f.hasGlobalOrStdName("chmod") and apos = 1 +} + +from FunctionCall fc, string msg +where + fc.getTarget().hasGlobalOrStdName("umask") and + fc.getArgument(0).getValue() = "0" and + not exists(FunctionCall fctmp | + fctmp.getTarget().hasGlobalOrStdName("umask") and + globalValueNumber(fctmp.getArgument(0)) != globalValueNumber(fc.getArgument(0)) + ) and + exists(FunctionCall fctmp | + ( + fctmp.getTarget().hasGlobalOrStdName("fopen") or + fctmp.getTarget().hasGlobalOrStdName("open") + ) and + fctmp.getNumberOfArguments() = 2 and + fctmp.getArgument(0).getValue() != "/dev/null" + ) and + not exists(FunctionCall fctmp | + fctmp.getTarget().hasGlobalOrStdName("chmod") or + fctmp.getTarget().hasGlobalOrStdName("fchmod") + ) and + msg = "Using umask (0) may not be safe." + or + fc.getTarget().hasGlobalOrStdName("umask") and + exists(FunctionCall fctmp | + ( + fctmp.getTarget().hasGlobalOrStdName("chmod") or + fctmp.getTarget().hasGlobalOrStdName("fchmod") + ) and + ( + globalValueNumber(fc.getArgument(0)) = globalValueNumber(fctmp.getArgument(1)) and + fc.getArgument(0).getValue() != "0" + ) and + msg = "not use equal argument in umask and " + fctmp.getTarget().getName() + " functions" + ) + or + exists(Expr exptmp, int i | + numberArgumentModFunctions(fc.getTarget(), i) and + not exptmp.getAChild*() instanceof FunctionCall and + not exists(SizeofOperator so | exptmp.getAChild*() = so) and + not exists(ArrayExpr aetmp | aetmp.getArrayOffset() = exptmp.getAChild*()) and + exptmp.getAChild*() instanceof BinaryArithmeticOperation and + not exptmp.getAChild*() instanceof BinaryBitwiseOperation and + globalValueNumber(exptmp) = globalValueNumber(fc.getArgument(i)) and + not exptmp.isConstant() and + msg = "Using arithmetic to compute the mask may not be safe." + ) +select fc, msg From a33c076f5fa03b56e6341e4ad21a8f06864362d8 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Mon, 25 Oct 2021 14:40:35 +0300 Subject: [PATCH 02/31] Add files via upload --- .../IncorrectPrivilegeAssignment.expected | 2 + .../tests/IncorrectPrivilegeAssignment.qlref | 1 + .../CWE/CWE-266/semmle/tests/test.cpp | 49 +++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.qlref create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/test.cpp diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected new file mode 100644 index 00000000000..a8c2d2441f1 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected @@ -0,0 +1,2 @@ +| test.cpp:9:3:9:7 | call to umask | not use equal argument in umask and chmod functions | +| test.cpp:30:3:30:7 | call to chmod | Using arithmetic to compute the mask may not be safe. | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.qlref new file mode 100644 index 00000000000..9012747f4ba --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/test.cpp new file mode 100644 index 00000000000..57333e8f586 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/test.cpp @@ -0,0 +1,49 @@ +typedef int FILE; +FILE *fopen(const char *filename, const char *mode); +int umask(int pmode); +int chmod(char * filename,int pmode); +int fclose(FILE *stream); + +void funcTest1() +{ + umask(0666); // BAD + FILE *fe; + fe = fopen("myFile.txt", "wt"); + fclose(fe); + chmod("myFile.txt",0666); +} +void funcTest1g() +{ + umask(0022); + FILE *fe; + fe = fopen("myFile.txt", "wt"); + fclose(fe); + chmod("myFile.txt",0666); // GOOD +} + +void funcTest2(int mode) +{ + umask(mode); + FILE *fe; + fe = fopen("myFile.txt", "wt"); + fclose(fe); + chmod("myFile.txt",0555-mode); // BAD +} + +void funcTest2g(int mode) +{ + umask(mode); + FILE *fe; + fe = fopen("myFile.txt", "wt"); + fclose(fe); + chmod("myFile.txt",0555&~mode); // GOOD +} + +int main(int argc, char *argv[]) +{ + funcTest1(); + funcTest2(27); + funcTest1g(); + funcTest2g(27); + return 0; +} From 41e15cd49749b37c4bd4f8aefd09bba0fddb5e23 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Mon, 25 Oct 2021 22:15:52 +0300 Subject: [PATCH 03/31] Update IncorrectPrivilegeAssignment.cpp --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp index f376d8fd62f..3e1edec6823 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp @@ -8,8 +8,8 @@ fchmod(fileno(fp), 0555 & ~curumsk); // GOOD ... umask(0666); - chmod(0666); // BAD + chmod(pathname, 0666); // BAD ... umask(0022); - chmod(0666); // GOOD + chmod(pathname, 0666); // GOOD ... From ea1d18ed609e9b3a2ba7e023708aa6ef7e372327 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Sun, 14 Nov 2021 11:36:06 +0300 Subject: [PATCH 04/31] Update IncorrectPrivilegeAssignment.cpp --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp index 3e1edec6823..d8298df11d8 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp @@ -1,7 +1,8 @@ ... umask(0); // BAD ... - cmusk = umask(S_IRWXG | S_IRWXO); // GOOD + maskOut = S_IRWXG | S_IRWXO; + umask(maskOut); // GOOD ... fchmod(fileno(fp), 0555 - cmusk); // BAD ... From e383e44d36919dc416e48ad3fd6b1f33e14617ab Mon Sep 17 00:00:00 2001 From: ihsinme Date: Sun, 14 Nov 2021 11:57:40 +0300 Subject: [PATCH 05/31] Update IncorrectPrivilegeAssignment.ql --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index c3ffeec0745..13051a7fd50 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -34,7 +34,7 @@ where fc.getArgument(0).getValue() = "0" and not exists(FunctionCall fctmp | fctmp.getTarget().hasGlobalOrStdName("umask") and - globalValueNumber(fctmp.getArgument(0)) != globalValueNumber(fc.getArgument(0)) + fctmp.getArgument(0).getValue() != "0" ) and exists(FunctionCall fctmp | ( From f102fa1d335d0641ee83ae86e52918aa49390957 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Sun, 14 Nov 2021 12:17:01 +0300 Subject: [PATCH 06/31] Update IncorrectPrivilegeAssignment.ql --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 13051a7fd50..a91f5859f8f 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -65,12 +65,12 @@ where or exists(Expr exptmp, int i | numberArgumentModFunctions(fc.getTarget(), i) and + globalValueNumber(exptmp) = globalValueNumber(fc.getArgument(i)) and + exptmp.getAChild*() instanceof BinaryArithmeticOperation and not exptmp.getAChild*() instanceof FunctionCall and not exists(SizeofOperator so | exptmp.getAChild*() = so) and not exists(ArrayExpr aetmp | aetmp.getArrayOffset() = exptmp.getAChild*()) and - exptmp.getAChild*() instanceof BinaryArithmeticOperation and not exptmp.getAChild*() instanceof BinaryBitwiseOperation and - globalValueNumber(exptmp) = globalValueNumber(fc.getArgument(i)) and not exptmp.isConstant() and msg = "Using arithmetic to compute the mask may not be safe." ) From 0359c381e1d1c64bd6c98c781ee4f6de50a6ce63 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Mon, 15 Nov 2021 21:08:11 +0300 Subject: [PATCH 07/31] Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp index d8298df11d8..24efca4911d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp @@ -6,7 +6,7 @@ ... fchmod(fileno(fp), 0555 - cmusk); // BAD ... - fchmod(fileno(fp), 0555 & ~curumsk); // GOOD + fchmod(fileno(fp), 0555 & ~maskOut); // GOOD ... umask(0666); chmod(pathname, 0666); // BAD From 7832e8572b8c90bdd5bc92ba7acff709f0a77097 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Mon, 15 Nov 2021 21:08:20 +0300 Subject: [PATCH 08/31] Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp index 24efca4911d..03f735911b3 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp @@ -4,7 +4,7 @@ maskOut = S_IRWXG | S_IRWXO; umask(maskOut); // GOOD ... - fchmod(fileno(fp), 0555 - cmusk); // BAD + fchmod(fileno(fp), 0555 - maskOut); // BAD ... fchmod(fileno(fp), 0555 & ~maskOut); // GOOD ... From 7f0a7bbec987ba7cef30212bfb80b26e3c689555 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Tue, 16 Nov 2021 10:12:50 +0300 Subject: [PATCH 09/31] Update IncorrectPrivilegeAssignment.ql --- .../CWE-266/IncorrectPrivilegeAssignment.ql | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index a91f5859f8f..a219de8b88f 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -19,6 +19,18 @@ import cpp import semmle.code.cpp.exprs.BitwiseOperation import semmle.code.cpp.valuenumbering.GlobalValueNumbering +/** + * An expression that is either a `BinaryArithmeticOperation` or the result of one or more `BinaryBitwiseOperation`s on a `BinaryArithmeticOperation`. For example `1 | (2 + 3)`. + */ +class ContainsArithmetic extends Expr { + ContainsArithmetic() { + this instanceof BinaryArithmeticOperation + or + // recursive search into `Operation`s + this.(BinaryBitwiseOperation).getAnOperand() instanceof ContainsArithmetic + } +} + /** Holds for a function `f` that has an argument at index `apos` used to set file permissions. */ predicate numberArgumentModFunctions(Function f, int apos) { f.hasGlobalOrStdName("umask") and apos = 0 @@ -63,15 +75,9 @@ where msg = "not use equal argument in umask and " + fctmp.getTarget().getName() + " functions" ) or - exists(Expr exptmp, int i | + exists(ContainsArithmetic exptmp, int i | numberArgumentModFunctions(fc.getTarget(), i) and globalValueNumber(exptmp) = globalValueNumber(fc.getArgument(i)) and - exptmp.getAChild*() instanceof BinaryArithmeticOperation and - not exptmp.getAChild*() instanceof FunctionCall and - not exists(SizeofOperator so | exptmp.getAChild*() = so) and - not exists(ArrayExpr aetmp | aetmp.getArrayOffset() = exptmp.getAChild*()) and - not exptmp.getAChild*() instanceof BinaryBitwiseOperation and - not exptmp.isConstant() and msg = "Using arithmetic to compute the mask may not be safe." ) select fc, msg From 6168b15bbcf1e4099bcf7eb0528ca4de3fb36a69 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Fri, 19 Nov 2021 08:56:21 +0300 Subject: [PATCH 10/31] Update cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index a219de8b88f..92645e8a798 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -46,7 +46,7 @@ where fc.getArgument(0).getValue() = "0" and not exists(FunctionCall fctmp | fctmp.getTarget().hasGlobalOrStdName("umask") and - fctmp.getArgument(0).getValue() != "0" + not fctmp.getArgument(0).getValue() = "0" ) and exists(FunctionCall fctmp | ( From 21ab8b0f63cfb6b2249bac3a3aaa9b361b45590a Mon Sep 17 00:00:00 2001 From: ihsinme Date: Fri, 19 Nov 2021 13:06:08 +0300 Subject: [PATCH 11/31] Update IncorrectPrivilegeAssignment.ql --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 92645e8a798..6ada6a6d837 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -54,7 +54,7 @@ where fctmp.getTarget().hasGlobalOrStdName("open") ) and fctmp.getNumberOfArguments() = 2 and - fctmp.getArgument(0).getValue() != "/dev/null" + not fctmp.getArgument(0).getValue() = "/dev/null" ) and not exists(FunctionCall fctmp | fctmp.getTarget().hasGlobalOrStdName("chmod") or From 6e8d56f0443860e32dc73885c2cba8bc22026dd0 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Tue, 23 Nov 2021 10:22:26 +0300 Subject: [PATCH 12/31] Update IncorrectPrivilegeAssignment.ql --- .../CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 6ada6a6d837..7b8ea595dad 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -40,7 +40,7 @@ predicate numberArgumentModFunctions(Function f, int apos) { f.hasGlobalOrStdName("chmod") and apos = 1 } -from FunctionCall fc, string msg +from FunctionCall fc, string msg, FunctionCall fcsnd where fc.getTarget().hasGlobalOrStdName("umask") and fc.getArgument(0).getValue() = "0" and @@ -54,13 +54,14 @@ where fctmp.getTarget().hasGlobalOrStdName("open") ) and fctmp.getNumberOfArguments() = 2 and - not fctmp.getArgument(0).getValue() = "/dev/null" + not fctmp.getArgument(0).getValue() = "/dev/null" and + fcsnd = fctmp ) and not exists(FunctionCall fctmp | fctmp.getTarget().hasGlobalOrStdName("chmod") or fctmp.getTarget().hasGlobalOrStdName("fchmod") ) and - msg = "Using umask (0) may not be safe." + msg = "Using umask(0) may not be safe with call $@." or fc.getTarget().hasGlobalOrStdName("umask") and exists(FunctionCall fctmp | @@ -72,12 +73,14 @@ where globalValueNumber(fc.getArgument(0)) = globalValueNumber(fctmp.getArgument(1)) and fc.getArgument(0).getValue() != "0" ) and - msg = "not use equal argument in umask and " + fctmp.getTarget().getName() + " functions" + msg = "Not use equal argument in umask and $@ functions." and + fcsnd = fctmp ) or exists(ContainsArithmetic exptmp, int i | numberArgumentModFunctions(fc.getTarget(), i) and globalValueNumber(exptmp) = globalValueNumber(fc.getArgument(i)) and - msg = "Using arithmetic to compute the mask may not be safe." + msg = "Using arithmetic to compute the mask in $@ may not be safe." and + fcsnd = fc ) -select fc, msg +select fc, msg, fcsnd, fcsnd.getTarget().getName() From 88634b81bfe622d194ca1da4235c3ba427e19b09 Mon Sep 17 00:00:00 2001 From: ihsinme Date: Tue, 23 Nov 2021 10:23:20 +0300 Subject: [PATCH 13/31] Update IncorrectPrivilegeAssignment.expected --- .../semmle/tests/IncorrectPrivilegeAssignment.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected index a8c2d2441f1..6ae8ddb32bc 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.expected @@ -1,2 +1,2 @@ -| test.cpp:9:3:9:7 | call to umask | not use equal argument in umask and chmod functions | -| test.cpp:30:3:30:7 | call to chmod | Using arithmetic to compute the mask may not be safe. | +| test.cpp:9:3:9:7 | call to umask | Not use equal argument in umask and $@ functions. | test.cpp:13:3:13:7 | call to chmod | chmod | +| test.cpp:30:3:30:7 | call to chmod | Using arithmetic to compute the mask in $@ may not be safe. | test.cpp:30:3:30:7 | call to chmod | chmod | From 1e45fa9ed4036cda1e3a8a7e26d24c3c08b62324 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Mon, 13 Dec 2021 10:04:58 +0100 Subject: [PATCH 14/31] JS/Py/Ruby: Add more CWEs to bad-tag-filter queries CWE-185: Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. https://cwe.mitre.org/data/definitions/185.html CWE-186: Overly Restrictive Regular Expression > A regular expression is overly restrictive, which prevents dangerous values from being detected. > > (...) [this CWE] is about a regular expression that does not match all > values that are intended. (...) https://cwe.mitre.org/data/definitions/186.html From my understanding, CWE-625: Permissive Regular Expression, is not applicable. (since this is about accepting a regex match where there should not be a match). --- javascript/ql/src/Security/CWE-116/BadTagFilter.ql | 2 ++ python/ql/src/Security/CWE-116/BadTagFilter.ql | 2 ++ ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql | 2 ++ 3 files changed, 6 insertions(+) diff --git a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql index 609690982bb..5eadd33ff40 100644 --- a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql +++ b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql @@ -10,6 +10,8 @@ * security * external/cwe/cwe-116 * external/cwe/cwe-020 + * external/cwe/cwe-185 + * external/cwe/cwe-186 */ import semmle.javascript.security.BadTagFilterQuery diff --git a/python/ql/src/Security/CWE-116/BadTagFilter.ql b/python/ql/src/Security/CWE-116/BadTagFilter.ql index 56990590b22..44305bff876 100644 --- a/python/ql/src/Security/CWE-116/BadTagFilter.ql +++ b/python/ql/src/Security/CWE-116/BadTagFilter.ql @@ -10,6 +10,8 @@ * security * external/cwe/cwe-116 * external/cwe/cwe-020 + * external/cwe/cwe-185 + * external/cwe/cwe-186 */ import semmle.python.security.BadTagFilterQuery diff --git a/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql b/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql index 066c5f86cf8..47587c7af4f 100644 --- a/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql +++ b/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql @@ -10,6 +10,8 @@ * security * external/cwe/cwe-116 * external/cwe/cwe-020 + * external/cwe/cwe-185 + * external/cwe/cwe-186 */ import codeql.ruby.security.BadTagFilterQuery From 0f0bd349589bb406767053031c15a78867920190 Mon Sep 17 00:00:00 2001 From: Sergey Date: Mon, 13 Dec 2021 20:35:13 +0300 Subject: [PATCH 15/31] Update IncorrectPrivilegeAssignment.ql --- .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 7b8ea595dad..72c7f359b47 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -53,6 +53,7 @@ where fctmp.getTarget().hasGlobalOrStdName("fopen") or fctmp.getTarget().hasGlobalOrStdName("open") ) and + not fctmp.getArgument(1).getValue().matches("r%") and fctmp.getNumberOfArguments() = 2 and not fctmp.getArgument(0).getValue() = "/dev/null" and fcsnd = fctmp From a62f181d425982a1a75d39a1c7ee99a39d3b1c13 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Tue, 14 Dec 2021 12:05:15 -0500 Subject: [PATCH 16/31] Move new change notes to appropriate packs --- cpp/change-notes/2021-11-01-isFromSystemMacroDefinition.md | 4 ---- cpp/change-notes/2021-11-09-use-of-http.md | 2 -- .../src}/change-notes/2021-11-25-certificate-not-checked.md | 5 ++++- .../2021-11-25-certificate-result-conflation.md | 5 ++++- java/change-notes/2021-11-15-overrides.md | 2 -- java/change-notes/2021-11-25-surrogate-char-literals.md | 3 --- .../lib/change-notes/2021-11-25-surrogate-char-literals.md | 6 ++++++ .../src/change-notes/2021-11-25-surrogate-char-literals.md | 5 +++++ javascript/change-notes/2021-11-02-insufficient-key-size.md | 2 -- javascript/change-notes/2021-11-02-session-fixation.md | 2 -- javascript/change-notes/2021-11-04-sensitive-get-query.md | 2 -- javascript/change-notes/2021-11-23-typescript-4.5.md | 2 -- javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md | 5 +++++ javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md | 5 +++++ python/change-notes/2021-11-02-flask_admin.md | 2 -- python/change-notes/2021-11-02-toml.md | 2 -- python/change-notes/2021-11-09-model-aiopg.md | 2 -- python/change-notes/2021-11-12-fix-pyhton-query-ids.md | 2 -- .../2021-11-15-model-wsgiref-simple-server-app.md | 5 ++++- python/ql/lib/change-notes/2021-11-16-posixpath.md | 5 +++++ .../2021-11-24-FastAPI-Custom-APIRouter-Subclass.md | 5 ++++- .../2021-11-24-FastAPI-FileResponse-FileSystemAccess.md | 5 +++++ python/ql/lib/change-notes/2021-11-26-os-file-access.md | 5 +++++ .../ql/lib/change-notes/2021-11-26-tempfile-file-access.md | 5 +++++ .../2021-11-15-model-wsgiref-simple-server-app.md | 5 +++++ python/{ => ql/src}/change-notes/2021-11-16-posixpath.md | 5 ++++- .../2021-11-24-FastAPI-FileResponse-FileSystemAccess.md} | 5 ++++- .../{ => ql/src}/change-notes/2021-11-26-os-file-access.md | 5 ++++- .../src}/change-notes/2021-11-26-tempfile-file-access.md | 5 ++++- ruby/change-notes/2021-11-04-csrf-protection-disabled.md | 2 -- .../2021-11-08-hardcoded-credentials-downgrade.md | 2 -- ruby/change-notes/2021-11-09-request-forgery.md | 2 -- ruby/{ => ql/lib}/change-notes/2021-12-07-customizations.md | 5 ++++- 33 files changed, 82 insertions(+), 42 deletions(-) delete mode 100644 cpp/change-notes/2021-11-01-isFromSystemMacroDefinition.md delete mode 100644 cpp/change-notes/2021-11-09-use-of-http.md rename cpp/{ => ql/src}/change-notes/2021-11-25-certificate-not-checked.md (71%) rename cpp/{ => ql/src}/change-notes/2021-11-25-certificate-result-conflation.md (72%) delete mode 100644 java/change-notes/2021-11-15-overrides.md delete mode 100644 java/change-notes/2021-11-25-surrogate-char-literals.md create mode 100644 java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md create mode 100644 java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md delete mode 100644 javascript/change-notes/2021-11-02-insufficient-key-size.md delete mode 100644 javascript/change-notes/2021-11-02-session-fixation.md delete mode 100644 javascript/change-notes/2021-11-04-sensitive-get-query.md delete mode 100644 javascript/change-notes/2021-11-23-typescript-4.5.md create mode 100644 javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md create mode 100644 javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md delete mode 100644 python/change-notes/2021-11-02-flask_admin.md delete mode 100644 python/change-notes/2021-11-02-toml.md delete mode 100644 python/change-notes/2021-11-09-model-aiopg.md delete mode 100644 python/change-notes/2021-11-12-fix-pyhton-query-ids.md rename python/{ => ql/lib}/change-notes/2021-11-15-model-wsgiref-simple-server-app.md (61%) create mode 100644 python/ql/lib/change-notes/2021-11-16-posixpath.md rename python/{ => ql/lib}/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md (63%) create mode 100644 python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md create mode 100644 python/ql/lib/change-notes/2021-11-26-os-file-access.md create mode 100644 python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md create mode 100644 python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md rename python/{ => ql/src}/change-notes/2021-11-16-posixpath.md (80%) rename python/{change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md => ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md} (78%) rename python/{ => ql/src}/change-notes/2021-11-26-os-file-access.md (80%) rename python/{ => ql/src}/change-notes/2021-11-26-tempfile-file-access.md (86%) delete mode 100644 ruby/change-notes/2021-11-04-csrf-protection-disabled.md delete mode 100644 ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md delete mode 100644 ruby/change-notes/2021-11-09-request-forgery.md rename ruby/{ => ql/lib}/change-notes/2021-12-07-customizations.md (69%) diff --git a/cpp/change-notes/2021-11-01-isFromSystemMacroDefinition.md b/cpp/change-notes/2021-11-01-isFromSystemMacroDefinition.md deleted file mode 100644 index 2a859824c8a..00000000000 --- a/cpp/change-notes/2021-11-01-isFromSystemMacroDefinition.md +++ /dev/null @@ -1,4 +0,0 @@ -lgtm,codescanning -* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate - `isFromSystemMacroDefinition` for identifying code that originates from a - macro outside the project being analyzed. diff --git a/cpp/change-notes/2021-11-09-use-of-http.md b/cpp/change-notes/2021-11-09-use-of-http.md deleted file mode 100644 index 6ae3f076634..00000000000 --- a/cpp/change-notes/2021-11-09-use-of-http.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* A new query `cpp/non-https-url` has been added for C/C++. The query flags uses of `http` URLs that might be better replaced with `https`. diff --git a/cpp/change-notes/2021-11-25-certificate-not-checked.md b/cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md similarity index 71% rename from cpp/change-notes/2021-11-25-certificate-not-checked.md rename to cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md index 7cd83d11a1e..93a73af7eed 100644 --- a/cpp/change-notes/2021-11-25-certificate-not-checked.md +++ b/cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: newQuery +tags: [lgtm,codescanning] +--- * A new query `cpp/certificate-not-checked` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. diff --git a/cpp/change-notes/2021-11-25-certificate-result-conflation.md b/cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md similarity index 72% rename from cpp/change-notes/2021-11-25-certificate-result-conflation.md rename to cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md index 14950c5dd04..9d0cbfdd012 100644 --- a/cpp/change-notes/2021-11-25-certificate-result-conflation.md +++ b/cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: newQuery +tags: [lgtm,codescanning] +--- * A new query `cpp/certificate-result-conflation` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. diff --git a/java/change-notes/2021-11-15-overrides.md b/java/change-notes/2021-11-15-overrides.md deleted file mode 100644 index 24ecad0c48b..00000000000 --- a/java/change-notes/2021-11-15-overrides.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* The predicate `Method.overrides(Method)` was accidentally transitive. This has been fixed. This fix also affects `Method.overridesOrInstantiates(Method)` and `Method.getASourceOverriddenMethod()`. diff --git a/java/change-notes/2021-11-25-surrogate-char-literals.md b/java/change-notes/2021-11-25-surrogate-char-literals.md deleted file mode 100644 index b305bd332a1..00000000000 --- a/java/change-notes/2021-11-25-surrogate-char-literals.md +++ /dev/null @@ -1,3 +0,0 @@ -lgtm,codescanning -* `CharacterLiteral`'s `getCodePointValue` predicate now returns the correct value for UTF-16 surrogates. -* The `RangeAnalysis` module and the `java/constant-comparison` queries no longer raise false alerts regarding comparisons with Unicode surrogate character literals. diff --git a/java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md b/java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md new file mode 100644 index 00000000000..d1be437cb83 --- /dev/null +++ b/java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md @@ -0,0 +1,6 @@ +--- +category: fix +tags: [lgtm,codescanning] +--- +* `CharacterLiteral`'s `getCodePointValue` predicate now returns the correct value for UTF-16 surrogates. +* The `RangeAnalysis` module now properly handles comparisons with Unicode surrogate character literals. diff --git a/java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md b/java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md new file mode 100644 index 00000000000..b33dca1b6c8 --- /dev/null +++ b/java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* The `java/constant-comparison` query no longer raises false alerts regarding comparisons with Unicode surrogate character literals. diff --git a/javascript/change-notes/2021-11-02-insufficient-key-size.md b/javascript/change-notes/2021-11-02-insufficient-key-size.md deleted file mode 100644 index be0f3bcddb7..00000000000 --- a/javascript/change-notes/2021-11-02-insufficient-key-size.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* The `js/insufficient-key-size` query has been added. It highlights the creation of cryptographic keys with a short key size. diff --git a/javascript/change-notes/2021-11-02-session-fixation.md b/javascript/change-notes/2021-11-02-session-fixation.md deleted file mode 100644 index 6c74b6a229a..00000000000 --- a/javascript/change-notes/2021-11-02-session-fixation.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* The `js/session-fixation` query has been added. It highlights servers that reuse a session after a user has logged in. diff --git a/javascript/change-notes/2021-11-04-sensitive-get-query.md b/javascript/change-notes/2021-11-04-sensitive-get-query.md deleted file mode 100644 index 389f088e7bb..00000000000 --- a/javascript/change-notes/2021-11-04-sensitive-get-query.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* The `js/sensitive-get-query` query has been added. It highlights GET requests that read sensitive information from the query string. diff --git a/javascript/change-notes/2021-11-23-typescript-4.5.md b/javascript/change-notes/2021-11-23-typescript-4.5.md deleted file mode 100644 index 2f20913f6fe..00000000000 --- a/javascript/change-notes/2021-11-23-typescript-4.5.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* TypeScript 4.5 is now supported. diff --git a/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md b/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md new file mode 100644 index 00000000000..13485c949dc --- /dev/null +++ b/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md @@ -0,0 +1,5 @@ +--- +category: feature +tags: [lgtm,codescanning] +--- +* TypeScript 4.5 is now supported. diff --git a/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md b/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md new file mode 100644 index 00000000000..44aa6cdba13 --- /dev/null +++ b/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md @@ -0,0 +1,5 @@ +--- +category: majorAnalysis +tags: [lgtm,codescanning] +--- +* TypeScript 4.5 is now supported. diff --git a/python/change-notes/2021-11-02-flask_admin.md b/python/change-notes/2021-11-02-flask_admin.md deleted file mode 100644 index 528a422c45d..00000000000 --- a/python/change-notes/2021-11-02-flask_admin.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* Added modeling of HTTP requests and responses when using `flask_admin` (`Flask-Admin` PyPI package), which leads to additional remote flow sources. diff --git a/python/change-notes/2021-11-02-toml.md b/python/change-notes/2021-11-02-toml.md deleted file mode 100644 index 676f0c44157..00000000000 --- a/python/change-notes/2021-11-02-toml.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* Added modeling of the PyPI package `toml`, which provides encoding/decoding of TOML documents, leading to new taint-tracking steps. diff --git a/python/change-notes/2021-11-09-model-aiopg.md b/python/change-notes/2021-11-09-model-aiopg.md deleted file mode 100644 index 7bf78a8de01..00000000000 --- a/python/change-notes/2021-11-09-model-aiopg.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* Added modeling of `aiopg` for sinks executing SQL. diff --git a/python/change-notes/2021-11-12-fix-pyhton-query-ids.md b/python/change-notes/2021-11-12-fix-pyhton-query-ids.md deleted file mode 100644 index 584b6d13237..00000000000 --- a/python/change-notes/2021-11-12-fix-pyhton-query-ids.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -Fixed the query ids of two queries that are meant for manual exploration: `python/count-untrusted-data-external-api` and `python/untrusted-data-to-external-api` have been changed to `py/count-untrusted-data-external-api` and `py/untrusted-data-to-external-api`. diff --git a/python/change-notes/2021-11-15-model-wsgiref-simple-server-app.md b/python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md similarity index 61% rename from python/change-notes/2021-11-15-model-wsgiref-simple-server-app.md rename to python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md index c8424097b8b..1d08b550a9b 100644 --- a/python/change-notes/2021-11-15-model-wsgiref-simple-server-app.md +++ b/python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/ql/lib/change-notes/2021-11-16-posixpath.md b/python/ql/lib/change-notes/2021-11-16-posixpath.md new file mode 100644 index 00000000000..37f20269b56 --- /dev/null +++ b/python/ql/lib/change-notes/2021-11-16-posixpath.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks. diff --git a/python/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md b/python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md similarity index 63% rename from python/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md rename to python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md index d08247cc08a..4a5a4ab600f 100644 --- a/python/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md +++ b/python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized. diff --git a/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md b/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md new file mode 100644 index 00000000000..fb3b4d095b6 --- /dev/null +++ b/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`. diff --git a/python/ql/lib/change-notes/2021-11-26-os-file-access.md b/python/ql/lib/change-notes/2021-11-26-os-file-access.md new file mode 100644 index 00000000000..f9a2adb836d --- /dev/null +++ b/python/ql/lib/change-notes/2021-11-26-os-file-access.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. diff --git a/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md b/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md new file mode 100644 index 00000000000..46862a16996 --- /dev/null +++ b/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. diff --git a/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md b/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md new file mode 100644 index 00000000000..1d08b550a9b --- /dev/null +++ b/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- +* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/change-notes/2021-11-16-posixpath.md b/python/ql/src/change-notes/2021-11-16-posixpath.md similarity index 80% rename from python/change-notes/2021-11-16-posixpath.md rename to python/ql/src/change-notes/2021-11-16-posixpath.md index d9103dd6115..c35dc4099a7 100644 --- a/python/change-notes/2021-11-16-posixpath.md +++ b/python/ql/src/change-notes/2021-11-16-posixpath.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md b/python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md similarity index 78% rename from python/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md rename to python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md index a8b72fdf82e..e320e2b3ba7 100644 --- a/python/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess copy.md +++ b/python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/change-notes/2021-11-26-os-file-access.md b/python/ql/src/change-notes/2021-11-26-os-file-access.md similarity index 80% rename from python/change-notes/2021-11-26-os-file-access.md rename to python/ql/src/change-notes/2021-11-26-os-file-access.md index e9f95c34abe..c55735e3a8d 100644 --- a/python/change-notes/2021-11-26-os-file-access.md +++ b/python/ql/src/change-notes/2021-11-26-os-file-access.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/change-notes/2021-11-26-tempfile-file-access.md b/python/ql/src/change-notes/2021-11-26-tempfile-file-access.md similarity index 86% rename from python/change-notes/2021-11-26-tempfile-file-access.md rename to python/ql/src/change-notes/2021-11-26-tempfile-file-access.md index 4ef8bfaefe9..29a5b51e8a0 100644 --- a/python/change-notes/2021-11-26-tempfile-file-access.md +++ b/python/ql/src/change-notes/2021-11-26-tempfile-file-access.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +tags: [lgtm,codescanning] +--- * Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/ruby/change-notes/2021-11-04-csrf-protection-disabled.md b/ruby/change-notes/2021-11-04-csrf-protection-disabled.md deleted file mode 100644 index 1a6d246494d..00000000000 --- a/ruby/change-notes/2021-11-04-csrf-protection-disabled.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* A new query (`rb/csrf-protection-disabled`) has been added. The query finds cases where cross-site forgery protection is explictly disabled. diff --git a/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md b/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md deleted file mode 100644 index 47b1dfe6157..00000000000 --- a/ruby/change-notes/2021-11-08-hardcoded-credentials-downgrade.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* The precision of "Hard-coded credentials" (`rb/hardcoded-credentials`) has been decreased from "high" to "medium". This query will no longer be run and displayed by default on Code Scanning and LGTM. diff --git a/ruby/change-notes/2021-11-09-request-forgery.md b/ruby/change-notes/2021-11-09-request-forgery.md deleted file mode 100644 index 60082b76958..00000000000 --- a/ruby/change-notes/2021-11-09-request-forgery.md +++ /dev/null @@ -1,2 +0,0 @@ -lgtm,codescanning -* A new query (`rb/request-forgery`) has been added. The query finds HTTP requests made with user-controlled URLs. diff --git a/ruby/change-notes/2021-12-07-customizations.md b/ruby/ql/lib/change-notes/2021-12-07-customizations.md similarity index 69% rename from ruby/change-notes/2021-12-07-customizations.md rename to ruby/ql/lib/change-notes/2021-12-07-customizations.md index d15d9abd952..94f2b27230c 100644 --- a/ruby/change-notes/2021-12-07-customizations.md +++ b/ruby/ql/lib/change-notes/2021-12-07-customizations.md @@ -1,2 +1,5 @@ -lgtm,codescanning +--- +category: feature +tags: [lgtm,codescanning] +--- * A new library, `Customizations.qll`, has been added, which allows for global customizations that affect all queries. From fa40d59332d991ed61ef1abc3143c23f6464f00a Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Tue, 14 Dec 2021 12:35:04 -0500 Subject: [PATCH 17/31] Move older change notes to `old-change-notes` Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately. --- .../2020-09-29-range-analysis-rollup.md | 0 .../2020-10-21-erroneous-types.md | 0 .../2020-10-21-size-check-queries.md | 0 .../2020-11-02-unused-local-variable.md | 0 .../2020-11-05-formatting-function.md | 0 .../2020-11-05-private-models.md | 0 .../2020-11-12-unsafe-use-of-this.md | 0 .../2020-11-27-downgrade-to-recommendation.md | 0 .../2021-02-04-unsigned-difference-expression-compared-zero.md | 0 .../2021-02-24-memset-may-be-deleted.md | 0 .../2021-03-01-fluent-interface-data-flow.md | 0 .../2021-03-11-failed-extractions.md | 0 cpp/{change-notes => old-change-notes}/2021-03-11-overflow-abs.md | 0 cpp/{change-notes => old-change-notes}/2021-03-17-av-rule-79.md | 0 .../2021-04-06-assign-where-compare-meant.md | 0 .../2021-04-09-unsigned-difference-expression-compared-zero.md | 0 .../2021-04-13-arithmetic-queries.md | 0 .../2021-04-21-return-stack-allocated-object.md | 0 .../2021-04-26-more-sound-expr-might-overflow.md | 0 .../2021-05-10-comparison-with-wider-type.md | 0 .../2021-05-12-uncontrolled-arithmetic.md | 0 .../2021-05-14-uncontrolled-allocation-size.md | 0 .../2021-05-18-static-buffer-overflow.md | 0 .../2021-05-19-weak-cryptographic-algorithm.md | 0 .../2021-05-20-incorrect-allocation-error-handling.md | 0 .../2021-05-20-ref-qualifiers.md | 0 .../2021-05-21-unsafe-strncat.md | 0 .../2021-06-10-cleartext-transmission.md | 0 cpp/{change-notes => old-change-notes}/2021-06-10-std-types.md | 0 .../2021-06-21-weak-cryptographic-algorithm.md | 0 cpp/{change-notes => old-change-notes}/2021-06-22-sql-tainted.md | 0 .../2021-06-24-dataflow-implicit-reads.md | 0 .../2021-06-24-uncontrolled-arithmetic.md | 0 .../2021-06-30-wrong-type-format-argument.md | 0 .../2021-07-13-cleartext-storage-file.md | 0 .../2021-07-20-toctou-race-condition.md | 0 .../2021-07-27-uncontrolled-arithmetic.md | 0 .../2021-07-29-virtual-function-declaration-specifiers.md | 0 .../2021-08-10-has-trailing-return-type.md | 0 .../2021-08-17-has-c-linkage.md | 0 .../2021-08-23-ctime-weaken-claims.md | 0 .../2021-08-23-getPrimaryQlClasses.md | 0 .../2021-08-24-implicit-downcast-from-bitfield.md | 0 .../2021-08-31-range-analysis-upper-bound.md | 0 .../2021-09-13-overflow-static.md | 0 .../2021-09-27-command-line-injection.md | 0 .../2021-09-27-overflow-static.md | 0 .../2021-10-01-improper-null-termination.md | 0 .../2021-10-07-extraction-errors.md | 0 .../{change-notes => old-change-notes}/2020-08-18-ast-viewer.md | 0 .../2020-08-18-partial-method-bodies.md | 0 .../2020-08-26-implicit-array-lengths.md | 0 .../2020-09-02-assembly-insensitive-trap.md | 0 .../2020-09-22-weak-encryption.md | 0 .../2020-10-21-AST-printing-improvements.md | 0 .../2020-10-21-CodeAnalysis-attributes-in-assert.md | 0 .../2020-10-21-rework-attribute-extraction.md | 0 .../2020-10-28-cil-to-string.md | 0 .../2020-11-05-get-sourcedeclaration-rename.md | 0 .../2020-11-18-lambda-modifiers.md | 0 .../2020-11-18-local-function-attributable.md | 0 .../2020-12-08-cil-enum-underlying-type.md | 0 .../2020-12-17-format-method-empty-overload.md | 0 .../2020-12-18-extract-custom-modifiers.md | 0 .../2020-12-21-merge-format-queries.md | 0 .../2021-01-14-Unary-pattern.md | 0 .../2021-01-15-Relational-pattern.md | 0 .../2021-01-19-Function-pointer.md | 0 .../2021-01-25-Function-pointer-cil.md | 0 .../2021-01-27-Add-binary-pattern.md | 0 .../2021-02-01-Preprocessor-directives.md | 0 .../2021-02-02-foreach-underlying-methods.md | 0 csharp/{change-notes => old-change-notes}/2021-02-04-Records.md | 0 .../2021-02-12-with-expression.md | 0 .../2021-02-26-tuple-dataflow.md | 0 .../2021-03-01-fluent-interface-data-flow.md | 0 csharp/{change-notes => old-change-notes}/2021-03-02-dotnet5.md | 0 csharp/{change-notes => old-change-notes}/2021-03-24-cil-ssa.md | 0 .../2021-03-24-remove-legacy-queries.md | 0 .../2021-03-24-remove-vuln-package-query.md | 0 .../2021-04-09-dapper-support.md | 0 .../2021-04-09-default-argument-values.md | 0 .../2021-04-14-customizations.md | 0 .../2021-04-22-console-read-local-source.md | 0 .../2021-04-23-model-error-extraction.md | 0 .../2021-04-26-string-builder-summaries.md | 0 .../2021-05-03-implicit-constructor-init.md | 0 .../2021-06-04-tuple-members.md | 0 .../2021-06-15-effective-visibility.md | 0 .../2021-06-15-unsafe-non-source-code.md | 0 .../2021-06-16-qualified-names.md | 0 .../2021-06-24-dataflow-implicit-reads.md | 0 .../2021-08-05-insecure-randomness.md | 0 .../2021-08-17-callable-qualified-names.md | 0 .../2021-08-23-getPrimaryQlClasses.md | 0 .../2021-09-09-service-stack-support.md | 0 .../2021-10-04-constand-condition.md | 0 .../2021-10-04-dead-store-of-local.md | 0 .../2020-05-21-mongodb-sql-injection-sinks.md | 0 .../2020-05-21-websocket-taintsource.md | 0 .../2020-06-30-jooq-sql-injection-sinks.md | 0 .../2020-07-03-more-pathcreations.md | 0 .../2020-07-09-untrusted-data-to-external-api.md | 0 .../2020-07-13-stacktraceexposure-fp-fix.md | 0 .../2020-08-11-printwriter-format-xss-sink.md | 0 .../2020-08-14-dataflow-dispatch-instance-arg-ctx.md | 0 .../2020-08-17-string-formatted.md | 0 .../{change-notes => old-change-notes}/2020-08-24-records-flow.md | 0 .../2020-08-31-extensible-security-queries.md | 0 java/{change-notes => old-change-notes}/2020-09-08-blockstmt.md | 0 .../2020-09-17-exectainted-array.md | 0 .../2020-09-21-jhipster-gen-prng-query.md | 0 .../2020-09-22-hibernate-sql-sinks.md | 0 .../2020-09-23-spring-multipart-request-sources.md | 0 .../2020-10-03-android-intent-taintsource.md | 0 .../2020-10-07-fastjson-deserialization-sink.md | 0 .../2020-10-16-guava-flow-steps.md | 0 .../2020-10-27-insecure-bean-validation.md | 0 .../2020-11-04-commonslang-unsafe-deserialization-sinks.md | 0 java/{change-notes => old-change-notes}/2020-12-09-xxe-fp-fix.md | 0 .../2021-01-12-unsafe-hostname-verification.md | 0 .../2021-01-14-java-15-support.md | 0 .../2021-01-19-struts-xml-extraction.md | 0 .../2021-02-09-commons-string-utils.md | 0 .../2021-02-15-commons-array-utils.md | 0 .../2021-02-15-snakeyaml-fn-fix.md | 0 java/{change-notes => old-change-notes}/2021-02-17-apache-http.md | 0 .../2021-02-23-deprecated-jcenter-bintray.md | 0 .../2021-03-01-fluent-interface-data-flow.md | 0 .../2021-03-02-apache-text-misc.md | 0 java/{change-notes => old-change-notes}/2021-03-02-guava-io.md | 0 .../2021-03-05-commons-lang-randomutils.md | 0 .../2021-03-05-commons-object-utils.md | 0 .../2021-03-05-play-framework.md | 0 java/{change-notes => old-change-notes}/2021-03-05-regex-utils.md | 0 java/{change-notes => old-change-notes}/2021-03-10-guava-base.md | 0 .../2021-03-11-commons-strbuilder.md | 0 .../2021-03-18-commons-tostring-builder.md | 0 .../2021-03-22-jax-rs-improvements.md | 0 .../2021-03-23-guava-collections-and-preconditions.md | 0 .../2021-03-25-remove-legacy-code-duplication-library.md | 0 .../2021-03-25-remove-legacy-filter-queries.md | 0 .../2021-04-02-add-spring-validation-errors.md | 0 java/{change-notes => old-change-notes}/2021-04-06-ssrf-query.md | 0 java/{change-notes => old-change-notes}/2021-04-14-membertype.md | 0 .../2021-04-26-xpath-injection-query.md | 0 .../2021-05-03-guava-first-non-null.md | 0 .../2021-05-03-jackson-dataflow-deserialization.md | 0 .../2021-05-04-jexl-injection-query.md | 0 .../2021-05-05-kryo-improvements.md | 0 .../2021-05-06-unsafe-android-access-query.md | 0 .../2021-05-11-apache-tuples.md | 0 .../2021-05-11-ratpack-support.md | 0 .../2021-05-12-hardcoded-azure-credentials-in-api-call.md | 0 java/{change-notes => old-change-notes}/2021-05-12-xxe-fp-fix.md | 0 .../2021-05-13-ognl-injection-query.md | 0 .../2021-05-14-close-resource-leaks-improvements.md | 0 .../2021-05-17-add-unsafe-deserialization-sinks.md | 0 .../2021-05-17-jackson-deserialization-sink.md | 0 .../2021-05-17-missing-jwt-signature-check-query.md | 0 .../2021-05-20-jndi-injection-query.md | 0 .../2021-05-20-savedrequest-taintsources.md | 0 .../2021-05-24-hardcoded-shiro-key-in-api-call.md | 0 .../2021-05-28-remove-senderror-xss-sink.md | 0 .../2021-05-31-add-spring-stringutils.md | 0 .../2021-06-01-collection-flow.md | 0 .../2021-06-01-insecure-basic-auth-query.md | 0 .../2021-06-01-statement-toString.md | 0 .../2021-06-02-mvel-injection-query.md | 0 .../2021-06-08-spel-injection-query.md | 0 java/{change-notes => old-change-notes}/2021-06-08-spring-http.md | 0 .../2021-06-08-spring-propertyvalues.md | 0 .../2021-06-11-tainted-key-read-steps.md | 0 .../2021-06-14-groovy-code-injection-query.md | 0 .../2021-06-16-xslt-injection-query.md | 0 .../2021-06-18-apache-mutable.md | 0 .../2021-06-18-insecure-java-mail-query.md | 0 .../2021-06-22-more-steps-for-bytebuffer-inputstream.md | 0 .../2021-06-22-util-optional.md | 0 .../2021-06-23-generic-type-names.md | 0 .../2021-06-24-dataflow-implicit-reads.md | 0 .../2021-06-25-apache-collections-maputils-keyvalue.md | 0 .../2021-06-25-jax-rs-content-types.md | 0 .../2021-06-29-javax-json-models.md | 0 .../2021-07-01-spring-collections.md | 0 .../2021-07-01-spring-webmultipart.md | 0 .../2021-07-01-spring-webutil.md | 0 .../2021-07-01-url-classloader-reactive-webclient.md | 0 .../2021-07-02-split-queries.md | 0 java/{change-notes => old-change-notes}/2021-07-14-spring-jdbc.md | 0 java/{change-notes => old-change-notes}/2021-07-19-json-java.md | 0 .../2021-07-22-model-collection-constructors.md | 0 .../2021-07-27-apache-collections-base-package.md | 0 java/{change-notes => old-change-notes}/2021-07-28-guava-cache.md | 0 .../2021-08-02-android-intent-redirect-query.md | 0 .../2021-08-02-guava-collections.md | 0 .../2021-08-03-spring-content-types.md | 0 .../2021-08-04-jabsorb-unsafe-deserialization.md | 0 .../2021-08-05-jodd-unsafe-deserialization.md | 0 .../2021-08-09-flexjson-unsafe-deserialization.md | 0 .../2021-08-10-gson-unsafe-deserialization.md | 0 .../2021-08-12-jax-rs-filter-sources.md | 0 .../2021-08-23-getPrimaryQlClasses.md | 0 .../2021-08-23-local-interfaces-enums.md | 0 .../2021-08-24-downgrade-sql-unescaped.md | 0 .../2021-09-03-android-sensitive-broadcast.md | 0 java/{change-notes => old-change-notes}/2021-09-13-android-uri.md | 0 .../2021-09-13-javadoc-type-parameters.md | 0 .../2021-09-13-location-toString.md | 0 .../2021-09-14-conditional-bypass-improvements.md | 0 java/{change-notes => old-change-notes}/2021-09-14-jsf-support.md | 0 .../2021-09-27-apache-collections-subpackages.md | 0 .../2021-10-07-java-util-stream.md | 0 .../2021-10-20-more-specific-types.md | 0 .../2021-10-29-deprecate-String-getRepresentedString.md | 0 .../2021-10-29-improved-ratpack-support.md | 0 .../2021-10-29-optional-lambda-flow.md | 0 .../2020-05-17-prototype-assignment.md | 0 .../2020-11-06-date-functions.md | 0 javascript/{change-notes => old-change-notes}/2020-11-09-jwt.md | 0 .../2020-11-11-react-hot-loader.md | 0 .../2020-11-25-prototype-pollution.md | 0 .../{change-notes => old-change-notes}/2020-11-30-loginjection.md | 0 javascript/{change-notes => old-change-notes}/2020-11-30-nosql.md | 0 .../2020-12-02-typescript-4.1.md | 0 .../2020-12-09-external-flow-sources.md | 0 .../2020-12-16-build-artifact-leak.md | 0 .../2020-12-16-indirect-cmd-libraries.md | 0 javascript/{change-notes => old-change-notes}/2020-12-22-execa.md | 0 .../2021-01-04-superliniar-redos.md | 0 .../2021-01-08-js-incomplete-multi-character-sanitization.md | 0 .../2021-01-14-polynomial-redos.md | 0 .../2021-01-18-angular-templates.md | 0 .../{change-notes => old-change-notes}/2021-01-18-server-crash.md | 0 .../2021-01-21-type-inference-compound.md | 0 .../2021-01-21-unneeded-defensive-code.md | 0 .../{change-notes => old-change-notes}/2021-02-08-immutable.md | 0 .../2021-02-08-xml-parser-taint.md | 0 .../2021-02-08-xss-through-dom-forms.md | 0 .../{change-notes => old-change-notes}/2021-02-09-form-parsers.md | 0 .../{change-notes => old-change-notes}/2021-02-10-markdown.md | 0 .../2021-02-11-apollo-client.md | 0 .../{change-notes => old-change-notes}/2021-02-16-vue-router.md | 0 .../{change-notes => old-change-notes}/2021-02-18-next-js.md | 0 .../2021-02-18-typescript-4.2.md | 0 .../2021-02-25-event-handler-receiver-is-dom-element.md | 0 .../{change-notes => old-change-notes}/2021-02-25-http-proxy.md | 0 .../{change-notes => old-change-notes}/2021-02-26-form-data.md | 0 javascript/{change-notes => old-change-notes}/2021-03-01-ajv.md | 0 .../2021-03-09-template-object-injection.md | 0 javascript/{change-notes => old-change-notes}/2021-03-10-d3.md | 0 .../2021-03-15-client-side-remote-flow-sources.md | 0 .../{change-notes => old-change-notes}/2021-03-17-koa-route.md | 0 .../2021-03-17-precise-regex-replace.md | 0 .../{change-notes => old-change-notes}/2021-03-17-puppeteer.md | 0 .../2021-03-19-async-execute.md | 0 .../2021-03-23-accessor-calls.md | 0 .../2021-03-25-remove-legacy-code-duplication-library.md | 0 .../2021-03-25-remove-legacy-filter-queries.md | 0 .../{change-notes => old-change-notes}/2021-03-29-misc-steps.md | 0 .../{change-notes => old-change-notes}/2021-03-29-pg-promise.md | 0 .../{change-notes => old-change-notes}/2021-03-30-sql-models.md | 0 .../2021-04-01-tsconfig-file-inclusion-handling.md | 0 javascript/{change-notes => old-change-notes}/2021-04-08-redux.md | 0 .../2021-04-12-disabling-certificate-validation.md | 0 .../{change-notes => old-change-notes}/2021-04-15-fs-promises.md | 0 .../{change-notes => old-change-notes}/2021-04-15-markdownit.md | 0 .../{change-notes => old-change-notes}/2021-04-15-nestjs.md | 0 .../2021-04-15-typescript-template-literal-type-crash.md | 0 .../2021-04-21-rate-limiting-fixes.md | 0 .../2021-04-26-unsafe-html-construction.md | 0 javascript/{change-notes => old-change-notes}/2021-04-27-anser.md | 0 .../2021-05-10-sqlite3-chaining.md | 0 javascript/{change-notes => old-change-notes}/2021-05-18-clone.md | 0 .../2021-05-31-typescript-4.3.md | 0 javascript/{change-notes => old-change-notes}/2021-06-02-debug.md | 0 .../{change-notes => old-change-notes}/2021-06-02-prettier.md | 0 .../2021-06-02-webpack-merge.md | 0 .../{change-notes => old-change-notes}/2021-06-03-history.md | 0 .../{change-notes => old-change-notes}/2021-06-04-resolve.md | 0 .../{change-notes => old-change-notes}/2021-06-04-whatwg-fetch.md | 0 .../2021-06-06-serialize-javascript.md | 0 .../2021-06-06-serve-handler.md | 0 javascript/{change-notes => old-change-notes}/2021-06-07-joi.md | 0 .../{change-notes => old-change-notes}/2021-06-07-serverless.md | 0 .../{change-notes => old-change-notes}/2021-06-09-graphql.md | 0 javascript/{change-notes => old-change-notes}/2021-06-11-knex.md | 0 .../2021-06-14-script-with-tsx-lang.md | 0 .../{change-notes => old-change-notes}/2021-06-18-promises.md | 0 javascript/{change-notes => old-change-notes}/2021-06-21-dates.md | 0 .../{change-notes => old-change-notes}/2021-06-21-promisify.md | 0 .../2021-06-21-sharpen-match-calls.md | 0 .../{change-notes => old-change-notes}/2021-06-22-chokidar.md | 0 .../{change-notes => old-change-notes}/2021-06-22-colors.md | 0 .../{change-notes => old-change-notes}/2021-06-22-templates.md | 0 javascript/{change-notes => old-change-notes}/2021-06-24-json.md | 0 .../{change-notes => old-change-notes}/2021-06-30-mootools.md | 0 .../{change-notes => old-change-notes}/2021-06-30-recompose.md | 0 javascript/{change-notes => old-change-notes}/2021-06-30-vuex.md | 0 javascript/{change-notes => old-change-notes}/2021-07-12-case.md | 0 javascript/{change-notes => old-change-notes}/2021-07-12-logs.md | 0 .../2021-07-12-more-precise-capture-steps.md | 0 .../{change-notes => old-change-notes}/2021-07-12-read-pkg.md | 0 javascript/{change-notes => old-change-notes}/2021-07-12-slash.md | 0 .../{change-notes => old-change-notes}/2021-07-14-mkdirp.md | 0 .../{change-notes => old-change-notes}/2021-07-14-querystring.md | 0 .../2021-07-14-react-tooltip.md | 0 .../{change-notes => old-change-notes}/2021-07-15-ansi-to-html.md | 0 .../{change-notes => old-change-notes}/2021-07-15-array-libs.md | 0 .../{change-notes => old-change-notes}/2021-07-15-sort-keys.md | 0 .../2021-07-16-dom-element-methods.md | 0 .../2021-08-02-handlebars-extraction.md | 0 .../2021-08-03-hardcoded-auth-headers.md | 0 .../2021-08-05-tainted-url-suffix.md | 0 .../2021-08-16-query-suffix-convention2.md | 0 .../2021-08-17-incomplete-multi-char-sanitization.md | 0 .../2021-08-17-vue-component-renaming.md | 0 .../2021-08-23-getPrimaryQlClasses.md | 0 .../2021-08-24-tainted-path-cwd.md | 0 .../2021-08-26-bad-tag-filter.md | 0 .../{change-notes => old-change-notes}/2021-08-30-live-server.md | 0 .../2021-09-01-clipboard-data.md | 0 .../2021-09-01-typescript-4.4.md | 0 .../2021-09-07-static-initializer.md | 0 javascript/{change-notes => old-change-notes}/2021-10-01-ldap.md | 0 .../2021-10-26-cookie-queries.md | 0 .../2020-11-25-better-open-models.md | 0 .../2020-12-03-model-realpath-abspath.md | 0 .../2020-12-04-django-class-based-view-handlers.md | 0 .../2020-12-08-stdlib-http-source-modeling.md | 0 .../2020-12-09-add-sqlite3-model.md | 0 .../2020-12-14-add-PyMySQL-model.md | 0 .../2020-12-21-django-with-unknown-route.md | 0 .../2020-12-22-tornado-source-modeling.md | 0 .../2021-01-12-flask-class-based-view-handlers.md | 0 .../2021-01-19-port-url-redirect-query.md | 0 .../2021-02-02-port-weak-crypto-key-query.md | 0 .../2021-02-03-flask-add-blueprint-modeling.md | 0 .../{change-notes => old-change-notes}/2021-02-04-api-graphs.md | 0 .../2021-02-10-django-improvements.md | 0 .../2021-02-10-yaml-more-loading-functions.md | 0 .../2021-02-12-django-get_redirect_url.md | 0 .../2021-02-18-type-backtrackers.md | 0 .../2021-02-23-port-bind-to-all-interfaces.md | 0 .../2021-02-23-port-insecure-default-protocol.md | 0 .../2021-02-24-port-flask-debug.md | 0 .../2021-02-25-port-stactrace-exposure-query.md | 0 .../2021-03-01-fluent-interface-data-flow.md | 0 .../2021-03-11-api-graph-builtins.md | 0 .../2021-03-12-small-api-enhancements.md | 0 .../2021-03-15-port-insecure-protocol.md | 0 .../2021-03-18-yaml-handle-C-based-loaders.md | 0 .../2021-03-22-django-queryset-chains.md | 0 .../2021-03-22-getacall-callcfgnode.md | 0 .../2021-03-23-django-forms-fields-classes.md | 0 .../2021-03-25-remove-legacy.md | 0 .../2021-04-09-split-weak-crypto-query.md | 0 .../2021-04-13-pep249-api-graphs.md | 0 .../2021-04-13-werkzeug-api-graphs.md | 0 .../2021-04-15-pathlib-Paths.md | 0 .../2021-04-20-stepsummary-localsourcenode.md | 0 .../{change-notes => old-change-notes}/2021-04-21-django-v3.2.md | 0 .../2021-05-10-idna-add-modeling.md | 0 .../2021-05-10-simplejson-add-modeling.md | 0 .../2021-05-10-ujson-add-modeling.md | 0 .../2021-05-21-api-graph-await.md | 0 .../2021-05-25-add-ClickHouse-sql-libs.md | 0 .../2021-06-03-aiohttp-webserver-modeling.md | 0 .../2021-06-04-sensitive-data-modeling-expanded.md | 0 .../2021-06-08-twisted-add-modeling.md | 0 .../2021-06-09-add-jmespath-modeling.md | 0 .../2021-06-09-rsa-add-modeling.md | 0 .../2021-06-15-add-method-call-conveniences.md | 0 .../2021-06-16-MarkupSafe-add-modeling.md | 0 .../2021-06-24-add-CookieWrite-concept.md | 0 .../2021-06-24-dataflow-implicit-reads.md | 0 .../2021-06-25-add-peewee-modeling.md | 0 .../2021-07-12-add-typetrackingnode.md | 0 .../2021-07-13-path-problem-customization.md | 0 .../2021-07-16-deprecate-importnode.md | 0 .../2021-07-28-port-RoDoS-queries.md | 0 .../2021-08-26-bad-tag-filter.md | 0 .../2021-08-30-port-modifying-default-query.md | 0 .../2021-09-02-add-Flask-SQLAlchemy-modeling.md | 0 .../2021-09-02-add-SQLAlchemy-modeling.md | 0 .../2021-09-02-add-SQLAlchemyTextClauseInjection.md | 0 .../2021-09-08-add-flow-from-default-values.md | 0 .../2021-09-14-promote-regex-injection.md | 0 .../2021-09-29-model-asyncpg.md | 0 .../2021-10-08-add-dataflow-for-boolean-expressions.md | 0 .../2021-10-08-improve-pickle-dill-shelve-modeling.md | 0 .../2021-10-11-model-aiomysql.md | 0 .../2021-10-20-extraction-errors-as-warnings.md | 0 .../2021-10-25-add-FastAPI-modeling.md | 0 .../2021-10-26-ruamel.yaml-modeling.md | 0 .../2021-10-28-flask-send_file.md | 0 .../2021-10-28-promote-ReDoS-queries.md | 0 .../2021-10-29-django-REST-framework-modeling.md | 0 .../2021-10-14-codeql-ruby-beta.md | 0 .../2021-10-20-path-injection.md | 0 .../2021-10-29-regexp-injection.md | 0 401 files changed, 0 insertions(+), 0 deletions(-) rename cpp/{change-notes => old-change-notes}/2020-09-29-range-analysis-rollup.md (100%) rename cpp/{change-notes => old-change-notes}/2020-10-21-erroneous-types.md (100%) rename cpp/{change-notes => old-change-notes}/2020-10-21-size-check-queries.md (100%) rename cpp/{change-notes => old-change-notes}/2020-11-02-unused-local-variable.md (100%) rename cpp/{change-notes => old-change-notes}/2020-11-05-formatting-function.md (100%) rename cpp/{change-notes => old-change-notes}/2020-11-05-private-models.md (100%) rename cpp/{change-notes => old-change-notes}/2020-11-12-unsafe-use-of-this.md (100%) rename cpp/{change-notes => old-change-notes}/2020-11-27-downgrade-to-recommendation.md (100%) rename cpp/{change-notes => old-change-notes}/2021-02-04-unsigned-difference-expression-compared-zero.md (100%) rename cpp/{change-notes => old-change-notes}/2021-02-24-memset-may-be-deleted.md (100%) rename cpp/{change-notes => old-change-notes}/2021-03-01-fluent-interface-data-flow.md (100%) rename cpp/{change-notes => old-change-notes}/2021-03-11-failed-extractions.md (100%) rename cpp/{change-notes => old-change-notes}/2021-03-11-overflow-abs.md (100%) rename cpp/{change-notes => old-change-notes}/2021-03-17-av-rule-79.md (100%) rename cpp/{change-notes => old-change-notes}/2021-04-06-assign-where-compare-meant.md (100%) rename cpp/{change-notes => old-change-notes}/2021-04-09-unsigned-difference-expression-compared-zero.md (100%) rename cpp/{change-notes => old-change-notes}/2021-04-13-arithmetic-queries.md (100%) rename cpp/{change-notes => old-change-notes}/2021-04-21-return-stack-allocated-object.md (100%) rename cpp/{change-notes => old-change-notes}/2021-04-26-more-sound-expr-might-overflow.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-10-comparison-with-wider-type.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-12-uncontrolled-arithmetic.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-14-uncontrolled-allocation-size.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-18-static-buffer-overflow.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-19-weak-cryptographic-algorithm.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-20-incorrect-allocation-error-handling.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-20-ref-qualifiers.md (100%) rename cpp/{change-notes => old-change-notes}/2021-05-21-unsafe-strncat.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-10-cleartext-transmission.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-10-std-types.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-21-weak-cryptographic-algorithm.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-22-sql-tainted.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-24-dataflow-implicit-reads.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-24-uncontrolled-arithmetic.md (100%) rename cpp/{change-notes => old-change-notes}/2021-06-30-wrong-type-format-argument.md (100%) rename cpp/{change-notes => old-change-notes}/2021-07-13-cleartext-storage-file.md (100%) rename cpp/{change-notes => old-change-notes}/2021-07-20-toctou-race-condition.md (100%) rename cpp/{change-notes => old-change-notes}/2021-07-27-uncontrolled-arithmetic.md (100%) rename cpp/{change-notes => old-change-notes}/2021-07-29-virtual-function-declaration-specifiers.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-10-has-trailing-return-type.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-17-has-c-linkage.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-23-ctime-weaken-claims.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-23-getPrimaryQlClasses.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-24-implicit-downcast-from-bitfield.md (100%) rename cpp/{change-notes => old-change-notes}/2021-08-31-range-analysis-upper-bound.md (100%) rename cpp/{change-notes => old-change-notes}/2021-09-13-overflow-static.md (100%) rename cpp/{change-notes => old-change-notes}/2021-09-27-command-line-injection.md (100%) rename cpp/{change-notes => old-change-notes}/2021-09-27-overflow-static.md (100%) rename cpp/{change-notes => old-change-notes}/2021-10-01-improper-null-termination.md (100%) rename cpp/{change-notes => old-change-notes}/2021-10-07-extraction-errors.md (100%) rename csharp/{change-notes => old-change-notes}/2020-08-18-ast-viewer.md (100%) rename csharp/{change-notes => old-change-notes}/2020-08-18-partial-method-bodies.md (100%) rename csharp/{change-notes => old-change-notes}/2020-08-26-implicit-array-lengths.md (100%) rename csharp/{change-notes => old-change-notes}/2020-09-02-assembly-insensitive-trap.md (100%) rename csharp/{change-notes => old-change-notes}/2020-09-22-weak-encryption.md (100%) rename csharp/{change-notes => old-change-notes}/2020-10-21-AST-printing-improvements.md (100%) rename csharp/{change-notes => old-change-notes}/2020-10-21-CodeAnalysis-attributes-in-assert.md (100%) rename csharp/{change-notes => old-change-notes}/2020-10-21-rework-attribute-extraction.md (100%) rename csharp/{change-notes => old-change-notes}/2020-10-28-cil-to-string.md (100%) rename csharp/{change-notes => old-change-notes}/2020-11-05-get-sourcedeclaration-rename.md (100%) rename csharp/{change-notes => old-change-notes}/2020-11-18-lambda-modifiers.md (100%) rename csharp/{change-notes => old-change-notes}/2020-11-18-local-function-attributable.md (100%) rename csharp/{change-notes => old-change-notes}/2020-12-08-cil-enum-underlying-type.md (100%) rename csharp/{change-notes => old-change-notes}/2020-12-17-format-method-empty-overload.md (100%) rename csharp/{change-notes => old-change-notes}/2020-12-18-extract-custom-modifiers.md (100%) rename csharp/{change-notes => old-change-notes}/2020-12-21-merge-format-queries.md (100%) rename csharp/{change-notes => old-change-notes}/2021-01-14-Unary-pattern.md (100%) rename csharp/{change-notes => old-change-notes}/2021-01-15-Relational-pattern.md (100%) rename csharp/{change-notes => old-change-notes}/2021-01-19-Function-pointer.md (100%) rename csharp/{change-notes => old-change-notes}/2021-01-25-Function-pointer-cil.md (100%) rename csharp/{change-notes => old-change-notes}/2021-01-27-Add-binary-pattern.md (100%) rename csharp/{change-notes => old-change-notes}/2021-02-01-Preprocessor-directives.md (100%) rename csharp/{change-notes => old-change-notes}/2021-02-02-foreach-underlying-methods.md (100%) rename csharp/{change-notes => old-change-notes}/2021-02-04-Records.md (100%) rename csharp/{change-notes => old-change-notes}/2021-02-12-with-expression.md (100%) rename csharp/{change-notes => old-change-notes}/2021-02-26-tuple-dataflow.md (100%) rename csharp/{change-notes => old-change-notes}/2021-03-01-fluent-interface-data-flow.md (100%) rename csharp/{change-notes => old-change-notes}/2021-03-02-dotnet5.md (100%) rename csharp/{change-notes => old-change-notes}/2021-03-24-cil-ssa.md (100%) rename csharp/{change-notes => old-change-notes}/2021-03-24-remove-legacy-queries.md (100%) rename csharp/{change-notes => old-change-notes}/2021-03-24-remove-vuln-package-query.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-09-dapper-support.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-09-default-argument-values.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-14-customizations.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-22-console-read-local-source.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-23-model-error-extraction.md (100%) rename csharp/{change-notes => old-change-notes}/2021-04-26-string-builder-summaries.md (100%) rename csharp/{change-notes => old-change-notes}/2021-05-03-implicit-constructor-init.md (100%) rename csharp/{change-notes => old-change-notes}/2021-06-04-tuple-members.md (100%) rename csharp/{change-notes => old-change-notes}/2021-06-15-effective-visibility.md (100%) rename csharp/{change-notes => old-change-notes}/2021-06-15-unsafe-non-source-code.md (100%) rename csharp/{change-notes => old-change-notes}/2021-06-16-qualified-names.md (100%) rename csharp/{change-notes => old-change-notes}/2021-06-24-dataflow-implicit-reads.md (100%) rename csharp/{change-notes => old-change-notes}/2021-08-05-insecure-randomness.md (100%) rename csharp/{change-notes => old-change-notes}/2021-08-17-callable-qualified-names.md (100%) rename csharp/{change-notes => old-change-notes}/2021-08-23-getPrimaryQlClasses.md (100%) rename csharp/{change-notes => old-change-notes}/2021-09-09-service-stack-support.md (100%) rename csharp/{change-notes => old-change-notes}/2021-10-04-constand-condition.md (100%) rename csharp/{change-notes => old-change-notes}/2021-10-04-dead-store-of-local.md (100%) rename java/{change-notes => old-change-notes}/2020-05-21-mongodb-sql-injection-sinks.md (100%) rename java/{change-notes => old-change-notes}/2020-05-21-websocket-taintsource.md (100%) rename java/{change-notes => old-change-notes}/2020-06-30-jooq-sql-injection-sinks.md (100%) rename java/{change-notes => old-change-notes}/2020-07-03-more-pathcreations.md (100%) rename java/{change-notes => old-change-notes}/2020-07-09-untrusted-data-to-external-api.md (100%) rename java/{change-notes => old-change-notes}/2020-07-13-stacktraceexposure-fp-fix.md (100%) rename java/{change-notes => old-change-notes}/2020-08-11-printwriter-format-xss-sink.md (100%) rename java/{change-notes => old-change-notes}/2020-08-14-dataflow-dispatch-instance-arg-ctx.md (100%) rename java/{change-notes => old-change-notes}/2020-08-17-string-formatted.md (100%) rename java/{change-notes => old-change-notes}/2020-08-24-records-flow.md (100%) rename java/{change-notes => old-change-notes}/2020-08-31-extensible-security-queries.md (100%) rename java/{change-notes => old-change-notes}/2020-09-08-blockstmt.md (100%) rename java/{change-notes => old-change-notes}/2020-09-17-exectainted-array.md (100%) rename java/{change-notes => old-change-notes}/2020-09-21-jhipster-gen-prng-query.md (100%) rename java/{change-notes => old-change-notes}/2020-09-22-hibernate-sql-sinks.md (100%) rename java/{change-notes => old-change-notes}/2020-09-23-spring-multipart-request-sources.md (100%) rename java/{change-notes => old-change-notes}/2020-10-03-android-intent-taintsource.md (100%) rename java/{change-notes => old-change-notes}/2020-10-07-fastjson-deserialization-sink.md (100%) rename java/{change-notes => old-change-notes}/2020-10-16-guava-flow-steps.md (100%) rename java/{change-notes => old-change-notes}/2020-10-27-insecure-bean-validation.md (100%) rename java/{change-notes => old-change-notes}/2020-11-04-commonslang-unsafe-deserialization-sinks.md (100%) rename java/{change-notes => old-change-notes}/2020-12-09-xxe-fp-fix.md (100%) rename java/{change-notes => old-change-notes}/2021-01-12-unsafe-hostname-verification.md (100%) rename java/{change-notes => old-change-notes}/2021-01-14-java-15-support.md (100%) rename java/{change-notes => old-change-notes}/2021-01-19-struts-xml-extraction.md (100%) rename java/{change-notes => old-change-notes}/2021-02-09-commons-string-utils.md (100%) rename java/{change-notes => old-change-notes}/2021-02-15-commons-array-utils.md (100%) rename java/{change-notes => old-change-notes}/2021-02-15-snakeyaml-fn-fix.md (100%) rename java/{change-notes => old-change-notes}/2021-02-17-apache-http.md (100%) rename java/{change-notes => old-change-notes}/2021-02-23-deprecated-jcenter-bintray.md (100%) rename java/{change-notes => old-change-notes}/2021-03-01-fluent-interface-data-flow.md (100%) rename java/{change-notes => old-change-notes}/2021-03-02-apache-text-misc.md (100%) rename java/{change-notes => old-change-notes}/2021-03-02-guava-io.md (100%) rename java/{change-notes => old-change-notes}/2021-03-05-commons-lang-randomutils.md (100%) rename java/{change-notes => old-change-notes}/2021-03-05-commons-object-utils.md (100%) rename java/{change-notes => old-change-notes}/2021-03-05-play-framework.md (100%) rename java/{change-notes => old-change-notes}/2021-03-05-regex-utils.md (100%) rename java/{change-notes => old-change-notes}/2021-03-10-guava-base.md (100%) rename java/{change-notes => old-change-notes}/2021-03-11-commons-strbuilder.md (100%) rename java/{change-notes => old-change-notes}/2021-03-18-commons-tostring-builder.md (100%) rename java/{change-notes => old-change-notes}/2021-03-22-jax-rs-improvements.md (100%) rename java/{change-notes => old-change-notes}/2021-03-23-guava-collections-and-preconditions.md (100%) rename java/{change-notes => old-change-notes}/2021-03-25-remove-legacy-code-duplication-library.md (100%) rename java/{change-notes => old-change-notes}/2021-03-25-remove-legacy-filter-queries.md (100%) rename java/{change-notes => old-change-notes}/2021-04-02-add-spring-validation-errors.md (100%) rename java/{change-notes => old-change-notes}/2021-04-06-ssrf-query.md (100%) rename java/{change-notes => old-change-notes}/2021-04-14-membertype.md (100%) rename java/{change-notes => old-change-notes}/2021-04-26-xpath-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-03-guava-first-non-null.md (100%) rename java/{change-notes => old-change-notes}/2021-05-03-jackson-dataflow-deserialization.md (100%) rename java/{change-notes => old-change-notes}/2021-05-04-jexl-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-05-kryo-improvements.md (100%) rename java/{change-notes => old-change-notes}/2021-05-06-unsafe-android-access-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-11-apache-tuples.md (100%) rename java/{change-notes => old-change-notes}/2021-05-11-ratpack-support.md (100%) rename java/{change-notes => old-change-notes}/2021-05-12-hardcoded-azure-credentials-in-api-call.md (100%) rename java/{change-notes => old-change-notes}/2021-05-12-xxe-fp-fix.md (100%) rename java/{change-notes => old-change-notes}/2021-05-13-ognl-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-14-close-resource-leaks-improvements.md (100%) rename java/{change-notes => old-change-notes}/2021-05-17-add-unsafe-deserialization-sinks.md (100%) rename java/{change-notes => old-change-notes}/2021-05-17-jackson-deserialization-sink.md (100%) rename java/{change-notes => old-change-notes}/2021-05-17-missing-jwt-signature-check-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-20-jndi-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-05-20-savedrequest-taintsources.md (100%) rename java/{change-notes => old-change-notes}/2021-05-24-hardcoded-shiro-key-in-api-call.md (100%) rename java/{change-notes => old-change-notes}/2021-05-28-remove-senderror-xss-sink.md (100%) rename java/{change-notes => old-change-notes}/2021-05-31-add-spring-stringutils.md (100%) rename java/{change-notes => old-change-notes}/2021-06-01-collection-flow.md (100%) rename java/{change-notes => old-change-notes}/2021-06-01-insecure-basic-auth-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-01-statement-toString.md (100%) rename java/{change-notes => old-change-notes}/2021-06-02-mvel-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-08-spel-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-08-spring-http.md (100%) rename java/{change-notes => old-change-notes}/2021-06-08-spring-propertyvalues.md (100%) rename java/{change-notes => old-change-notes}/2021-06-11-tainted-key-read-steps.md (100%) rename java/{change-notes => old-change-notes}/2021-06-14-groovy-code-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-16-xslt-injection-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-18-apache-mutable.md (100%) rename java/{change-notes => old-change-notes}/2021-06-18-insecure-java-mail-query.md (100%) rename java/{change-notes => old-change-notes}/2021-06-22-more-steps-for-bytebuffer-inputstream.md (100%) rename java/{change-notes => old-change-notes}/2021-06-22-util-optional.md (100%) rename java/{change-notes => old-change-notes}/2021-06-23-generic-type-names.md (100%) rename java/{change-notes => old-change-notes}/2021-06-24-dataflow-implicit-reads.md (100%) rename java/{change-notes => old-change-notes}/2021-06-25-apache-collections-maputils-keyvalue.md (100%) rename java/{change-notes => old-change-notes}/2021-06-25-jax-rs-content-types.md (100%) rename java/{change-notes => old-change-notes}/2021-06-29-javax-json-models.md (100%) rename java/{change-notes => old-change-notes}/2021-07-01-spring-collections.md (100%) rename java/{change-notes => old-change-notes}/2021-07-01-spring-webmultipart.md (100%) rename java/{change-notes => old-change-notes}/2021-07-01-spring-webutil.md (100%) rename java/{change-notes => old-change-notes}/2021-07-01-url-classloader-reactive-webclient.md (100%) rename java/{change-notes => old-change-notes}/2021-07-02-split-queries.md (100%) rename java/{change-notes => old-change-notes}/2021-07-14-spring-jdbc.md (100%) rename java/{change-notes => old-change-notes}/2021-07-19-json-java.md (100%) rename java/{change-notes => old-change-notes}/2021-07-22-model-collection-constructors.md (100%) rename java/{change-notes => old-change-notes}/2021-07-27-apache-collections-base-package.md (100%) rename java/{change-notes => old-change-notes}/2021-07-28-guava-cache.md (100%) rename java/{change-notes => old-change-notes}/2021-08-02-android-intent-redirect-query.md (100%) rename java/{change-notes => old-change-notes}/2021-08-02-guava-collections.md (100%) rename java/{change-notes => old-change-notes}/2021-08-03-spring-content-types.md (100%) rename java/{change-notes => old-change-notes}/2021-08-04-jabsorb-unsafe-deserialization.md (100%) rename java/{change-notes => old-change-notes}/2021-08-05-jodd-unsafe-deserialization.md (100%) rename java/{change-notes => old-change-notes}/2021-08-09-flexjson-unsafe-deserialization.md (100%) rename java/{change-notes => old-change-notes}/2021-08-10-gson-unsafe-deserialization.md (100%) rename java/{change-notes => old-change-notes}/2021-08-12-jax-rs-filter-sources.md (100%) rename java/{change-notes => old-change-notes}/2021-08-23-getPrimaryQlClasses.md (100%) rename java/{change-notes => old-change-notes}/2021-08-23-local-interfaces-enums.md (100%) rename java/{change-notes => old-change-notes}/2021-08-24-downgrade-sql-unescaped.md (100%) rename java/{change-notes => old-change-notes}/2021-09-03-android-sensitive-broadcast.md (100%) rename java/{change-notes => old-change-notes}/2021-09-13-android-uri.md (100%) rename java/{change-notes => old-change-notes}/2021-09-13-javadoc-type-parameters.md (100%) rename java/{change-notes => old-change-notes}/2021-09-13-location-toString.md (100%) rename java/{change-notes => old-change-notes}/2021-09-14-conditional-bypass-improvements.md (100%) rename java/{change-notes => old-change-notes}/2021-09-14-jsf-support.md (100%) rename java/{change-notes => old-change-notes}/2021-09-27-apache-collections-subpackages.md (100%) rename java/{change-notes => old-change-notes}/2021-10-07-java-util-stream.md (100%) rename java/{change-notes => old-change-notes}/2021-10-20-more-specific-types.md (100%) rename java/{change-notes => old-change-notes}/2021-10-29-deprecate-String-getRepresentedString.md (100%) rename java/{change-notes => old-change-notes}/2021-10-29-improved-ratpack-support.md (100%) rename java/{change-notes => old-change-notes}/2021-10-29-optional-lambda-flow.md (100%) rename javascript/{change-notes => old-change-notes}/2020-05-17-prototype-assignment.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-06-date-functions.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-09-jwt.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-11-react-hot-loader.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-25-prototype-pollution.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-30-loginjection.md (100%) rename javascript/{change-notes => old-change-notes}/2020-11-30-nosql.md (100%) rename javascript/{change-notes => old-change-notes}/2020-12-02-typescript-4.1.md (100%) rename javascript/{change-notes => old-change-notes}/2020-12-09-external-flow-sources.md (100%) rename javascript/{change-notes => old-change-notes}/2020-12-16-build-artifact-leak.md (100%) rename javascript/{change-notes => old-change-notes}/2020-12-16-indirect-cmd-libraries.md (100%) rename javascript/{change-notes => old-change-notes}/2020-12-22-execa.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-04-superliniar-redos.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-08-js-incomplete-multi-character-sanitization.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-14-polynomial-redos.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-18-angular-templates.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-18-server-crash.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-21-type-inference-compound.md (100%) rename javascript/{change-notes => old-change-notes}/2021-01-21-unneeded-defensive-code.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-08-immutable.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-08-xml-parser-taint.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-08-xss-through-dom-forms.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-09-form-parsers.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-10-markdown.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-11-apollo-client.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-16-vue-router.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-18-next-js.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-18-typescript-4.2.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-25-event-handler-receiver-is-dom-element.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-25-http-proxy.md (100%) rename javascript/{change-notes => old-change-notes}/2021-02-26-form-data.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-01-ajv.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-09-template-object-injection.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-10-d3.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-15-client-side-remote-flow-sources.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-17-koa-route.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-17-precise-regex-replace.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-17-puppeteer.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-19-async-execute.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-23-accessor-calls.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-25-remove-legacy-code-duplication-library.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-25-remove-legacy-filter-queries.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-29-misc-steps.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-29-pg-promise.md (100%) rename javascript/{change-notes => old-change-notes}/2021-03-30-sql-models.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-01-tsconfig-file-inclusion-handling.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-08-redux.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-12-disabling-certificate-validation.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-15-fs-promises.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-15-markdownit.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-15-nestjs.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-15-typescript-template-literal-type-crash.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-21-rate-limiting-fixes.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-26-unsafe-html-construction.md (100%) rename javascript/{change-notes => old-change-notes}/2021-04-27-anser.md (100%) rename javascript/{change-notes => old-change-notes}/2021-05-10-sqlite3-chaining.md (100%) rename javascript/{change-notes => old-change-notes}/2021-05-18-clone.md (100%) rename javascript/{change-notes => old-change-notes}/2021-05-31-typescript-4.3.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-02-debug.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-02-prettier.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-02-webpack-merge.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-03-history.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-04-resolve.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-04-whatwg-fetch.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-06-serialize-javascript.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-06-serve-handler.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-07-joi.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-07-serverless.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-09-graphql.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-11-knex.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-14-script-with-tsx-lang.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-18-promises.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-21-dates.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-21-promisify.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-21-sharpen-match-calls.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-22-chokidar.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-22-colors.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-22-templates.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-24-json.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-30-mootools.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-30-recompose.md (100%) rename javascript/{change-notes => old-change-notes}/2021-06-30-vuex.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-12-case.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-12-logs.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-12-more-precise-capture-steps.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-12-read-pkg.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-12-slash.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-14-mkdirp.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-14-querystring.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-14-react-tooltip.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-15-ansi-to-html.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-15-array-libs.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-15-sort-keys.md (100%) rename javascript/{change-notes => old-change-notes}/2021-07-16-dom-element-methods.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-02-handlebars-extraction.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-03-hardcoded-auth-headers.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-05-tainted-url-suffix.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-16-query-suffix-convention2.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-17-incomplete-multi-char-sanitization.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-17-vue-component-renaming.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-23-getPrimaryQlClasses.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-24-tainted-path-cwd.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-26-bad-tag-filter.md (100%) rename javascript/{change-notes => old-change-notes}/2021-08-30-live-server.md (100%) rename javascript/{change-notes => old-change-notes}/2021-09-01-clipboard-data.md (100%) rename javascript/{change-notes => old-change-notes}/2021-09-01-typescript-4.4.md (100%) rename javascript/{change-notes => old-change-notes}/2021-09-07-static-initializer.md (100%) rename javascript/{change-notes => old-change-notes}/2021-10-01-ldap.md (100%) rename javascript/{change-notes => old-change-notes}/2021-10-26-cookie-queries.md (100%) rename python/{change-notes => old-change-notes}/2020-11-25-better-open-models.md (100%) rename python/{change-notes => old-change-notes}/2020-12-03-model-realpath-abspath.md (100%) rename python/{change-notes => old-change-notes}/2020-12-04-django-class-based-view-handlers.md (100%) rename python/{change-notes => old-change-notes}/2020-12-08-stdlib-http-source-modeling.md (100%) rename python/{change-notes => old-change-notes}/2020-12-09-add-sqlite3-model.md (100%) rename python/{change-notes => old-change-notes}/2020-12-14-add-PyMySQL-model.md (100%) rename python/{change-notes => old-change-notes}/2020-12-21-django-with-unknown-route.md (100%) rename python/{change-notes => old-change-notes}/2020-12-22-tornado-source-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-01-12-flask-class-based-view-handlers.md (100%) rename python/{change-notes => old-change-notes}/2021-01-19-port-url-redirect-query.md (100%) rename python/{change-notes => old-change-notes}/2021-02-02-port-weak-crypto-key-query.md (100%) rename python/{change-notes => old-change-notes}/2021-02-03-flask-add-blueprint-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-02-04-api-graphs.md (100%) rename python/{change-notes => old-change-notes}/2021-02-10-django-improvements.md (100%) rename python/{change-notes => old-change-notes}/2021-02-10-yaml-more-loading-functions.md (100%) rename python/{change-notes => old-change-notes}/2021-02-12-django-get_redirect_url.md (100%) rename python/{change-notes => old-change-notes}/2021-02-18-type-backtrackers.md (100%) rename python/{change-notes => old-change-notes}/2021-02-23-port-bind-to-all-interfaces.md (100%) rename python/{change-notes => old-change-notes}/2021-02-23-port-insecure-default-protocol.md (100%) rename python/{change-notes => old-change-notes}/2021-02-24-port-flask-debug.md (100%) rename python/{change-notes => old-change-notes}/2021-02-25-port-stactrace-exposure-query.md (100%) rename python/{change-notes => old-change-notes}/2021-03-01-fluent-interface-data-flow.md (100%) rename python/{change-notes => old-change-notes}/2021-03-11-api-graph-builtins.md (100%) rename python/{change-notes => old-change-notes}/2021-03-12-small-api-enhancements.md (100%) rename python/{change-notes => old-change-notes}/2021-03-15-port-insecure-protocol.md (100%) rename python/{change-notes => old-change-notes}/2021-03-18-yaml-handle-C-based-loaders.md (100%) rename python/{change-notes => old-change-notes}/2021-03-22-django-queryset-chains.md (100%) rename python/{change-notes => old-change-notes}/2021-03-22-getacall-callcfgnode.md (100%) rename python/{change-notes => old-change-notes}/2021-03-23-django-forms-fields-classes.md (100%) rename python/{change-notes => old-change-notes}/2021-03-25-remove-legacy.md (100%) rename python/{change-notes => old-change-notes}/2021-04-09-split-weak-crypto-query.md (100%) rename python/{change-notes => old-change-notes}/2021-04-13-pep249-api-graphs.md (100%) rename python/{change-notes => old-change-notes}/2021-04-13-werkzeug-api-graphs.md (100%) rename python/{change-notes => old-change-notes}/2021-04-15-pathlib-Paths.md (100%) rename python/{change-notes => old-change-notes}/2021-04-20-stepsummary-localsourcenode.md (100%) rename python/{change-notes => old-change-notes}/2021-04-21-django-v3.2.md (100%) rename python/{change-notes => old-change-notes}/2021-05-10-idna-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-05-10-simplejson-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-05-10-ujson-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-05-21-api-graph-await.md (100%) rename python/{change-notes => old-change-notes}/2021-05-25-add-ClickHouse-sql-libs.md (100%) rename python/{change-notes => old-change-notes}/2021-06-03-aiohttp-webserver-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-06-04-sensitive-data-modeling-expanded.md (100%) rename python/{change-notes => old-change-notes}/2021-06-08-twisted-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-06-09-add-jmespath-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-06-09-rsa-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-06-15-add-method-call-conveniences.md (100%) rename python/{change-notes => old-change-notes}/2021-06-16-MarkupSafe-add-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-06-24-add-CookieWrite-concept.md (100%) rename python/{change-notes => old-change-notes}/2021-06-24-dataflow-implicit-reads.md (100%) rename python/{change-notes => old-change-notes}/2021-06-25-add-peewee-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-07-12-add-typetrackingnode.md (100%) rename python/{change-notes => old-change-notes}/2021-07-13-path-problem-customization.md (100%) rename python/{change-notes => old-change-notes}/2021-07-16-deprecate-importnode.md (100%) rename python/{change-notes => old-change-notes}/2021-07-28-port-RoDoS-queries.md (100%) rename python/{change-notes => old-change-notes}/2021-08-26-bad-tag-filter.md (100%) rename python/{change-notes => old-change-notes}/2021-08-30-port-modifying-default-query.md (100%) rename python/{change-notes => old-change-notes}/2021-09-02-add-Flask-SQLAlchemy-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-09-02-add-SQLAlchemy-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-09-02-add-SQLAlchemyTextClauseInjection.md (100%) rename python/{change-notes => old-change-notes}/2021-09-08-add-flow-from-default-values.md (100%) rename python/{change-notes => old-change-notes}/2021-09-14-promote-regex-injection.md (100%) rename python/{change-notes => old-change-notes}/2021-09-29-model-asyncpg.md (100%) rename python/{change-notes => old-change-notes}/2021-10-08-add-dataflow-for-boolean-expressions.md (100%) rename python/{change-notes => old-change-notes}/2021-10-08-improve-pickle-dill-shelve-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-10-11-model-aiomysql.md (100%) rename python/{change-notes => old-change-notes}/2021-10-20-extraction-errors-as-warnings.md (100%) rename python/{change-notes => old-change-notes}/2021-10-25-add-FastAPI-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-10-26-ruamel.yaml-modeling.md (100%) rename python/{change-notes => old-change-notes}/2021-10-28-flask-send_file.md (100%) rename python/{change-notes => old-change-notes}/2021-10-28-promote-ReDoS-queries.md (100%) rename python/{change-notes => old-change-notes}/2021-10-29-django-REST-framework-modeling.md (100%) rename ruby/{change-notes => old-change-notes}/2021-10-14-codeql-ruby-beta.md (100%) rename ruby/{change-notes => old-change-notes}/2021-10-20-path-injection.md (100%) rename ruby/{change-notes => old-change-notes}/2021-10-29-regexp-injection.md (100%) diff --git a/cpp/change-notes/2020-09-29-range-analysis-rollup.md b/cpp/old-change-notes/2020-09-29-range-analysis-rollup.md similarity index 100% rename from cpp/change-notes/2020-09-29-range-analysis-rollup.md rename to cpp/old-change-notes/2020-09-29-range-analysis-rollup.md diff --git a/cpp/change-notes/2020-10-21-erroneous-types.md b/cpp/old-change-notes/2020-10-21-erroneous-types.md similarity index 100% rename from cpp/change-notes/2020-10-21-erroneous-types.md rename to cpp/old-change-notes/2020-10-21-erroneous-types.md diff --git a/cpp/change-notes/2020-10-21-size-check-queries.md b/cpp/old-change-notes/2020-10-21-size-check-queries.md similarity index 100% rename from cpp/change-notes/2020-10-21-size-check-queries.md rename to cpp/old-change-notes/2020-10-21-size-check-queries.md diff --git a/cpp/change-notes/2020-11-02-unused-local-variable.md b/cpp/old-change-notes/2020-11-02-unused-local-variable.md similarity index 100% rename from cpp/change-notes/2020-11-02-unused-local-variable.md rename to cpp/old-change-notes/2020-11-02-unused-local-variable.md diff --git a/cpp/change-notes/2020-11-05-formatting-function.md b/cpp/old-change-notes/2020-11-05-formatting-function.md similarity index 100% rename from cpp/change-notes/2020-11-05-formatting-function.md rename to cpp/old-change-notes/2020-11-05-formatting-function.md diff --git a/cpp/change-notes/2020-11-05-private-models.md b/cpp/old-change-notes/2020-11-05-private-models.md similarity index 100% rename from cpp/change-notes/2020-11-05-private-models.md rename to cpp/old-change-notes/2020-11-05-private-models.md diff --git a/cpp/change-notes/2020-11-12-unsafe-use-of-this.md b/cpp/old-change-notes/2020-11-12-unsafe-use-of-this.md similarity index 100% rename from cpp/change-notes/2020-11-12-unsafe-use-of-this.md rename to cpp/old-change-notes/2020-11-12-unsafe-use-of-this.md diff --git a/cpp/change-notes/2020-11-27-downgrade-to-recommendation.md b/cpp/old-change-notes/2020-11-27-downgrade-to-recommendation.md similarity index 100% rename from cpp/change-notes/2020-11-27-downgrade-to-recommendation.md rename to cpp/old-change-notes/2020-11-27-downgrade-to-recommendation.md diff --git a/cpp/change-notes/2021-02-04-unsigned-difference-expression-compared-zero.md b/cpp/old-change-notes/2021-02-04-unsigned-difference-expression-compared-zero.md similarity index 100% rename from cpp/change-notes/2021-02-04-unsigned-difference-expression-compared-zero.md rename to cpp/old-change-notes/2021-02-04-unsigned-difference-expression-compared-zero.md diff --git a/cpp/change-notes/2021-02-24-memset-may-be-deleted.md b/cpp/old-change-notes/2021-02-24-memset-may-be-deleted.md similarity index 100% rename from cpp/change-notes/2021-02-24-memset-may-be-deleted.md rename to cpp/old-change-notes/2021-02-24-memset-may-be-deleted.md diff --git a/cpp/change-notes/2021-03-01-fluent-interface-data-flow.md b/cpp/old-change-notes/2021-03-01-fluent-interface-data-flow.md similarity index 100% rename from cpp/change-notes/2021-03-01-fluent-interface-data-flow.md rename to cpp/old-change-notes/2021-03-01-fluent-interface-data-flow.md diff --git a/cpp/change-notes/2021-03-11-failed-extractions.md b/cpp/old-change-notes/2021-03-11-failed-extractions.md similarity index 100% rename from cpp/change-notes/2021-03-11-failed-extractions.md rename to cpp/old-change-notes/2021-03-11-failed-extractions.md diff --git a/cpp/change-notes/2021-03-11-overflow-abs.md b/cpp/old-change-notes/2021-03-11-overflow-abs.md similarity index 100% rename from cpp/change-notes/2021-03-11-overflow-abs.md rename to cpp/old-change-notes/2021-03-11-overflow-abs.md diff --git a/cpp/change-notes/2021-03-17-av-rule-79.md b/cpp/old-change-notes/2021-03-17-av-rule-79.md similarity index 100% rename from cpp/change-notes/2021-03-17-av-rule-79.md rename to cpp/old-change-notes/2021-03-17-av-rule-79.md diff --git a/cpp/change-notes/2021-04-06-assign-where-compare-meant.md b/cpp/old-change-notes/2021-04-06-assign-where-compare-meant.md similarity index 100% rename from cpp/change-notes/2021-04-06-assign-where-compare-meant.md rename to cpp/old-change-notes/2021-04-06-assign-where-compare-meant.md diff --git a/cpp/change-notes/2021-04-09-unsigned-difference-expression-compared-zero.md b/cpp/old-change-notes/2021-04-09-unsigned-difference-expression-compared-zero.md similarity index 100% rename from cpp/change-notes/2021-04-09-unsigned-difference-expression-compared-zero.md rename to cpp/old-change-notes/2021-04-09-unsigned-difference-expression-compared-zero.md diff --git a/cpp/change-notes/2021-04-13-arithmetic-queries.md b/cpp/old-change-notes/2021-04-13-arithmetic-queries.md similarity index 100% rename from cpp/change-notes/2021-04-13-arithmetic-queries.md rename to cpp/old-change-notes/2021-04-13-arithmetic-queries.md diff --git a/cpp/change-notes/2021-04-21-return-stack-allocated-object.md b/cpp/old-change-notes/2021-04-21-return-stack-allocated-object.md similarity index 100% rename from cpp/change-notes/2021-04-21-return-stack-allocated-object.md rename to cpp/old-change-notes/2021-04-21-return-stack-allocated-object.md diff --git a/cpp/change-notes/2021-04-26-more-sound-expr-might-overflow.md b/cpp/old-change-notes/2021-04-26-more-sound-expr-might-overflow.md similarity index 100% rename from cpp/change-notes/2021-04-26-more-sound-expr-might-overflow.md rename to cpp/old-change-notes/2021-04-26-more-sound-expr-might-overflow.md diff --git a/cpp/change-notes/2021-05-10-comparison-with-wider-type.md b/cpp/old-change-notes/2021-05-10-comparison-with-wider-type.md similarity index 100% rename from cpp/change-notes/2021-05-10-comparison-with-wider-type.md rename to cpp/old-change-notes/2021-05-10-comparison-with-wider-type.md diff --git a/cpp/change-notes/2021-05-12-uncontrolled-arithmetic.md b/cpp/old-change-notes/2021-05-12-uncontrolled-arithmetic.md similarity index 100% rename from cpp/change-notes/2021-05-12-uncontrolled-arithmetic.md rename to cpp/old-change-notes/2021-05-12-uncontrolled-arithmetic.md diff --git a/cpp/change-notes/2021-05-14-uncontrolled-allocation-size.md b/cpp/old-change-notes/2021-05-14-uncontrolled-allocation-size.md similarity index 100% rename from cpp/change-notes/2021-05-14-uncontrolled-allocation-size.md rename to cpp/old-change-notes/2021-05-14-uncontrolled-allocation-size.md diff --git a/cpp/change-notes/2021-05-18-static-buffer-overflow.md b/cpp/old-change-notes/2021-05-18-static-buffer-overflow.md similarity index 100% rename from cpp/change-notes/2021-05-18-static-buffer-overflow.md rename to cpp/old-change-notes/2021-05-18-static-buffer-overflow.md diff --git a/cpp/change-notes/2021-05-19-weak-cryptographic-algorithm.md b/cpp/old-change-notes/2021-05-19-weak-cryptographic-algorithm.md similarity index 100% rename from cpp/change-notes/2021-05-19-weak-cryptographic-algorithm.md rename to cpp/old-change-notes/2021-05-19-weak-cryptographic-algorithm.md diff --git a/cpp/change-notes/2021-05-20-incorrect-allocation-error-handling.md b/cpp/old-change-notes/2021-05-20-incorrect-allocation-error-handling.md similarity index 100% rename from cpp/change-notes/2021-05-20-incorrect-allocation-error-handling.md rename to cpp/old-change-notes/2021-05-20-incorrect-allocation-error-handling.md diff --git a/cpp/change-notes/2021-05-20-ref-qualifiers.md b/cpp/old-change-notes/2021-05-20-ref-qualifiers.md similarity index 100% rename from cpp/change-notes/2021-05-20-ref-qualifiers.md rename to cpp/old-change-notes/2021-05-20-ref-qualifiers.md diff --git a/cpp/change-notes/2021-05-21-unsafe-strncat.md b/cpp/old-change-notes/2021-05-21-unsafe-strncat.md similarity index 100% rename from cpp/change-notes/2021-05-21-unsafe-strncat.md rename to cpp/old-change-notes/2021-05-21-unsafe-strncat.md diff --git a/cpp/change-notes/2021-06-10-cleartext-transmission.md b/cpp/old-change-notes/2021-06-10-cleartext-transmission.md similarity index 100% rename from cpp/change-notes/2021-06-10-cleartext-transmission.md rename to cpp/old-change-notes/2021-06-10-cleartext-transmission.md diff --git a/cpp/change-notes/2021-06-10-std-types.md b/cpp/old-change-notes/2021-06-10-std-types.md similarity index 100% rename from cpp/change-notes/2021-06-10-std-types.md rename to cpp/old-change-notes/2021-06-10-std-types.md diff --git a/cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md b/cpp/old-change-notes/2021-06-21-weak-cryptographic-algorithm.md similarity index 100% rename from cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md rename to cpp/old-change-notes/2021-06-21-weak-cryptographic-algorithm.md diff --git a/cpp/change-notes/2021-06-22-sql-tainted.md b/cpp/old-change-notes/2021-06-22-sql-tainted.md similarity index 100% rename from cpp/change-notes/2021-06-22-sql-tainted.md rename to cpp/old-change-notes/2021-06-22-sql-tainted.md diff --git a/cpp/change-notes/2021-06-24-dataflow-implicit-reads.md b/cpp/old-change-notes/2021-06-24-dataflow-implicit-reads.md similarity index 100% rename from cpp/change-notes/2021-06-24-dataflow-implicit-reads.md rename to cpp/old-change-notes/2021-06-24-dataflow-implicit-reads.md diff --git a/cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md b/cpp/old-change-notes/2021-06-24-uncontrolled-arithmetic.md similarity index 100% rename from cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md rename to cpp/old-change-notes/2021-06-24-uncontrolled-arithmetic.md diff --git a/cpp/change-notes/2021-06-30-wrong-type-format-argument.md b/cpp/old-change-notes/2021-06-30-wrong-type-format-argument.md similarity index 100% rename from cpp/change-notes/2021-06-30-wrong-type-format-argument.md rename to cpp/old-change-notes/2021-06-30-wrong-type-format-argument.md diff --git a/cpp/change-notes/2021-07-13-cleartext-storage-file.md b/cpp/old-change-notes/2021-07-13-cleartext-storage-file.md similarity index 100% rename from cpp/change-notes/2021-07-13-cleartext-storage-file.md rename to cpp/old-change-notes/2021-07-13-cleartext-storage-file.md diff --git a/cpp/change-notes/2021-07-20-toctou-race-condition.md b/cpp/old-change-notes/2021-07-20-toctou-race-condition.md similarity index 100% rename from cpp/change-notes/2021-07-20-toctou-race-condition.md rename to cpp/old-change-notes/2021-07-20-toctou-race-condition.md diff --git a/cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md b/cpp/old-change-notes/2021-07-27-uncontrolled-arithmetic.md similarity index 100% rename from cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md rename to cpp/old-change-notes/2021-07-27-uncontrolled-arithmetic.md diff --git a/cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md b/cpp/old-change-notes/2021-07-29-virtual-function-declaration-specifiers.md similarity index 100% rename from cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md rename to cpp/old-change-notes/2021-07-29-virtual-function-declaration-specifiers.md diff --git a/cpp/change-notes/2021-08-10-has-trailing-return-type.md b/cpp/old-change-notes/2021-08-10-has-trailing-return-type.md similarity index 100% rename from cpp/change-notes/2021-08-10-has-trailing-return-type.md rename to cpp/old-change-notes/2021-08-10-has-trailing-return-type.md diff --git a/cpp/change-notes/2021-08-17-has-c-linkage.md b/cpp/old-change-notes/2021-08-17-has-c-linkage.md similarity index 100% rename from cpp/change-notes/2021-08-17-has-c-linkage.md rename to cpp/old-change-notes/2021-08-17-has-c-linkage.md diff --git a/cpp/change-notes/2021-08-23-ctime-weaken-claims.md b/cpp/old-change-notes/2021-08-23-ctime-weaken-claims.md similarity index 100% rename from cpp/change-notes/2021-08-23-ctime-weaken-claims.md rename to cpp/old-change-notes/2021-08-23-ctime-weaken-claims.md diff --git a/cpp/change-notes/2021-08-23-getPrimaryQlClasses.md b/cpp/old-change-notes/2021-08-23-getPrimaryQlClasses.md similarity index 100% rename from cpp/change-notes/2021-08-23-getPrimaryQlClasses.md rename to cpp/old-change-notes/2021-08-23-getPrimaryQlClasses.md diff --git a/cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md b/cpp/old-change-notes/2021-08-24-implicit-downcast-from-bitfield.md similarity index 100% rename from cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md rename to cpp/old-change-notes/2021-08-24-implicit-downcast-from-bitfield.md diff --git a/cpp/change-notes/2021-08-31-range-analysis-upper-bound.md b/cpp/old-change-notes/2021-08-31-range-analysis-upper-bound.md similarity index 100% rename from cpp/change-notes/2021-08-31-range-analysis-upper-bound.md rename to cpp/old-change-notes/2021-08-31-range-analysis-upper-bound.md diff --git a/cpp/change-notes/2021-09-13-overflow-static.md b/cpp/old-change-notes/2021-09-13-overflow-static.md similarity index 100% rename from cpp/change-notes/2021-09-13-overflow-static.md rename to cpp/old-change-notes/2021-09-13-overflow-static.md diff --git a/cpp/change-notes/2021-09-27-command-line-injection.md b/cpp/old-change-notes/2021-09-27-command-line-injection.md similarity index 100% rename from cpp/change-notes/2021-09-27-command-line-injection.md rename to cpp/old-change-notes/2021-09-27-command-line-injection.md diff --git a/cpp/change-notes/2021-09-27-overflow-static.md b/cpp/old-change-notes/2021-09-27-overflow-static.md similarity index 100% rename from cpp/change-notes/2021-09-27-overflow-static.md rename to cpp/old-change-notes/2021-09-27-overflow-static.md diff --git a/cpp/change-notes/2021-10-01-improper-null-termination.md b/cpp/old-change-notes/2021-10-01-improper-null-termination.md similarity index 100% rename from cpp/change-notes/2021-10-01-improper-null-termination.md rename to cpp/old-change-notes/2021-10-01-improper-null-termination.md diff --git a/cpp/change-notes/2021-10-07-extraction-errors.md b/cpp/old-change-notes/2021-10-07-extraction-errors.md similarity index 100% rename from cpp/change-notes/2021-10-07-extraction-errors.md rename to cpp/old-change-notes/2021-10-07-extraction-errors.md diff --git a/csharp/change-notes/2020-08-18-ast-viewer.md b/csharp/old-change-notes/2020-08-18-ast-viewer.md similarity index 100% rename from csharp/change-notes/2020-08-18-ast-viewer.md rename to csharp/old-change-notes/2020-08-18-ast-viewer.md diff --git a/csharp/change-notes/2020-08-18-partial-method-bodies.md b/csharp/old-change-notes/2020-08-18-partial-method-bodies.md similarity index 100% rename from csharp/change-notes/2020-08-18-partial-method-bodies.md rename to csharp/old-change-notes/2020-08-18-partial-method-bodies.md diff --git a/csharp/change-notes/2020-08-26-implicit-array-lengths.md b/csharp/old-change-notes/2020-08-26-implicit-array-lengths.md similarity index 100% rename from csharp/change-notes/2020-08-26-implicit-array-lengths.md rename to csharp/old-change-notes/2020-08-26-implicit-array-lengths.md diff --git a/csharp/change-notes/2020-09-02-assembly-insensitive-trap.md b/csharp/old-change-notes/2020-09-02-assembly-insensitive-trap.md similarity index 100% rename from csharp/change-notes/2020-09-02-assembly-insensitive-trap.md rename to csharp/old-change-notes/2020-09-02-assembly-insensitive-trap.md diff --git a/csharp/change-notes/2020-09-22-weak-encryption.md b/csharp/old-change-notes/2020-09-22-weak-encryption.md similarity index 100% rename from csharp/change-notes/2020-09-22-weak-encryption.md rename to csharp/old-change-notes/2020-09-22-weak-encryption.md diff --git a/csharp/change-notes/2020-10-21-AST-printing-improvements.md b/csharp/old-change-notes/2020-10-21-AST-printing-improvements.md similarity index 100% rename from csharp/change-notes/2020-10-21-AST-printing-improvements.md rename to csharp/old-change-notes/2020-10-21-AST-printing-improvements.md diff --git a/csharp/change-notes/2020-10-21-CodeAnalysis-attributes-in-assert.md b/csharp/old-change-notes/2020-10-21-CodeAnalysis-attributes-in-assert.md similarity index 100% rename from csharp/change-notes/2020-10-21-CodeAnalysis-attributes-in-assert.md rename to csharp/old-change-notes/2020-10-21-CodeAnalysis-attributes-in-assert.md diff --git a/csharp/change-notes/2020-10-21-rework-attribute-extraction.md b/csharp/old-change-notes/2020-10-21-rework-attribute-extraction.md similarity index 100% rename from csharp/change-notes/2020-10-21-rework-attribute-extraction.md rename to csharp/old-change-notes/2020-10-21-rework-attribute-extraction.md diff --git a/csharp/change-notes/2020-10-28-cil-to-string.md b/csharp/old-change-notes/2020-10-28-cil-to-string.md similarity index 100% rename from csharp/change-notes/2020-10-28-cil-to-string.md rename to csharp/old-change-notes/2020-10-28-cil-to-string.md diff --git a/csharp/change-notes/2020-11-05-get-sourcedeclaration-rename.md b/csharp/old-change-notes/2020-11-05-get-sourcedeclaration-rename.md similarity index 100% rename from csharp/change-notes/2020-11-05-get-sourcedeclaration-rename.md rename to csharp/old-change-notes/2020-11-05-get-sourcedeclaration-rename.md diff --git a/csharp/change-notes/2020-11-18-lambda-modifiers.md b/csharp/old-change-notes/2020-11-18-lambda-modifiers.md similarity index 100% rename from csharp/change-notes/2020-11-18-lambda-modifiers.md rename to csharp/old-change-notes/2020-11-18-lambda-modifiers.md diff --git a/csharp/change-notes/2020-11-18-local-function-attributable.md b/csharp/old-change-notes/2020-11-18-local-function-attributable.md similarity index 100% rename from csharp/change-notes/2020-11-18-local-function-attributable.md rename to csharp/old-change-notes/2020-11-18-local-function-attributable.md diff --git a/csharp/change-notes/2020-12-08-cil-enum-underlying-type.md b/csharp/old-change-notes/2020-12-08-cil-enum-underlying-type.md similarity index 100% rename from csharp/change-notes/2020-12-08-cil-enum-underlying-type.md rename to csharp/old-change-notes/2020-12-08-cil-enum-underlying-type.md diff --git a/csharp/change-notes/2020-12-17-format-method-empty-overload.md b/csharp/old-change-notes/2020-12-17-format-method-empty-overload.md similarity index 100% rename from csharp/change-notes/2020-12-17-format-method-empty-overload.md rename to csharp/old-change-notes/2020-12-17-format-method-empty-overload.md diff --git a/csharp/change-notes/2020-12-18-extract-custom-modifiers.md b/csharp/old-change-notes/2020-12-18-extract-custom-modifiers.md similarity index 100% rename from csharp/change-notes/2020-12-18-extract-custom-modifiers.md rename to csharp/old-change-notes/2020-12-18-extract-custom-modifiers.md diff --git a/csharp/change-notes/2020-12-21-merge-format-queries.md b/csharp/old-change-notes/2020-12-21-merge-format-queries.md similarity index 100% rename from csharp/change-notes/2020-12-21-merge-format-queries.md rename to csharp/old-change-notes/2020-12-21-merge-format-queries.md diff --git a/csharp/change-notes/2021-01-14-Unary-pattern.md b/csharp/old-change-notes/2021-01-14-Unary-pattern.md similarity index 100% rename from csharp/change-notes/2021-01-14-Unary-pattern.md rename to csharp/old-change-notes/2021-01-14-Unary-pattern.md diff --git a/csharp/change-notes/2021-01-15-Relational-pattern.md b/csharp/old-change-notes/2021-01-15-Relational-pattern.md similarity index 100% rename from csharp/change-notes/2021-01-15-Relational-pattern.md rename to csharp/old-change-notes/2021-01-15-Relational-pattern.md diff --git a/csharp/change-notes/2021-01-19-Function-pointer.md b/csharp/old-change-notes/2021-01-19-Function-pointer.md similarity index 100% rename from csharp/change-notes/2021-01-19-Function-pointer.md rename to csharp/old-change-notes/2021-01-19-Function-pointer.md diff --git a/csharp/change-notes/2021-01-25-Function-pointer-cil.md b/csharp/old-change-notes/2021-01-25-Function-pointer-cil.md similarity index 100% rename from csharp/change-notes/2021-01-25-Function-pointer-cil.md rename to csharp/old-change-notes/2021-01-25-Function-pointer-cil.md diff --git a/csharp/change-notes/2021-01-27-Add-binary-pattern.md b/csharp/old-change-notes/2021-01-27-Add-binary-pattern.md similarity index 100% rename from csharp/change-notes/2021-01-27-Add-binary-pattern.md rename to csharp/old-change-notes/2021-01-27-Add-binary-pattern.md diff --git a/csharp/change-notes/2021-02-01-Preprocessor-directives.md b/csharp/old-change-notes/2021-02-01-Preprocessor-directives.md similarity index 100% rename from csharp/change-notes/2021-02-01-Preprocessor-directives.md rename to csharp/old-change-notes/2021-02-01-Preprocessor-directives.md diff --git a/csharp/change-notes/2021-02-02-foreach-underlying-methods.md b/csharp/old-change-notes/2021-02-02-foreach-underlying-methods.md similarity index 100% rename from csharp/change-notes/2021-02-02-foreach-underlying-methods.md rename to csharp/old-change-notes/2021-02-02-foreach-underlying-methods.md diff --git a/csharp/change-notes/2021-02-04-Records.md b/csharp/old-change-notes/2021-02-04-Records.md similarity index 100% rename from csharp/change-notes/2021-02-04-Records.md rename to csharp/old-change-notes/2021-02-04-Records.md diff --git a/csharp/change-notes/2021-02-12-with-expression.md b/csharp/old-change-notes/2021-02-12-with-expression.md similarity index 100% rename from csharp/change-notes/2021-02-12-with-expression.md rename to csharp/old-change-notes/2021-02-12-with-expression.md diff --git a/csharp/change-notes/2021-02-26-tuple-dataflow.md b/csharp/old-change-notes/2021-02-26-tuple-dataflow.md similarity index 100% rename from csharp/change-notes/2021-02-26-tuple-dataflow.md rename to csharp/old-change-notes/2021-02-26-tuple-dataflow.md diff --git a/csharp/change-notes/2021-03-01-fluent-interface-data-flow.md b/csharp/old-change-notes/2021-03-01-fluent-interface-data-flow.md similarity index 100% rename from csharp/change-notes/2021-03-01-fluent-interface-data-flow.md rename to csharp/old-change-notes/2021-03-01-fluent-interface-data-flow.md diff --git a/csharp/change-notes/2021-03-02-dotnet5.md b/csharp/old-change-notes/2021-03-02-dotnet5.md similarity index 100% rename from csharp/change-notes/2021-03-02-dotnet5.md rename to csharp/old-change-notes/2021-03-02-dotnet5.md diff --git a/csharp/change-notes/2021-03-24-cil-ssa.md b/csharp/old-change-notes/2021-03-24-cil-ssa.md similarity index 100% rename from csharp/change-notes/2021-03-24-cil-ssa.md rename to csharp/old-change-notes/2021-03-24-cil-ssa.md diff --git a/csharp/change-notes/2021-03-24-remove-legacy-queries.md b/csharp/old-change-notes/2021-03-24-remove-legacy-queries.md similarity index 100% rename from csharp/change-notes/2021-03-24-remove-legacy-queries.md rename to csharp/old-change-notes/2021-03-24-remove-legacy-queries.md diff --git a/csharp/change-notes/2021-03-24-remove-vuln-package-query.md b/csharp/old-change-notes/2021-03-24-remove-vuln-package-query.md similarity index 100% rename from csharp/change-notes/2021-03-24-remove-vuln-package-query.md rename to csharp/old-change-notes/2021-03-24-remove-vuln-package-query.md diff --git a/csharp/change-notes/2021-04-09-dapper-support.md b/csharp/old-change-notes/2021-04-09-dapper-support.md similarity index 100% rename from csharp/change-notes/2021-04-09-dapper-support.md rename to csharp/old-change-notes/2021-04-09-dapper-support.md diff --git a/csharp/change-notes/2021-04-09-default-argument-values.md b/csharp/old-change-notes/2021-04-09-default-argument-values.md similarity index 100% rename from csharp/change-notes/2021-04-09-default-argument-values.md rename to csharp/old-change-notes/2021-04-09-default-argument-values.md diff --git a/csharp/change-notes/2021-04-14-customizations.md b/csharp/old-change-notes/2021-04-14-customizations.md similarity index 100% rename from csharp/change-notes/2021-04-14-customizations.md rename to csharp/old-change-notes/2021-04-14-customizations.md diff --git a/csharp/change-notes/2021-04-22-console-read-local-source.md b/csharp/old-change-notes/2021-04-22-console-read-local-source.md similarity index 100% rename from csharp/change-notes/2021-04-22-console-read-local-source.md rename to csharp/old-change-notes/2021-04-22-console-read-local-source.md diff --git a/csharp/change-notes/2021-04-23-model-error-extraction.md b/csharp/old-change-notes/2021-04-23-model-error-extraction.md similarity index 100% rename from csharp/change-notes/2021-04-23-model-error-extraction.md rename to csharp/old-change-notes/2021-04-23-model-error-extraction.md diff --git a/csharp/change-notes/2021-04-26-string-builder-summaries.md b/csharp/old-change-notes/2021-04-26-string-builder-summaries.md similarity index 100% rename from csharp/change-notes/2021-04-26-string-builder-summaries.md rename to csharp/old-change-notes/2021-04-26-string-builder-summaries.md diff --git a/csharp/change-notes/2021-05-03-implicit-constructor-init.md b/csharp/old-change-notes/2021-05-03-implicit-constructor-init.md similarity index 100% rename from csharp/change-notes/2021-05-03-implicit-constructor-init.md rename to csharp/old-change-notes/2021-05-03-implicit-constructor-init.md diff --git a/csharp/change-notes/2021-06-04-tuple-members.md b/csharp/old-change-notes/2021-06-04-tuple-members.md similarity index 100% rename from csharp/change-notes/2021-06-04-tuple-members.md rename to csharp/old-change-notes/2021-06-04-tuple-members.md diff --git a/csharp/change-notes/2021-06-15-effective-visibility.md b/csharp/old-change-notes/2021-06-15-effective-visibility.md similarity index 100% rename from csharp/change-notes/2021-06-15-effective-visibility.md rename to csharp/old-change-notes/2021-06-15-effective-visibility.md diff --git a/csharp/change-notes/2021-06-15-unsafe-non-source-code.md b/csharp/old-change-notes/2021-06-15-unsafe-non-source-code.md similarity index 100% rename from csharp/change-notes/2021-06-15-unsafe-non-source-code.md rename to csharp/old-change-notes/2021-06-15-unsafe-non-source-code.md diff --git a/csharp/change-notes/2021-06-16-qualified-names.md b/csharp/old-change-notes/2021-06-16-qualified-names.md similarity index 100% rename from csharp/change-notes/2021-06-16-qualified-names.md rename to csharp/old-change-notes/2021-06-16-qualified-names.md diff --git a/csharp/change-notes/2021-06-24-dataflow-implicit-reads.md b/csharp/old-change-notes/2021-06-24-dataflow-implicit-reads.md similarity index 100% rename from csharp/change-notes/2021-06-24-dataflow-implicit-reads.md rename to csharp/old-change-notes/2021-06-24-dataflow-implicit-reads.md diff --git a/csharp/change-notes/2021-08-05-insecure-randomness.md b/csharp/old-change-notes/2021-08-05-insecure-randomness.md similarity index 100% rename from csharp/change-notes/2021-08-05-insecure-randomness.md rename to csharp/old-change-notes/2021-08-05-insecure-randomness.md diff --git a/csharp/change-notes/2021-08-17-callable-qualified-names.md b/csharp/old-change-notes/2021-08-17-callable-qualified-names.md similarity index 100% rename from csharp/change-notes/2021-08-17-callable-qualified-names.md rename to csharp/old-change-notes/2021-08-17-callable-qualified-names.md diff --git a/csharp/change-notes/2021-08-23-getPrimaryQlClasses.md b/csharp/old-change-notes/2021-08-23-getPrimaryQlClasses.md similarity index 100% rename from csharp/change-notes/2021-08-23-getPrimaryQlClasses.md rename to csharp/old-change-notes/2021-08-23-getPrimaryQlClasses.md diff --git a/csharp/change-notes/2021-09-09-service-stack-support.md b/csharp/old-change-notes/2021-09-09-service-stack-support.md similarity index 100% rename from csharp/change-notes/2021-09-09-service-stack-support.md rename to csharp/old-change-notes/2021-09-09-service-stack-support.md diff --git a/csharp/change-notes/2021-10-04-constand-condition.md b/csharp/old-change-notes/2021-10-04-constand-condition.md similarity index 100% rename from csharp/change-notes/2021-10-04-constand-condition.md rename to csharp/old-change-notes/2021-10-04-constand-condition.md diff --git a/csharp/change-notes/2021-10-04-dead-store-of-local.md b/csharp/old-change-notes/2021-10-04-dead-store-of-local.md similarity index 100% rename from csharp/change-notes/2021-10-04-dead-store-of-local.md rename to csharp/old-change-notes/2021-10-04-dead-store-of-local.md diff --git a/java/change-notes/2020-05-21-mongodb-sql-injection-sinks.md b/java/old-change-notes/2020-05-21-mongodb-sql-injection-sinks.md similarity index 100% rename from java/change-notes/2020-05-21-mongodb-sql-injection-sinks.md rename to java/old-change-notes/2020-05-21-mongodb-sql-injection-sinks.md diff --git a/java/change-notes/2020-05-21-websocket-taintsource.md b/java/old-change-notes/2020-05-21-websocket-taintsource.md similarity index 100% rename from java/change-notes/2020-05-21-websocket-taintsource.md rename to java/old-change-notes/2020-05-21-websocket-taintsource.md diff --git a/java/change-notes/2020-06-30-jooq-sql-injection-sinks.md b/java/old-change-notes/2020-06-30-jooq-sql-injection-sinks.md similarity index 100% rename from java/change-notes/2020-06-30-jooq-sql-injection-sinks.md rename to java/old-change-notes/2020-06-30-jooq-sql-injection-sinks.md diff --git a/java/change-notes/2020-07-03-more-pathcreations.md b/java/old-change-notes/2020-07-03-more-pathcreations.md similarity index 100% rename from java/change-notes/2020-07-03-more-pathcreations.md rename to java/old-change-notes/2020-07-03-more-pathcreations.md diff --git a/java/change-notes/2020-07-09-untrusted-data-to-external-api.md b/java/old-change-notes/2020-07-09-untrusted-data-to-external-api.md similarity index 100% rename from java/change-notes/2020-07-09-untrusted-data-to-external-api.md rename to java/old-change-notes/2020-07-09-untrusted-data-to-external-api.md diff --git a/java/change-notes/2020-07-13-stacktraceexposure-fp-fix.md b/java/old-change-notes/2020-07-13-stacktraceexposure-fp-fix.md similarity index 100% rename from java/change-notes/2020-07-13-stacktraceexposure-fp-fix.md rename to java/old-change-notes/2020-07-13-stacktraceexposure-fp-fix.md diff --git a/java/change-notes/2020-08-11-printwriter-format-xss-sink.md b/java/old-change-notes/2020-08-11-printwriter-format-xss-sink.md similarity index 100% rename from java/change-notes/2020-08-11-printwriter-format-xss-sink.md rename to java/old-change-notes/2020-08-11-printwriter-format-xss-sink.md diff --git a/java/change-notes/2020-08-14-dataflow-dispatch-instance-arg-ctx.md b/java/old-change-notes/2020-08-14-dataflow-dispatch-instance-arg-ctx.md similarity index 100% rename from java/change-notes/2020-08-14-dataflow-dispatch-instance-arg-ctx.md rename to java/old-change-notes/2020-08-14-dataflow-dispatch-instance-arg-ctx.md diff --git a/java/change-notes/2020-08-17-string-formatted.md b/java/old-change-notes/2020-08-17-string-formatted.md similarity index 100% rename from java/change-notes/2020-08-17-string-formatted.md rename to java/old-change-notes/2020-08-17-string-formatted.md diff --git a/java/change-notes/2020-08-24-records-flow.md b/java/old-change-notes/2020-08-24-records-flow.md similarity index 100% rename from java/change-notes/2020-08-24-records-flow.md rename to java/old-change-notes/2020-08-24-records-flow.md diff --git a/java/change-notes/2020-08-31-extensible-security-queries.md b/java/old-change-notes/2020-08-31-extensible-security-queries.md similarity index 100% rename from java/change-notes/2020-08-31-extensible-security-queries.md rename to java/old-change-notes/2020-08-31-extensible-security-queries.md diff --git a/java/change-notes/2020-09-08-blockstmt.md b/java/old-change-notes/2020-09-08-blockstmt.md similarity index 100% rename from java/change-notes/2020-09-08-blockstmt.md rename to java/old-change-notes/2020-09-08-blockstmt.md diff --git a/java/change-notes/2020-09-17-exectainted-array.md b/java/old-change-notes/2020-09-17-exectainted-array.md similarity index 100% rename from java/change-notes/2020-09-17-exectainted-array.md rename to java/old-change-notes/2020-09-17-exectainted-array.md diff --git a/java/change-notes/2020-09-21-jhipster-gen-prng-query.md b/java/old-change-notes/2020-09-21-jhipster-gen-prng-query.md similarity index 100% rename from java/change-notes/2020-09-21-jhipster-gen-prng-query.md rename to java/old-change-notes/2020-09-21-jhipster-gen-prng-query.md diff --git a/java/change-notes/2020-09-22-hibernate-sql-sinks.md b/java/old-change-notes/2020-09-22-hibernate-sql-sinks.md similarity index 100% rename from java/change-notes/2020-09-22-hibernate-sql-sinks.md rename to java/old-change-notes/2020-09-22-hibernate-sql-sinks.md diff --git a/java/change-notes/2020-09-23-spring-multipart-request-sources.md b/java/old-change-notes/2020-09-23-spring-multipart-request-sources.md similarity index 100% rename from java/change-notes/2020-09-23-spring-multipart-request-sources.md rename to java/old-change-notes/2020-09-23-spring-multipart-request-sources.md diff --git a/java/change-notes/2020-10-03-android-intent-taintsource.md b/java/old-change-notes/2020-10-03-android-intent-taintsource.md similarity index 100% rename from java/change-notes/2020-10-03-android-intent-taintsource.md rename to java/old-change-notes/2020-10-03-android-intent-taintsource.md diff --git a/java/change-notes/2020-10-07-fastjson-deserialization-sink.md b/java/old-change-notes/2020-10-07-fastjson-deserialization-sink.md similarity index 100% rename from java/change-notes/2020-10-07-fastjson-deserialization-sink.md rename to java/old-change-notes/2020-10-07-fastjson-deserialization-sink.md diff --git a/java/change-notes/2020-10-16-guava-flow-steps.md b/java/old-change-notes/2020-10-16-guava-flow-steps.md similarity index 100% rename from java/change-notes/2020-10-16-guava-flow-steps.md rename to java/old-change-notes/2020-10-16-guava-flow-steps.md diff --git a/java/change-notes/2020-10-27-insecure-bean-validation.md b/java/old-change-notes/2020-10-27-insecure-bean-validation.md similarity index 100% rename from java/change-notes/2020-10-27-insecure-bean-validation.md rename to java/old-change-notes/2020-10-27-insecure-bean-validation.md diff --git a/java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md b/java/old-change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md similarity index 100% rename from java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md rename to java/old-change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md diff --git a/java/change-notes/2020-12-09-xxe-fp-fix.md b/java/old-change-notes/2020-12-09-xxe-fp-fix.md similarity index 100% rename from java/change-notes/2020-12-09-xxe-fp-fix.md rename to java/old-change-notes/2020-12-09-xxe-fp-fix.md diff --git a/java/change-notes/2021-01-12-unsafe-hostname-verification.md b/java/old-change-notes/2021-01-12-unsafe-hostname-verification.md similarity index 100% rename from java/change-notes/2021-01-12-unsafe-hostname-verification.md rename to java/old-change-notes/2021-01-12-unsafe-hostname-verification.md diff --git a/java/change-notes/2021-01-14-java-15-support.md b/java/old-change-notes/2021-01-14-java-15-support.md similarity index 100% rename from java/change-notes/2021-01-14-java-15-support.md rename to java/old-change-notes/2021-01-14-java-15-support.md diff --git a/java/change-notes/2021-01-19-struts-xml-extraction.md b/java/old-change-notes/2021-01-19-struts-xml-extraction.md similarity index 100% rename from java/change-notes/2021-01-19-struts-xml-extraction.md rename to java/old-change-notes/2021-01-19-struts-xml-extraction.md diff --git a/java/change-notes/2021-02-09-commons-string-utils.md b/java/old-change-notes/2021-02-09-commons-string-utils.md similarity index 100% rename from java/change-notes/2021-02-09-commons-string-utils.md rename to java/old-change-notes/2021-02-09-commons-string-utils.md diff --git a/java/change-notes/2021-02-15-commons-array-utils.md b/java/old-change-notes/2021-02-15-commons-array-utils.md similarity index 100% rename from java/change-notes/2021-02-15-commons-array-utils.md rename to java/old-change-notes/2021-02-15-commons-array-utils.md diff --git a/java/change-notes/2021-02-15-snakeyaml-fn-fix.md b/java/old-change-notes/2021-02-15-snakeyaml-fn-fix.md similarity index 100% rename from java/change-notes/2021-02-15-snakeyaml-fn-fix.md rename to java/old-change-notes/2021-02-15-snakeyaml-fn-fix.md diff --git a/java/change-notes/2021-02-17-apache-http.md b/java/old-change-notes/2021-02-17-apache-http.md similarity index 100% rename from java/change-notes/2021-02-17-apache-http.md rename to java/old-change-notes/2021-02-17-apache-http.md diff --git a/java/change-notes/2021-02-23-deprecated-jcenter-bintray.md b/java/old-change-notes/2021-02-23-deprecated-jcenter-bintray.md similarity index 100% rename from java/change-notes/2021-02-23-deprecated-jcenter-bintray.md rename to java/old-change-notes/2021-02-23-deprecated-jcenter-bintray.md diff --git a/java/change-notes/2021-03-01-fluent-interface-data-flow.md b/java/old-change-notes/2021-03-01-fluent-interface-data-flow.md similarity index 100% rename from java/change-notes/2021-03-01-fluent-interface-data-flow.md rename to java/old-change-notes/2021-03-01-fluent-interface-data-flow.md diff --git a/java/change-notes/2021-03-02-apache-text-misc.md b/java/old-change-notes/2021-03-02-apache-text-misc.md similarity index 100% rename from java/change-notes/2021-03-02-apache-text-misc.md rename to java/old-change-notes/2021-03-02-apache-text-misc.md diff --git a/java/change-notes/2021-03-02-guava-io.md b/java/old-change-notes/2021-03-02-guava-io.md similarity index 100% rename from java/change-notes/2021-03-02-guava-io.md rename to java/old-change-notes/2021-03-02-guava-io.md diff --git a/java/change-notes/2021-03-05-commons-lang-randomutils.md b/java/old-change-notes/2021-03-05-commons-lang-randomutils.md similarity index 100% rename from java/change-notes/2021-03-05-commons-lang-randomutils.md rename to java/old-change-notes/2021-03-05-commons-lang-randomutils.md diff --git a/java/change-notes/2021-03-05-commons-object-utils.md b/java/old-change-notes/2021-03-05-commons-object-utils.md similarity index 100% rename from java/change-notes/2021-03-05-commons-object-utils.md rename to java/old-change-notes/2021-03-05-commons-object-utils.md diff --git a/java/change-notes/2021-03-05-play-framework.md b/java/old-change-notes/2021-03-05-play-framework.md similarity index 100% rename from java/change-notes/2021-03-05-play-framework.md rename to java/old-change-notes/2021-03-05-play-framework.md diff --git a/java/change-notes/2021-03-05-regex-utils.md b/java/old-change-notes/2021-03-05-regex-utils.md similarity index 100% rename from java/change-notes/2021-03-05-regex-utils.md rename to java/old-change-notes/2021-03-05-regex-utils.md diff --git a/java/change-notes/2021-03-10-guava-base.md b/java/old-change-notes/2021-03-10-guava-base.md similarity index 100% rename from java/change-notes/2021-03-10-guava-base.md rename to java/old-change-notes/2021-03-10-guava-base.md diff --git a/java/change-notes/2021-03-11-commons-strbuilder.md b/java/old-change-notes/2021-03-11-commons-strbuilder.md similarity index 100% rename from java/change-notes/2021-03-11-commons-strbuilder.md rename to java/old-change-notes/2021-03-11-commons-strbuilder.md diff --git a/java/change-notes/2021-03-18-commons-tostring-builder.md b/java/old-change-notes/2021-03-18-commons-tostring-builder.md similarity index 100% rename from java/change-notes/2021-03-18-commons-tostring-builder.md rename to java/old-change-notes/2021-03-18-commons-tostring-builder.md diff --git a/java/change-notes/2021-03-22-jax-rs-improvements.md b/java/old-change-notes/2021-03-22-jax-rs-improvements.md similarity index 100% rename from java/change-notes/2021-03-22-jax-rs-improvements.md rename to java/old-change-notes/2021-03-22-jax-rs-improvements.md diff --git a/java/change-notes/2021-03-23-guava-collections-and-preconditions.md b/java/old-change-notes/2021-03-23-guava-collections-and-preconditions.md similarity index 100% rename from java/change-notes/2021-03-23-guava-collections-and-preconditions.md rename to java/old-change-notes/2021-03-23-guava-collections-and-preconditions.md diff --git a/java/change-notes/2021-03-25-remove-legacy-code-duplication-library.md b/java/old-change-notes/2021-03-25-remove-legacy-code-duplication-library.md similarity index 100% rename from java/change-notes/2021-03-25-remove-legacy-code-duplication-library.md rename to java/old-change-notes/2021-03-25-remove-legacy-code-duplication-library.md diff --git a/java/change-notes/2021-03-25-remove-legacy-filter-queries.md b/java/old-change-notes/2021-03-25-remove-legacy-filter-queries.md similarity index 100% rename from java/change-notes/2021-03-25-remove-legacy-filter-queries.md rename to java/old-change-notes/2021-03-25-remove-legacy-filter-queries.md diff --git a/java/change-notes/2021-04-02-add-spring-validation-errors.md b/java/old-change-notes/2021-04-02-add-spring-validation-errors.md similarity index 100% rename from java/change-notes/2021-04-02-add-spring-validation-errors.md rename to java/old-change-notes/2021-04-02-add-spring-validation-errors.md diff --git a/java/change-notes/2021-04-06-ssrf-query.md b/java/old-change-notes/2021-04-06-ssrf-query.md similarity index 100% rename from java/change-notes/2021-04-06-ssrf-query.md rename to java/old-change-notes/2021-04-06-ssrf-query.md diff --git a/java/change-notes/2021-04-14-membertype.md b/java/old-change-notes/2021-04-14-membertype.md similarity index 100% rename from java/change-notes/2021-04-14-membertype.md rename to java/old-change-notes/2021-04-14-membertype.md diff --git a/java/change-notes/2021-04-26-xpath-injection-query.md b/java/old-change-notes/2021-04-26-xpath-injection-query.md similarity index 100% rename from java/change-notes/2021-04-26-xpath-injection-query.md rename to java/old-change-notes/2021-04-26-xpath-injection-query.md diff --git a/java/change-notes/2021-05-03-guava-first-non-null.md b/java/old-change-notes/2021-05-03-guava-first-non-null.md similarity index 100% rename from java/change-notes/2021-05-03-guava-first-non-null.md rename to java/old-change-notes/2021-05-03-guava-first-non-null.md diff --git a/java/change-notes/2021-05-03-jackson-dataflow-deserialization.md b/java/old-change-notes/2021-05-03-jackson-dataflow-deserialization.md similarity index 100% rename from java/change-notes/2021-05-03-jackson-dataflow-deserialization.md rename to java/old-change-notes/2021-05-03-jackson-dataflow-deserialization.md diff --git a/java/change-notes/2021-05-04-jexl-injection-query.md b/java/old-change-notes/2021-05-04-jexl-injection-query.md similarity index 100% rename from java/change-notes/2021-05-04-jexl-injection-query.md rename to java/old-change-notes/2021-05-04-jexl-injection-query.md diff --git a/java/change-notes/2021-05-05-kryo-improvements.md b/java/old-change-notes/2021-05-05-kryo-improvements.md similarity index 100% rename from java/change-notes/2021-05-05-kryo-improvements.md rename to java/old-change-notes/2021-05-05-kryo-improvements.md diff --git a/java/change-notes/2021-05-06-unsafe-android-access-query.md b/java/old-change-notes/2021-05-06-unsafe-android-access-query.md similarity index 100% rename from java/change-notes/2021-05-06-unsafe-android-access-query.md rename to java/old-change-notes/2021-05-06-unsafe-android-access-query.md diff --git a/java/change-notes/2021-05-11-apache-tuples.md b/java/old-change-notes/2021-05-11-apache-tuples.md similarity index 100% rename from java/change-notes/2021-05-11-apache-tuples.md rename to java/old-change-notes/2021-05-11-apache-tuples.md diff --git a/java/change-notes/2021-05-11-ratpack-support.md b/java/old-change-notes/2021-05-11-ratpack-support.md similarity index 100% rename from java/change-notes/2021-05-11-ratpack-support.md rename to java/old-change-notes/2021-05-11-ratpack-support.md diff --git a/java/change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md b/java/old-change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md similarity index 100% rename from java/change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md rename to java/old-change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md diff --git a/java/change-notes/2021-05-12-xxe-fp-fix.md b/java/old-change-notes/2021-05-12-xxe-fp-fix.md similarity index 100% rename from java/change-notes/2021-05-12-xxe-fp-fix.md rename to java/old-change-notes/2021-05-12-xxe-fp-fix.md diff --git a/java/change-notes/2021-05-13-ognl-injection-query.md b/java/old-change-notes/2021-05-13-ognl-injection-query.md similarity index 100% rename from java/change-notes/2021-05-13-ognl-injection-query.md rename to java/old-change-notes/2021-05-13-ognl-injection-query.md diff --git a/java/change-notes/2021-05-14-close-resource-leaks-improvements.md b/java/old-change-notes/2021-05-14-close-resource-leaks-improvements.md similarity index 100% rename from java/change-notes/2021-05-14-close-resource-leaks-improvements.md rename to java/old-change-notes/2021-05-14-close-resource-leaks-improvements.md diff --git a/java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md b/java/old-change-notes/2021-05-17-add-unsafe-deserialization-sinks.md similarity index 100% rename from java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md rename to java/old-change-notes/2021-05-17-add-unsafe-deserialization-sinks.md diff --git a/java/change-notes/2021-05-17-jackson-deserialization-sink.md b/java/old-change-notes/2021-05-17-jackson-deserialization-sink.md similarity index 100% rename from java/change-notes/2021-05-17-jackson-deserialization-sink.md rename to java/old-change-notes/2021-05-17-jackson-deserialization-sink.md diff --git a/java/change-notes/2021-05-17-missing-jwt-signature-check-query.md b/java/old-change-notes/2021-05-17-missing-jwt-signature-check-query.md similarity index 100% rename from java/change-notes/2021-05-17-missing-jwt-signature-check-query.md rename to java/old-change-notes/2021-05-17-missing-jwt-signature-check-query.md diff --git a/java/change-notes/2021-05-20-jndi-injection-query.md b/java/old-change-notes/2021-05-20-jndi-injection-query.md similarity index 100% rename from java/change-notes/2021-05-20-jndi-injection-query.md rename to java/old-change-notes/2021-05-20-jndi-injection-query.md diff --git a/java/change-notes/2021-05-20-savedrequest-taintsources.md b/java/old-change-notes/2021-05-20-savedrequest-taintsources.md similarity index 100% rename from java/change-notes/2021-05-20-savedrequest-taintsources.md rename to java/old-change-notes/2021-05-20-savedrequest-taintsources.md diff --git a/java/change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md b/java/old-change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md similarity index 100% rename from java/change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md rename to java/old-change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md diff --git a/java/change-notes/2021-05-28-remove-senderror-xss-sink.md b/java/old-change-notes/2021-05-28-remove-senderror-xss-sink.md similarity index 100% rename from java/change-notes/2021-05-28-remove-senderror-xss-sink.md rename to java/old-change-notes/2021-05-28-remove-senderror-xss-sink.md diff --git a/java/change-notes/2021-05-31-add-spring-stringutils.md b/java/old-change-notes/2021-05-31-add-spring-stringutils.md similarity index 100% rename from java/change-notes/2021-05-31-add-spring-stringutils.md rename to java/old-change-notes/2021-05-31-add-spring-stringutils.md diff --git a/java/change-notes/2021-06-01-collection-flow.md b/java/old-change-notes/2021-06-01-collection-flow.md similarity index 100% rename from java/change-notes/2021-06-01-collection-flow.md rename to java/old-change-notes/2021-06-01-collection-flow.md diff --git a/java/change-notes/2021-06-01-insecure-basic-auth-query.md b/java/old-change-notes/2021-06-01-insecure-basic-auth-query.md similarity index 100% rename from java/change-notes/2021-06-01-insecure-basic-auth-query.md rename to java/old-change-notes/2021-06-01-insecure-basic-auth-query.md diff --git a/java/change-notes/2021-06-01-statement-toString.md b/java/old-change-notes/2021-06-01-statement-toString.md similarity index 100% rename from java/change-notes/2021-06-01-statement-toString.md rename to java/old-change-notes/2021-06-01-statement-toString.md diff --git a/java/change-notes/2021-06-02-mvel-injection-query.md b/java/old-change-notes/2021-06-02-mvel-injection-query.md similarity index 100% rename from java/change-notes/2021-06-02-mvel-injection-query.md rename to java/old-change-notes/2021-06-02-mvel-injection-query.md diff --git a/java/change-notes/2021-06-08-spel-injection-query.md b/java/old-change-notes/2021-06-08-spel-injection-query.md similarity index 100% rename from java/change-notes/2021-06-08-spel-injection-query.md rename to java/old-change-notes/2021-06-08-spel-injection-query.md diff --git a/java/change-notes/2021-06-08-spring-http.md b/java/old-change-notes/2021-06-08-spring-http.md similarity index 100% rename from java/change-notes/2021-06-08-spring-http.md rename to java/old-change-notes/2021-06-08-spring-http.md diff --git a/java/change-notes/2021-06-08-spring-propertyvalues.md b/java/old-change-notes/2021-06-08-spring-propertyvalues.md similarity index 100% rename from java/change-notes/2021-06-08-spring-propertyvalues.md rename to java/old-change-notes/2021-06-08-spring-propertyvalues.md diff --git a/java/change-notes/2021-06-11-tainted-key-read-steps.md b/java/old-change-notes/2021-06-11-tainted-key-read-steps.md similarity index 100% rename from java/change-notes/2021-06-11-tainted-key-read-steps.md rename to java/old-change-notes/2021-06-11-tainted-key-read-steps.md diff --git a/java/change-notes/2021-06-14-groovy-code-injection-query.md b/java/old-change-notes/2021-06-14-groovy-code-injection-query.md similarity index 100% rename from java/change-notes/2021-06-14-groovy-code-injection-query.md rename to java/old-change-notes/2021-06-14-groovy-code-injection-query.md diff --git a/java/change-notes/2021-06-16-xslt-injection-query.md b/java/old-change-notes/2021-06-16-xslt-injection-query.md similarity index 100% rename from java/change-notes/2021-06-16-xslt-injection-query.md rename to java/old-change-notes/2021-06-16-xslt-injection-query.md diff --git a/java/change-notes/2021-06-18-apache-mutable.md b/java/old-change-notes/2021-06-18-apache-mutable.md similarity index 100% rename from java/change-notes/2021-06-18-apache-mutable.md rename to java/old-change-notes/2021-06-18-apache-mutable.md diff --git a/java/change-notes/2021-06-18-insecure-java-mail-query.md b/java/old-change-notes/2021-06-18-insecure-java-mail-query.md similarity index 100% rename from java/change-notes/2021-06-18-insecure-java-mail-query.md rename to java/old-change-notes/2021-06-18-insecure-java-mail-query.md diff --git a/java/change-notes/2021-06-22-more-steps-for-bytebuffer-inputstream.md b/java/old-change-notes/2021-06-22-more-steps-for-bytebuffer-inputstream.md similarity index 100% rename from java/change-notes/2021-06-22-more-steps-for-bytebuffer-inputstream.md rename to java/old-change-notes/2021-06-22-more-steps-for-bytebuffer-inputstream.md diff --git a/java/change-notes/2021-06-22-util-optional.md b/java/old-change-notes/2021-06-22-util-optional.md similarity index 100% rename from java/change-notes/2021-06-22-util-optional.md rename to java/old-change-notes/2021-06-22-util-optional.md diff --git a/java/change-notes/2021-06-23-generic-type-names.md b/java/old-change-notes/2021-06-23-generic-type-names.md similarity index 100% rename from java/change-notes/2021-06-23-generic-type-names.md rename to java/old-change-notes/2021-06-23-generic-type-names.md diff --git a/java/change-notes/2021-06-24-dataflow-implicit-reads.md b/java/old-change-notes/2021-06-24-dataflow-implicit-reads.md similarity index 100% rename from java/change-notes/2021-06-24-dataflow-implicit-reads.md rename to java/old-change-notes/2021-06-24-dataflow-implicit-reads.md diff --git a/java/change-notes/2021-06-25-apache-collections-maputils-keyvalue.md b/java/old-change-notes/2021-06-25-apache-collections-maputils-keyvalue.md similarity index 100% rename from java/change-notes/2021-06-25-apache-collections-maputils-keyvalue.md rename to java/old-change-notes/2021-06-25-apache-collections-maputils-keyvalue.md diff --git a/java/change-notes/2021-06-25-jax-rs-content-types.md b/java/old-change-notes/2021-06-25-jax-rs-content-types.md similarity index 100% rename from java/change-notes/2021-06-25-jax-rs-content-types.md rename to java/old-change-notes/2021-06-25-jax-rs-content-types.md diff --git a/java/change-notes/2021-06-29-javax-json-models.md b/java/old-change-notes/2021-06-29-javax-json-models.md similarity index 100% rename from java/change-notes/2021-06-29-javax-json-models.md rename to java/old-change-notes/2021-06-29-javax-json-models.md diff --git a/java/change-notes/2021-07-01-spring-collections.md b/java/old-change-notes/2021-07-01-spring-collections.md similarity index 100% rename from java/change-notes/2021-07-01-spring-collections.md rename to java/old-change-notes/2021-07-01-spring-collections.md diff --git a/java/change-notes/2021-07-01-spring-webmultipart.md b/java/old-change-notes/2021-07-01-spring-webmultipart.md similarity index 100% rename from java/change-notes/2021-07-01-spring-webmultipart.md rename to java/old-change-notes/2021-07-01-spring-webmultipart.md diff --git a/java/change-notes/2021-07-01-spring-webutil.md b/java/old-change-notes/2021-07-01-spring-webutil.md similarity index 100% rename from java/change-notes/2021-07-01-spring-webutil.md rename to java/old-change-notes/2021-07-01-spring-webutil.md diff --git a/java/change-notes/2021-07-01-url-classloader-reactive-webclient.md b/java/old-change-notes/2021-07-01-url-classloader-reactive-webclient.md similarity index 100% rename from java/change-notes/2021-07-01-url-classloader-reactive-webclient.md rename to java/old-change-notes/2021-07-01-url-classloader-reactive-webclient.md diff --git a/java/change-notes/2021-07-02-split-queries.md b/java/old-change-notes/2021-07-02-split-queries.md similarity index 100% rename from java/change-notes/2021-07-02-split-queries.md rename to java/old-change-notes/2021-07-02-split-queries.md diff --git a/java/change-notes/2021-07-14-spring-jdbc.md b/java/old-change-notes/2021-07-14-spring-jdbc.md similarity index 100% rename from java/change-notes/2021-07-14-spring-jdbc.md rename to java/old-change-notes/2021-07-14-spring-jdbc.md diff --git a/java/change-notes/2021-07-19-json-java.md b/java/old-change-notes/2021-07-19-json-java.md similarity index 100% rename from java/change-notes/2021-07-19-json-java.md rename to java/old-change-notes/2021-07-19-json-java.md diff --git a/java/change-notes/2021-07-22-model-collection-constructors.md b/java/old-change-notes/2021-07-22-model-collection-constructors.md similarity index 100% rename from java/change-notes/2021-07-22-model-collection-constructors.md rename to java/old-change-notes/2021-07-22-model-collection-constructors.md diff --git a/java/change-notes/2021-07-27-apache-collections-base-package.md b/java/old-change-notes/2021-07-27-apache-collections-base-package.md similarity index 100% rename from java/change-notes/2021-07-27-apache-collections-base-package.md rename to java/old-change-notes/2021-07-27-apache-collections-base-package.md diff --git a/java/change-notes/2021-07-28-guava-cache.md b/java/old-change-notes/2021-07-28-guava-cache.md similarity index 100% rename from java/change-notes/2021-07-28-guava-cache.md rename to java/old-change-notes/2021-07-28-guava-cache.md diff --git a/java/change-notes/2021-08-02-android-intent-redirect-query.md b/java/old-change-notes/2021-08-02-android-intent-redirect-query.md similarity index 100% rename from java/change-notes/2021-08-02-android-intent-redirect-query.md rename to java/old-change-notes/2021-08-02-android-intent-redirect-query.md diff --git a/java/change-notes/2021-08-02-guava-collections.md b/java/old-change-notes/2021-08-02-guava-collections.md similarity index 100% rename from java/change-notes/2021-08-02-guava-collections.md rename to java/old-change-notes/2021-08-02-guava-collections.md diff --git a/java/change-notes/2021-08-03-spring-content-types.md b/java/old-change-notes/2021-08-03-spring-content-types.md similarity index 100% rename from java/change-notes/2021-08-03-spring-content-types.md rename to java/old-change-notes/2021-08-03-spring-content-types.md diff --git a/java/change-notes/2021-08-04-jabsorb-unsafe-deserialization.md b/java/old-change-notes/2021-08-04-jabsorb-unsafe-deserialization.md similarity index 100% rename from java/change-notes/2021-08-04-jabsorb-unsafe-deserialization.md rename to java/old-change-notes/2021-08-04-jabsorb-unsafe-deserialization.md diff --git a/java/change-notes/2021-08-05-jodd-unsafe-deserialization.md b/java/old-change-notes/2021-08-05-jodd-unsafe-deserialization.md similarity index 100% rename from java/change-notes/2021-08-05-jodd-unsafe-deserialization.md rename to java/old-change-notes/2021-08-05-jodd-unsafe-deserialization.md diff --git a/java/change-notes/2021-08-09-flexjson-unsafe-deserialization.md b/java/old-change-notes/2021-08-09-flexjson-unsafe-deserialization.md similarity index 100% rename from java/change-notes/2021-08-09-flexjson-unsafe-deserialization.md rename to java/old-change-notes/2021-08-09-flexjson-unsafe-deserialization.md diff --git a/java/change-notes/2021-08-10-gson-unsafe-deserialization.md b/java/old-change-notes/2021-08-10-gson-unsafe-deserialization.md similarity index 100% rename from java/change-notes/2021-08-10-gson-unsafe-deserialization.md rename to java/old-change-notes/2021-08-10-gson-unsafe-deserialization.md diff --git a/java/change-notes/2021-08-12-jax-rs-filter-sources.md b/java/old-change-notes/2021-08-12-jax-rs-filter-sources.md similarity index 100% rename from java/change-notes/2021-08-12-jax-rs-filter-sources.md rename to java/old-change-notes/2021-08-12-jax-rs-filter-sources.md diff --git a/java/change-notes/2021-08-23-getPrimaryQlClasses.md b/java/old-change-notes/2021-08-23-getPrimaryQlClasses.md similarity index 100% rename from java/change-notes/2021-08-23-getPrimaryQlClasses.md rename to java/old-change-notes/2021-08-23-getPrimaryQlClasses.md diff --git a/java/change-notes/2021-08-23-local-interfaces-enums.md b/java/old-change-notes/2021-08-23-local-interfaces-enums.md similarity index 100% rename from java/change-notes/2021-08-23-local-interfaces-enums.md rename to java/old-change-notes/2021-08-23-local-interfaces-enums.md diff --git a/java/change-notes/2021-08-24-downgrade-sql-unescaped.md b/java/old-change-notes/2021-08-24-downgrade-sql-unescaped.md similarity index 100% rename from java/change-notes/2021-08-24-downgrade-sql-unescaped.md rename to java/old-change-notes/2021-08-24-downgrade-sql-unescaped.md diff --git a/java/change-notes/2021-09-03-android-sensitive-broadcast.md b/java/old-change-notes/2021-09-03-android-sensitive-broadcast.md similarity index 100% rename from java/change-notes/2021-09-03-android-sensitive-broadcast.md rename to java/old-change-notes/2021-09-03-android-sensitive-broadcast.md diff --git a/java/change-notes/2021-09-13-android-uri.md b/java/old-change-notes/2021-09-13-android-uri.md similarity index 100% rename from java/change-notes/2021-09-13-android-uri.md rename to java/old-change-notes/2021-09-13-android-uri.md diff --git a/java/change-notes/2021-09-13-javadoc-type-parameters.md b/java/old-change-notes/2021-09-13-javadoc-type-parameters.md similarity index 100% rename from java/change-notes/2021-09-13-javadoc-type-parameters.md rename to java/old-change-notes/2021-09-13-javadoc-type-parameters.md diff --git a/java/change-notes/2021-09-13-location-toString.md b/java/old-change-notes/2021-09-13-location-toString.md similarity index 100% rename from java/change-notes/2021-09-13-location-toString.md rename to java/old-change-notes/2021-09-13-location-toString.md diff --git a/java/change-notes/2021-09-14-conditional-bypass-improvements.md b/java/old-change-notes/2021-09-14-conditional-bypass-improvements.md similarity index 100% rename from java/change-notes/2021-09-14-conditional-bypass-improvements.md rename to java/old-change-notes/2021-09-14-conditional-bypass-improvements.md diff --git a/java/change-notes/2021-09-14-jsf-support.md b/java/old-change-notes/2021-09-14-jsf-support.md similarity index 100% rename from java/change-notes/2021-09-14-jsf-support.md rename to java/old-change-notes/2021-09-14-jsf-support.md diff --git a/java/change-notes/2021-09-27-apache-collections-subpackages.md b/java/old-change-notes/2021-09-27-apache-collections-subpackages.md similarity index 100% rename from java/change-notes/2021-09-27-apache-collections-subpackages.md rename to java/old-change-notes/2021-09-27-apache-collections-subpackages.md diff --git a/java/change-notes/2021-10-07-java-util-stream.md b/java/old-change-notes/2021-10-07-java-util-stream.md similarity index 100% rename from java/change-notes/2021-10-07-java-util-stream.md rename to java/old-change-notes/2021-10-07-java-util-stream.md diff --git a/java/change-notes/2021-10-20-more-specific-types.md b/java/old-change-notes/2021-10-20-more-specific-types.md similarity index 100% rename from java/change-notes/2021-10-20-more-specific-types.md rename to java/old-change-notes/2021-10-20-more-specific-types.md diff --git a/java/change-notes/2021-10-29-deprecate-String-getRepresentedString.md b/java/old-change-notes/2021-10-29-deprecate-String-getRepresentedString.md similarity index 100% rename from java/change-notes/2021-10-29-deprecate-String-getRepresentedString.md rename to java/old-change-notes/2021-10-29-deprecate-String-getRepresentedString.md diff --git a/java/change-notes/2021-10-29-improved-ratpack-support.md b/java/old-change-notes/2021-10-29-improved-ratpack-support.md similarity index 100% rename from java/change-notes/2021-10-29-improved-ratpack-support.md rename to java/old-change-notes/2021-10-29-improved-ratpack-support.md diff --git a/java/change-notes/2021-10-29-optional-lambda-flow.md b/java/old-change-notes/2021-10-29-optional-lambda-flow.md similarity index 100% rename from java/change-notes/2021-10-29-optional-lambda-flow.md rename to java/old-change-notes/2021-10-29-optional-lambda-flow.md diff --git a/javascript/change-notes/2020-05-17-prototype-assignment.md b/javascript/old-change-notes/2020-05-17-prototype-assignment.md similarity index 100% rename from javascript/change-notes/2020-05-17-prototype-assignment.md rename to javascript/old-change-notes/2020-05-17-prototype-assignment.md diff --git a/javascript/change-notes/2020-11-06-date-functions.md b/javascript/old-change-notes/2020-11-06-date-functions.md similarity index 100% rename from javascript/change-notes/2020-11-06-date-functions.md rename to javascript/old-change-notes/2020-11-06-date-functions.md diff --git a/javascript/change-notes/2020-11-09-jwt.md b/javascript/old-change-notes/2020-11-09-jwt.md similarity index 100% rename from javascript/change-notes/2020-11-09-jwt.md rename to javascript/old-change-notes/2020-11-09-jwt.md diff --git a/javascript/change-notes/2020-11-11-react-hot-loader.md b/javascript/old-change-notes/2020-11-11-react-hot-loader.md similarity index 100% rename from javascript/change-notes/2020-11-11-react-hot-loader.md rename to javascript/old-change-notes/2020-11-11-react-hot-loader.md diff --git a/javascript/change-notes/2020-11-25-prototype-pollution.md b/javascript/old-change-notes/2020-11-25-prototype-pollution.md similarity index 100% rename from javascript/change-notes/2020-11-25-prototype-pollution.md rename to javascript/old-change-notes/2020-11-25-prototype-pollution.md diff --git a/javascript/change-notes/2020-11-30-loginjection.md b/javascript/old-change-notes/2020-11-30-loginjection.md similarity index 100% rename from javascript/change-notes/2020-11-30-loginjection.md rename to javascript/old-change-notes/2020-11-30-loginjection.md diff --git a/javascript/change-notes/2020-11-30-nosql.md b/javascript/old-change-notes/2020-11-30-nosql.md similarity index 100% rename from javascript/change-notes/2020-11-30-nosql.md rename to javascript/old-change-notes/2020-11-30-nosql.md diff --git a/javascript/change-notes/2020-12-02-typescript-4.1.md b/javascript/old-change-notes/2020-12-02-typescript-4.1.md similarity index 100% rename from javascript/change-notes/2020-12-02-typescript-4.1.md rename to javascript/old-change-notes/2020-12-02-typescript-4.1.md diff --git a/javascript/change-notes/2020-12-09-external-flow-sources.md b/javascript/old-change-notes/2020-12-09-external-flow-sources.md similarity index 100% rename from javascript/change-notes/2020-12-09-external-flow-sources.md rename to javascript/old-change-notes/2020-12-09-external-flow-sources.md diff --git a/javascript/change-notes/2020-12-16-build-artifact-leak.md b/javascript/old-change-notes/2020-12-16-build-artifact-leak.md similarity index 100% rename from javascript/change-notes/2020-12-16-build-artifact-leak.md rename to javascript/old-change-notes/2020-12-16-build-artifact-leak.md diff --git a/javascript/change-notes/2020-12-16-indirect-cmd-libraries.md b/javascript/old-change-notes/2020-12-16-indirect-cmd-libraries.md similarity index 100% rename from javascript/change-notes/2020-12-16-indirect-cmd-libraries.md rename to javascript/old-change-notes/2020-12-16-indirect-cmd-libraries.md diff --git a/javascript/change-notes/2020-12-22-execa.md b/javascript/old-change-notes/2020-12-22-execa.md similarity index 100% rename from javascript/change-notes/2020-12-22-execa.md rename to javascript/old-change-notes/2020-12-22-execa.md diff --git a/javascript/change-notes/2021-01-04-superliniar-redos.md b/javascript/old-change-notes/2021-01-04-superliniar-redos.md similarity index 100% rename from javascript/change-notes/2021-01-04-superliniar-redos.md rename to javascript/old-change-notes/2021-01-04-superliniar-redos.md diff --git a/javascript/change-notes/2021-01-08-js-incomplete-multi-character-sanitization.md b/javascript/old-change-notes/2021-01-08-js-incomplete-multi-character-sanitization.md similarity index 100% rename from javascript/change-notes/2021-01-08-js-incomplete-multi-character-sanitization.md rename to javascript/old-change-notes/2021-01-08-js-incomplete-multi-character-sanitization.md diff --git a/javascript/change-notes/2021-01-14-polynomial-redos.md b/javascript/old-change-notes/2021-01-14-polynomial-redos.md similarity index 100% rename from javascript/change-notes/2021-01-14-polynomial-redos.md rename to javascript/old-change-notes/2021-01-14-polynomial-redos.md diff --git a/javascript/change-notes/2021-01-18-angular-templates.md b/javascript/old-change-notes/2021-01-18-angular-templates.md similarity index 100% rename from javascript/change-notes/2021-01-18-angular-templates.md rename to javascript/old-change-notes/2021-01-18-angular-templates.md diff --git a/javascript/change-notes/2021-01-18-server-crash.md b/javascript/old-change-notes/2021-01-18-server-crash.md similarity index 100% rename from javascript/change-notes/2021-01-18-server-crash.md rename to javascript/old-change-notes/2021-01-18-server-crash.md diff --git a/javascript/change-notes/2021-01-21-type-inference-compound.md b/javascript/old-change-notes/2021-01-21-type-inference-compound.md similarity index 100% rename from javascript/change-notes/2021-01-21-type-inference-compound.md rename to javascript/old-change-notes/2021-01-21-type-inference-compound.md diff --git a/javascript/change-notes/2021-01-21-unneeded-defensive-code.md b/javascript/old-change-notes/2021-01-21-unneeded-defensive-code.md similarity index 100% rename from javascript/change-notes/2021-01-21-unneeded-defensive-code.md rename to javascript/old-change-notes/2021-01-21-unneeded-defensive-code.md diff --git a/javascript/change-notes/2021-02-08-immutable.md b/javascript/old-change-notes/2021-02-08-immutable.md similarity index 100% rename from javascript/change-notes/2021-02-08-immutable.md rename to javascript/old-change-notes/2021-02-08-immutable.md diff --git a/javascript/change-notes/2021-02-08-xml-parser-taint.md b/javascript/old-change-notes/2021-02-08-xml-parser-taint.md similarity index 100% rename from javascript/change-notes/2021-02-08-xml-parser-taint.md rename to javascript/old-change-notes/2021-02-08-xml-parser-taint.md diff --git a/javascript/change-notes/2021-02-08-xss-through-dom-forms.md b/javascript/old-change-notes/2021-02-08-xss-through-dom-forms.md similarity index 100% rename from javascript/change-notes/2021-02-08-xss-through-dom-forms.md rename to javascript/old-change-notes/2021-02-08-xss-through-dom-forms.md diff --git a/javascript/change-notes/2021-02-09-form-parsers.md b/javascript/old-change-notes/2021-02-09-form-parsers.md similarity index 100% rename from javascript/change-notes/2021-02-09-form-parsers.md rename to javascript/old-change-notes/2021-02-09-form-parsers.md diff --git a/javascript/change-notes/2021-02-10-markdown.md b/javascript/old-change-notes/2021-02-10-markdown.md similarity index 100% rename from javascript/change-notes/2021-02-10-markdown.md rename to javascript/old-change-notes/2021-02-10-markdown.md diff --git a/javascript/change-notes/2021-02-11-apollo-client.md b/javascript/old-change-notes/2021-02-11-apollo-client.md similarity index 100% rename from javascript/change-notes/2021-02-11-apollo-client.md rename to javascript/old-change-notes/2021-02-11-apollo-client.md diff --git a/javascript/change-notes/2021-02-16-vue-router.md b/javascript/old-change-notes/2021-02-16-vue-router.md similarity index 100% rename from javascript/change-notes/2021-02-16-vue-router.md rename to javascript/old-change-notes/2021-02-16-vue-router.md diff --git a/javascript/change-notes/2021-02-18-next-js.md b/javascript/old-change-notes/2021-02-18-next-js.md similarity index 100% rename from javascript/change-notes/2021-02-18-next-js.md rename to javascript/old-change-notes/2021-02-18-next-js.md diff --git a/javascript/change-notes/2021-02-18-typescript-4.2.md b/javascript/old-change-notes/2021-02-18-typescript-4.2.md similarity index 100% rename from javascript/change-notes/2021-02-18-typescript-4.2.md rename to javascript/old-change-notes/2021-02-18-typescript-4.2.md diff --git a/javascript/change-notes/2021-02-25-event-handler-receiver-is-dom-element.md b/javascript/old-change-notes/2021-02-25-event-handler-receiver-is-dom-element.md similarity index 100% rename from javascript/change-notes/2021-02-25-event-handler-receiver-is-dom-element.md rename to javascript/old-change-notes/2021-02-25-event-handler-receiver-is-dom-element.md diff --git a/javascript/change-notes/2021-02-25-http-proxy.md b/javascript/old-change-notes/2021-02-25-http-proxy.md similarity index 100% rename from javascript/change-notes/2021-02-25-http-proxy.md rename to javascript/old-change-notes/2021-02-25-http-proxy.md diff --git a/javascript/change-notes/2021-02-26-form-data.md b/javascript/old-change-notes/2021-02-26-form-data.md similarity index 100% rename from javascript/change-notes/2021-02-26-form-data.md rename to javascript/old-change-notes/2021-02-26-form-data.md diff --git a/javascript/change-notes/2021-03-01-ajv.md b/javascript/old-change-notes/2021-03-01-ajv.md similarity index 100% rename from javascript/change-notes/2021-03-01-ajv.md rename to javascript/old-change-notes/2021-03-01-ajv.md diff --git a/javascript/change-notes/2021-03-09-template-object-injection.md b/javascript/old-change-notes/2021-03-09-template-object-injection.md similarity index 100% rename from javascript/change-notes/2021-03-09-template-object-injection.md rename to javascript/old-change-notes/2021-03-09-template-object-injection.md diff --git a/javascript/change-notes/2021-03-10-d3.md b/javascript/old-change-notes/2021-03-10-d3.md similarity index 100% rename from javascript/change-notes/2021-03-10-d3.md rename to javascript/old-change-notes/2021-03-10-d3.md diff --git a/javascript/change-notes/2021-03-15-client-side-remote-flow-sources.md b/javascript/old-change-notes/2021-03-15-client-side-remote-flow-sources.md similarity index 100% rename from javascript/change-notes/2021-03-15-client-side-remote-flow-sources.md rename to javascript/old-change-notes/2021-03-15-client-side-remote-flow-sources.md diff --git a/javascript/change-notes/2021-03-17-koa-route.md b/javascript/old-change-notes/2021-03-17-koa-route.md similarity index 100% rename from javascript/change-notes/2021-03-17-koa-route.md rename to javascript/old-change-notes/2021-03-17-koa-route.md diff --git a/javascript/change-notes/2021-03-17-precise-regex-replace.md b/javascript/old-change-notes/2021-03-17-precise-regex-replace.md similarity index 100% rename from javascript/change-notes/2021-03-17-precise-regex-replace.md rename to javascript/old-change-notes/2021-03-17-precise-regex-replace.md diff --git a/javascript/change-notes/2021-03-17-puppeteer.md b/javascript/old-change-notes/2021-03-17-puppeteer.md similarity index 100% rename from javascript/change-notes/2021-03-17-puppeteer.md rename to javascript/old-change-notes/2021-03-17-puppeteer.md diff --git a/javascript/change-notes/2021-03-19-async-execute.md b/javascript/old-change-notes/2021-03-19-async-execute.md similarity index 100% rename from javascript/change-notes/2021-03-19-async-execute.md rename to javascript/old-change-notes/2021-03-19-async-execute.md diff --git a/javascript/change-notes/2021-03-23-accessor-calls.md b/javascript/old-change-notes/2021-03-23-accessor-calls.md similarity index 100% rename from javascript/change-notes/2021-03-23-accessor-calls.md rename to javascript/old-change-notes/2021-03-23-accessor-calls.md diff --git a/javascript/change-notes/2021-03-25-remove-legacy-code-duplication-library.md b/javascript/old-change-notes/2021-03-25-remove-legacy-code-duplication-library.md similarity index 100% rename from javascript/change-notes/2021-03-25-remove-legacy-code-duplication-library.md rename to javascript/old-change-notes/2021-03-25-remove-legacy-code-duplication-library.md diff --git a/javascript/change-notes/2021-03-25-remove-legacy-filter-queries.md b/javascript/old-change-notes/2021-03-25-remove-legacy-filter-queries.md similarity index 100% rename from javascript/change-notes/2021-03-25-remove-legacy-filter-queries.md rename to javascript/old-change-notes/2021-03-25-remove-legacy-filter-queries.md diff --git a/javascript/change-notes/2021-03-29-misc-steps.md b/javascript/old-change-notes/2021-03-29-misc-steps.md similarity index 100% rename from javascript/change-notes/2021-03-29-misc-steps.md rename to javascript/old-change-notes/2021-03-29-misc-steps.md diff --git a/javascript/change-notes/2021-03-29-pg-promise.md b/javascript/old-change-notes/2021-03-29-pg-promise.md similarity index 100% rename from javascript/change-notes/2021-03-29-pg-promise.md rename to javascript/old-change-notes/2021-03-29-pg-promise.md diff --git a/javascript/change-notes/2021-03-30-sql-models.md b/javascript/old-change-notes/2021-03-30-sql-models.md similarity index 100% rename from javascript/change-notes/2021-03-30-sql-models.md rename to javascript/old-change-notes/2021-03-30-sql-models.md diff --git a/javascript/change-notes/2021-04-01-tsconfig-file-inclusion-handling.md b/javascript/old-change-notes/2021-04-01-tsconfig-file-inclusion-handling.md similarity index 100% rename from javascript/change-notes/2021-04-01-tsconfig-file-inclusion-handling.md rename to javascript/old-change-notes/2021-04-01-tsconfig-file-inclusion-handling.md diff --git a/javascript/change-notes/2021-04-08-redux.md b/javascript/old-change-notes/2021-04-08-redux.md similarity index 100% rename from javascript/change-notes/2021-04-08-redux.md rename to javascript/old-change-notes/2021-04-08-redux.md diff --git a/javascript/change-notes/2021-04-12-disabling-certificate-validation.md b/javascript/old-change-notes/2021-04-12-disabling-certificate-validation.md similarity index 100% rename from javascript/change-notes/2021-04-12-disabling-certificate-validation.md rename to javascript/old-change-notes/2021-04-12-disabling-certificate-validation.md diff --git a/javascript/change-notes/2021-04-15-fs-promises.md b/javascript/old-change-notes/2021-04-15-fs-promises.md similarity index 100% rename from javascript/change-notes/2021-04-15-fs-promises.md rename to javascript/old-change-notes/2021-04-15-fs-promises.md diff --git a/javascript/change-notes/2021-04-15-markdownit.md b/javascript/old-change-notes/2021-04-15-markdownit.md similarity index 100% rename from javascript/change-notes/2021-04-15-markdownit.md rename to javascript/old-change-notes/2021-04-15-markdownit.md diff --git a/javascript/change-notes/2021-04-15-nestjs.md b/javascript/old-change-notes/2021-04-15-nestjs.md similarity index 100% rename from javascript/change-notes/2021-04-15-nestjs.md rename to javascript/old-change-notes/2021-04-15-nestjs.md diff --git a/javascript/change-notes/2021-04-15-typescript-template-literal-type-crash.md b/javascript/old-change-notes/2021-04-15-typescript-template-literal-type-crash.md similarity index 100% rename from javascript/change-notes/2021-04-15-typescript-template-literal-type-crash.md rename to javascript/old-change-notes/2021-04-15-typescript-template-literal-type-crash.md diff --git a/javascript/change-notes/2021-04-21-rate-limiting-fixes.md b/javascript/old-change-notes/2021-04-21-rate-limiting-fixes.md similarity index 100% rename from javascript/change-notes/2021-04-21-rate-limiting-fixes.md rename to javascript/old-change-notes/2021-04-21-rate-limiting-fixes.md diff --git a/javascript/change-notes/2021-04-26-unsafe-html-construction.md b/javascript/old-change-notes/2021-04-26-unsafe-html-construction.md similarity index 100% rename from javascript/change-notes/2021-04-26-unsafe-html-construction.md rename to javascript/old-change-notes/2021-04-26-unsafe-html-construction.md diff --git a/javascript/change-notes/2021-04-27-anser.md b/javascript/old-change-notes/2021-04-27-anser.md similarity index 100% rename from javascript/change-notes/2021-04-27-anser.md rename to javascript/old-change-notes/2021-04-27-anser.md diff --git a/javascript/change-notes/2021-05-10-sqlite3-chaining.md b/javascript/old-change-notes/2021-05-10-sqlite3-chaining.md similarity index 100% rename from javascript/change-notes/2021-05-10-sqlite3-chaining.md rename to javascript/old-change-notes/2021-05-10-sqlite3-chaining.md diff --git a/javascript/change-notes/2021-05-18-clone.md b/javascript/old-change-notes/2021-05-18-clone.md similarity index 100% rename from javascript/change-notes/2021-05-18-clone.md rename to javascript/old-change-notes/2021-05-18-clone.md diff --git a/javascript/change-notes/2021-05-31-typescript-4.3.md b/javascript/old-change-notes/2021-05-31-typescript-4.3.md similarity index 100% rename from javascript/change-notes/2021-05-31-typescript-4.3.md rename to javascript/old-change-notes/2021-05-31-typescript-4.3.md diff --git a/javascript/change-notes/2021-06-02-debug.md b/javascript/old-change-notes/2021-06-02-debug.md similarity index 100% rename from javascript/change-notes/2021-06-02-debug.md rename to javascript/old-change-notes/2021-06-02-debug.md diff --git a/javascript/change-notes/2021-06-02-prettier.md b/javascript/old-change-notes/2021-06-02-prettier.md similarity index 100% rename from javascript/change-notes/2021-06-02-prettier.md rename to javascript/old-change-notes/2021-06-02-prettier.md diff --git a/javascript/change-notes/2021-06-02-webpack-merge.md b/javascript/old-change-notes/2021-06-02-webpack-merge.md similarity index 100% rename from javascript/change-notes/2021-06-02-webpack-merge.md rename to javascript/old-change-notes/2021-06-02-webpack-merge.md diff --git a/javascript/change-notes/2021-06-03-history.md b/javascript/old-change-notes/2021-06-03-history.md similarity index 100% rename from javascript/change-notes/2021-06-03-history.md rename to javascript/old-change-notes/2021-06-03-history.md diff --git a/javascript/change-notes/2021-06-04-resolve.md b/javascript/old-change-notes/2021-06-04-resolve.md similarity index 100% rename from javascript/change-notes/2021-06-04-resolve.md rename to javascript/old-change-notes/2021-06-04-resolve.md diff --git a/javascript/change-notes/2021-06-04-whatwg-fetch.md b/javascript/old-change-notes/2021-06-04-whatwg-fetch.md similarity index 100% rename from javascript/change-notes/2021-06-04-whatwg-fetch.md rename to javascript/old-change-notes/2021-06-04-whatwg-fetch.md diff --git a/javascript/change-notes/2021-06-06-serialize-javascript.md b/javascript/old-change-notes/2021-06-06-serialize-javascript.md similarity index 100% rename from javascript/change-notes/2021-06-06-serialize-javascript.md rename to javascript/old-change-notes/2021-06-06-serialize-javascript.md diff --git a/javascript/change-notes/2021-06-06-serve-handler.md b/javascript/old-change-notes/2021-06-06-serve-handler.md similarity index 100% rename from javascript/change-notes/2021-06-06-serve-handler.md rename to javascript/old-change-notes/2021-06-06-serve-handler.md diff --git a/javascript/change-notes/2021-06-07-joi.md b/javascript/old-change-notes/2021-06-07-joi.md similarity index 100% rename from javascript/change-notes/2021-06-07-joi.md rename to javascript/old-change-notes/2021-06-07-joi.md diff --git a/javascript/change-notes/2021-06-07-serverless.md b/javascript/old-change-notes/2021-06-07-serverless.md similarity index 100% rename from javascript/change-notes/2021-06-07-serverless.md rename to javascript/old-change-notes/2021-06-07-serverless.md diff --git a/javascript/change-notes/2021-06-09-graphql.md b/javascript/old-change-notes/2021-06-09-graphql.md similarity index 100% rename from javascript/change-notes/2021-06-09-graphql.md rename to javascript/old-change-notes/2021-06-09-graphql.md diff --git a/javascript/change-notes/2021-06-11-knex.md b/javascript/old-change-notes/2021-06-11-knex.md similarity index 100% rename from javascript/change-notes/2021-06-11-knex.md rename to javascript/old-change-notes/2021-06-11-knex.md diff --git a/javascript/change-notes/2021-06-14-script-with-tsx-lang.md b/javascript/old-change-notes/2021-06-14-script-with-tsx-lang.md similarity index 100% rename from javascript/change-notes/2021-06-14-script-with-tsx-lang.md rename to javascript/old-change-notes/2021-06-14-script-with-tsx-lang.md diff --git a/javascript/change-notes/2021-06-18-promises.md b/javascript/old-change-notes/2021-06-18-promises.md similarity index 100% rename from javascript/change-notes/2021-06-18-promises.md rename to javascript/old-change-notes/2021-06-18-promises.md diff --git a/javascript/change-notes/2021-06-21-dates.md b/javascript/old-change-notes/2021-06-21-dates.md similarity index 100% rename from javascript/change-notes/2021-06-21-dates.md rename to javascript/old-change-notes/2021-06-21-dates.md diff --git a/javascript/change-notes/2021-06-21-promisify.md b/javascript/old-change-notes/2021-06-21-promisify.md similarity index 100% rename from javascript/change-notes/2021-06-21-promisify.md rename to javascript/old-change-notes/2021-06-21-promisify.md diff --git a/javascript/change-notes/2021-06-21-sharpen-match-calls.md b/javascript/old-change-notes/2021-06-21-sharpen-match-calls.md similarity index 100% rename from javascript/change-notes/2021-06-21-sharpen-match-calls.md rename to javascript/old-change-notes/2021-06-21-sharpen-match-calls.md diff --git a/javascript/change-notes/2021-06-22-chokidar.md b/javascript/old-change-notes/2021-06-22-chokidar.md similarity index 100% rename from javascript/change-notes/2021-06-22-chokidar.md rename to javascript/old-change-notes/2021-06-22-chokidar.md diff --git a/javascript/change-notes/2021-06-22-colors.md b/javascript/old-change-notes/2021-06-22-colors.md similarity index 100% rename from javascript/change-notes/2021-06-22-colors.md rename to javascript/old-change-notes/2021-06-22-colors.md diff --git a/javascript/change-notes/2021-06-22-templates.md b/javascript/old-change-notes/2021-06-22-templates.md similarity index 100% rename from javascript/change-notes/2021-06-22-templates.md rename to javascript/old-change-notes/2021-06-22-templates.md diff --git a/javascript/change-notes/2021-06-24-json.md b/javascript/old-change-notes/2021-06-24-json.md similarity index 100% rename from javascript/change-notes/2021-06-24-json.md rename to javascript/old-change-notes/2021-06-24-json.md diff --git a/javascript/change-notes/2021-06-30-mootools.md b/javascript/old-change-notes/2021-06-30-mootools.md similarity index 100% rename from javascript/change-notes/2021-06-30-mootools.md rename to javascript/old-change-notes/2021-06-30-mootools.md diff --git a/javascript/change-notes/2021-06-30-recompose.md b/javascript/old-change-notes/2021-06-30-recompose.md similarity index 100% rename from javascript/change-notes/2021-06-30-recompose.md rename to javascript/old-change-notes/2021-06-30-recompose.md diff --git a/javascript/change-notes/2021-06-30-vuex.md b/javascript/old-change-notes/2021-06-30-vuex.md similarity index 100% rename from javascript/change-notes/2021-06-30-vuex.md rename to javascript/old-change-notes/2021-06-30-vuex.md diff --git a/javascript/change-notes/2021-07-12-case.md b/javascript/old-change-notes/2021-07-12-case.md similarity index 100% rename from javascript/change-notes/2021-07-12-case.md rename to javascript/old-change-notes/2021-07-12-case.md diff --git a/javascript/change-notes/2021-07-12-logs.md b/javascript/old-change-notes/2021-07-12-logs.md similarity index 100% rename from javascript/change-notes/2021-07-12-logs.md rename to javascript/old-change-notes/2021-07-12-logs.md diff --git a/javascript/change-notes/2021-07-12-more-precise-capture-steps.md b/javascript/old-change-notes/2021-07-12-more-precise-capture-steps.md similarity index 100% rename from javascript/change-notes/2021-07-12-more-precise-capture-steps.md rename to javascript/old-change-notes/2021-07-12-more-precise-capture-steps.md diff --git a/javascript/change-notes/2021-07-12-read-pkg.md b/javascript/old-change-notes/2021-07-12-read-pkg.md similarity index 100% rename from javascript/change-notes/2021-07-12-read-pkg.md rename to javascript/old-change-notes/2021-07-12-read-pkg.md diff --git a/javascript/change-notes/2021-07-12-slash.md b/javascript/old-change-notes/2021-07-12-slash.md similarity index 100% rename from javascript/change-notes/2021-07-12-slash.md rename to javascript/old-change-notes/2021-07-12-slash.md diff --git a/javascript/change-notes/2021-07-14-mkdirp.md b/javascript/old-change-notes/2021-07-14-mkdirp.md similarity index 100% rename from javascript/change-notes/2021-07-14-mkdirp.md rename to javascript/old-change-notes/2021-07-14-mkdirp.md diff --git a/javascript/change-notes/2021-07-14-querystring.md b/javascript/old-change-notes/2021-07-14-querystring.md similarity index 100% rename from javascript/change-notes/2021-07-14-querystring.md rename to javascript/old-change-notes/2021-07-14-querystring.md diff --git a/javascript/change-notes/2021-07-14-react-tooltip.md b/javascript/old-change-notes/2021-07-14-react-tooltip.md similarity index 100% rename from javascript/change-notes/2021-07-14-react-tooltip.md rename to javascript/old-change-notes/2021-07-14-react-tooltip.md diff --git a/javascript/change-notes/2021-07-15-ansi-to-html.md b/javascript/old-change-notes/2021-07-15-ansi-to-html.md similarity index 100% rename from javascript/change-notes/2021-07-15-ansi-to-html.md rename to javascript/old-change-notes/2021-07-15-ansi-to-html.md diff --git a/javascript/change-notes/2021-07-15-array-libs.md b/javascript/old-change-notes/2021-07-15-array-libs.md similarity index 100% rename from javascript/change-notes/2021-07-15-array-libs.md rename to javascript/old-change-notes/2021-07-15-array-libs.md diff --git a/javascript/change-notes/2021-07-15-sort-keys.md b/javascript/old-change-notes/2021-07-15-sort-keys.md similarity index 100% rename from javascript/change-notes/2021-07-15-sort-keys.md rename to javascript/old-change-notes/2021-07-15-sort-keys.md diff --git a/javascript/change-notes/2021-07-16-dom-element-methods.md b/javascript/old-change-notes/2021-07-16-dom-element-methods.md similarity index 100% rename from javascript/change-notes/2021-07-16-dom-element-methods.md rename to javascript/old-change-notes/2021-07-16-dom-element-methods.md diff --git a/javascript/change-notes/2021-08-02-handlebars-extraction.md b/javascript/old-change-notes/2021-08-02-handlebars-extraction.md similarity index 100% rename from javascript/change-notes/2021-08-02-handlebars-extraction.md rename to javascript/old-change-notes/2021-08-02-handlebars-extraction.md diff --git a/javascript/change-notes/2021-08-03-hardcoded-auth-headers.md b/javascript/old-change-notes/2021-08-03-hardcoded-auth-headers.md similarity index 100% rename from javascript/change-notes/2021-08-03-hardcoded-auth-headers.md rename to javascript/old-change-notes/2021-08-03-hardcoded-auth-headers.md diff --git a/javascript/change-notes/2021-08-05-tainted-url-suffix.md b/javascript/old-change-notes/2021-08-05-tainted-url-suffix.md similarity index 100% rename from javascript/change-notes/2021-08-05-tainted-url-suffix.md rename to javascript/old-change-notes/2021-08-05-tainted-url-suffix.md diff --git a/javascript/change-notes/2021-08-16-query-suffix-convention2.md b/javascript/old-change-notes/2021-08-16-query-suffix-convention2.md similarity index 100% rename from javascript/change-notes/2021-08-16-query-suffix-convention2.md rename to javascript/old-change-notes/2021-08-16-query-suffix-convention2.md diff --git a/javascript/change-notes/2021-08-17-incomplete-multi-char-sanitization.md b/javascript/old-change-notes/2021-08-17-incomplete-multi-char-sanitization.md similarity index 100% rename from javascript/change-notes/2021-08-17-incomplete-multi-char-sanitization.md rename to javascript/old-change-notes/2021-08-17-incomplete-multi-char-sanitization.md diff --git a/javascript/change-notes/2021-08-17-vue-component-renaming.md b/javascript/old-change-notes/2021-08-17-vue-component-renaming.md similarity index 100% rename from javascript/change-notes/2021-08-17-vue-component-renaming.md rename to javascript/old-change-notes/2021-08-17-vue-component-renaming.md diff --git a/javascript/change-notes/2021-08-23-getPrimaryQlClasses.md b/javascript/old-change-notes/2021-08-23-getPrimaryQlClasses.md similarity index 100% rename from javascript/change-notes/2021-08-23-getPrimaryQlClasses.md rename to javascript/old-change-notes/2021-08-23-getPrimaryQlClasses.md diff --git a/javascript/change-notes/2021-08-24-tainted-path-cwd.md b/javascript/old-change-notes/2021-08-24-tainted-path-cwd.md similarity index 100% rename from javascript/change-notes/2021-08-24-tainted-path-cwd.md rename to javascript/old-change-notes/2021-08-24-tainted-path-cwd.md diff --git a/javascript/change-notes/2021-08-26-bad-tag-filter.md b/javascript/old-change-notes/2021-08-26-bad-tag-filter.md similarity index 100% rename from javascript/change-notes/2021-08-26-bad-tag-filter.md rename to javascript/old-change-notes/2021-08-26-bad-tag-filter.md diff --git a/javascript/change-notes/2021-08-30-live-server.md b/javascript/old-change-notes/2021-08-30-live-server.md similarity index 100% rename from javascript/change-notes/2021-08-30-live-server.md rename to javascript/old-change-notes/2021-08-30-live-server.md diff --git a/javascript/change-notes/2021-09-01-clipboard-data.md b/javascript/old-change-notes/2021-09-01-clipboard-data.md similarity index 100% rename from javascript/change-notes/2021-09-01-clipboard-data.md rename to javascript/old-change-notes/2021-09-01-clipboard-data.md diff --git a/javascript/change-notes/2021-09-01-typescript-4.4.md b/javascript/old-change-notes/2021-09-01-typescript-4.4.md similarity index 100% rename from javascript/change-notes/2021-09-01-typescript-4.4.md rename to javascript/old-change-notes/2021-09-01-typescript-4.4.md diff --git a/javascript/change-notes/2021-09-07-static-initializer.md b/javascript/old-change-notes/2021-09-07-static-initializer.md similarity index 100% rename from javascript/change-notes/2021-09-07-static-initializer.md rename to javascript/old-change-notes/2021-09-07-static-initializer.md diff --git a/javascript/change-notes/2021-10-01-ldap.md b/javascript/old-change-notes/2021-10-01-ldap.md similarity index 100% rename from javascript/change-notes/2021-10-01-ldap.md rename to javascript/old-change-notes/2021-10-01-ldap.md diff --git a/javascript/change-notes/2021-10-26-cookie-queries.md b/javascript/old-change-notes/2021-10-26-cookie-queries.md similarity index 100% rename from javascript/change-notes/2021-10-26-cookie-queries.md rename to javascript/old-change-notes/2021-10-26-cookie-queries.md diff --git a/python/change-notes/2020-11-25-better-open-models.md b/python/old-change-notes/2020-11-25-better-open-models.md similarity index 100% rename from python/change-notes/2020-11-25-better-open-models.md rename to python/old-change-notes/2020-11-25-better-open-models.md diff --git a/python/change-notes/2020-12-03-model-realpath-abspath.md b/python/old-change-notes/2020-12-03-model-realpath-abspath.md similarity index 100% rename from python/change-notes/2020-12-03-model-realpath-abspath.md rename to python/old-change-notes/2020-12-03-model-realpath-abspath.md diff --git a/python/change-notes/2020-12-04-django-class-based-view-handlers.md b/python/old-change-notes/2020-12-04-django-class-based-view-handlers.md similarity index 100% rename from python/change-notes/2020-12-04-django-class-based-view-handlers.md rename to python/old-change-notes/2020-12-04-django-class-based-view-handlers.md diff --git a/python/change-notes/2020-12-08-stdlib-http-source-modeling.md b/python/old-change-notes/2020-12-08-stdlib-http-source-modeling.md similarity index 100% rename from python/change-notes/2020-12-08-stdlib-http-source-modeling.md rename to python/old-change-notes/2020-12-08-stdlib-http-source-modeling.md diff --git a/python/change-notes/2020-12-09-add-sqlite3-model.md b/python/old-change-notes/2020-12-09-add-sqlite3-model.md similarity index 100% rename from python/change-notes/2020-12-09-add-sqlite3-model.md rename to python/old-change-notes/2020-12-09-add-sqlite3-model.md diff --git a/python/change-notes/2020-12-14-add-PyMySQL-model.md b/python/old-change-notes/2020-12-14-add-PyMySQL-model.md similarity index 100% rename from python/change-notes/2020-12-14-add-PyMySQL-model.md rename to python/old-change-notes/2020-12-14-add-PyMySQL-model.md diff --git a/python/change-notes/2020-12-21-django-with-unknown-route.md b/python/old-change-notes/2020-12-21-django-with-unknown-route.md similarity index 100% rename from python/change-notes/2020-12-21-django-with-unknown-route.md rename to python/old-change-notes/2020-12-21-django-with-unknown-route.md diff --git a/python/change-notes/2020-12-22-tornado-source-modeling.md b/python/old-change-notes/2020-12-22-tornado-source-modeling.md similarity index 100% rename from python/change-notes/2020-12-22-tornado-source-modeling.md rename to python/old-change-notes/2020-12-22-tornado-source-modeling.md diff --git a/python/change-notes/2021-01-12-flask-class-based-view-handlers.md b/python/old-change-notes/2021-01-12-flask-class-based-view-handlers.md similarity index 100% rename from python/change-notes/2021-01-12-flask-class-based-view-handlers.md rename to python/old-change-notes/2021-01-12-flask-class-based-view-handlers.md diff --git a/python/change-notes/2021-01-19-port-url-redirect-query.md b/python/old-change-notes/2021-01-19-port-url-redirect-query.md similarity index 100% rename from python/change-notes/2021-01-19-port-url-redirect-query.md rename to python/old-change-notes/2021-01-19-port-url-redirect-query.md diff --git a/python/change-notes/2021-02-02-port-weak-crypto-key-query.md b/python/old-change-notes/2021-02-02-port-weak-crypto-key-query.md similarity index 100% rename from python/change-notes/2021-02-02-port-weak-crypto-key-query.md rename to python/old-change-notes/2021-02-02-port-weak-crypto-key-query.md diff --git a/python/change-notes/2021-02-03-flask-add-blueprint-modeling.md b/python/old-change-notes/2021-02-03-flask-add-blueprint-modeling.md similarity index 100% rename from python/change-notes/2021-02-03-flask-add-blueprint-modeling.md rename to python/old-change-notes/2021-02-03-flask-add-blueprint-modeling.md diff --git a/python/change-notes/2021-02-04-api-graphs.md b/python/old-change-notes/2021-02-04-api-graphs.md similarity index 100% rename from python/change-notes/2021-02-04-api-graphs.md rename to python/old-change-notes/2021-02-04-api-graphs.md diff --git a/python/change-notes/2021-02-10-django-improvements.md b/python/old-change-notes/2021-02-10-django-improvements.md similarity index 100% rename from python/change-notes/2021-02-10-django-improvements.md rename to python/old-change-notes/2021-02-10-django-improvements.md diff --git a/python/change-notes/2021-02-10-yaml-more-loading-functions.md b/python/old-change-notes/2021-02-10-yaml-more-loading-functions.md similarity index 100% rename from python/change-notes/2021-02-10-yaml-more-loading-functions.md rename to python/old-change-notes/2021-02-10-yaml-more-loading-functions.md diff --git a/python/change-notes/2021-02-12-django-get_redirect_url.md b/python/old-change-notes/2021-02-12-django-get_redirect_url.md similarity index 100% rename from python/change-notes/2021-02-12-django-get_redirect_url.md rename to python/old-change-notes/2021-02-12-django-get_redirect_url.md diff --git a/python/change-notes/2021-02-18-type-backtrackers.md b/python/old-change-notes/2021-02-18-type-backtrackers.md similarity index 100% rename from python/change-notes/2021-02-18-type-backtrackers.md rename to python/old-change-notes/2021-02-18-type-backtrackers.md diff --git a/python/change-notes/2021-02-23-port-bind-to-all-interfaces.md b/python/old-change-notes/2021-02-23-port-bind-to-all-interfaces.md similarity index 100% rename from python/change-notes/2021-02-23-port-bind-to-all-interfaces.md rename to python/old-change-notes/2021-02-23-port-bind-to-all-interfaces.md diff --git a/python/change-notes/2021-02-23-port-insecure-default-protocol.md b/python/old-change-notes/2021-02-23-port-insecure-default-protocol.md similarity index 100% rename from python/change-notes/2021-02-23-port-insecure-default-protocol.md rename to python/old-change-notes/2021-02-23-port-insecure-default-protocol.md diff --git a/python/change-notes/2021-02-24-port-flask-debug.md b/python/old-change-notes/2021-02-24-port-flask-debug.md similarity index 100% rename from python/change-notes/2021-02-24-port-flask-debug.md rename to python/old-change-notes/2021-02-24-port-flask-debug.md diff --git a/python/change-notes/2021-02-25-port-stactrace-exposure-query.md b/python/old-change-notes/2021-02-25-port-stactrace-exposure-query.md similarity index 100% rename from python/change-notes/2021-02-25-port-stactrace-exposure-query.md rename to python/old-change-notes/2021-02-25-port-stactrace-exposure-query.md diff --git a/python/change-notes/2021-03-01-fluent-interface-data-flow.md b/python/old-change-notes/2021-03-01-fluent-interface-data-flow.md similarity index 100% rename from python/change-notes/2021-03-01-fluent-interface-data-flow.md rename to python/old-change-notes/2021-03-01-fluent-interface-data-flow.md diff --git a/python/change-notes/2021-03-11-api-graph-builtins.md b/python/old-change-notes/2021-03-11-api-graph-builtins.md similarity index 100% rename from python/change-notes/2021-03-11-api-graph-builtins.md rename to python/old-change-notes/2021-03-11-api-graph-builtins.md diff --git a/python/change-notes/2021-03-12-small-api-enhancements.md b/python/old-change-notes/2021-03-12-small-api-enhancements.md similarity index 100% rename from python/change-notes/2021-03-12-small-api-enhancements.md rename to python/old-change-notes/2021-03-12-small-api-enhancements.md diff --git a/python/change-notes/2021-03-15-port-insecure-protocol.md b/python/old-change-notes/2021-03-15-port-insecure-protocol.md similarity index 100% rename from python/change-notes/2021-03-15-port-insecure-protocol.md rename to python/old-change-notes/2021-03-15-port-insecure-protocol.md diff --git a/python/change-notes/2021-03-18-yaml-handle-C-based-loaders.md b/python/old-change-notes/2021-03-18-yaml-handle-C-based-loaders.md similarity index 100% rename from python/change-notes/2021-03-18-yaml-handle-C-based-loaders.md rename to python/old-change-notes/2021-03-18-yaml-handle-C-based-loaders.md diff --git a/python/change-notes/2021-03-22-django-queryset-chains.md b/python/old-change-notes/2021-03-22-django-queryset-chains.md similarity index 100% rename from python/change-notes/2021-03-22-django-queryset-chains.md rename to python/old-change-notes/2021-03-22-django-queryset-chains.md diff --git a/python/change-notes/2021-03-22-getacall-callcfgnode.md b/python/old-change-notes/2021-03-22-getacall-callcfgnode.md similarity index 100% rename from python/change-notes/2021-03-22-getacall-callcfgnode.md rename to python/old-change-notes/2021-03-22-getacall-callcfgnode.md diff --git a/python/change-notes/2021-03-23-django-forms-fields-classes.md b/python/old-change-notes/2021-03-23-django-forms-fields-classes.md similarity index 100% rename from python/change-notes/2021-03-23-django-forms-fields-classes.md rename to python/old-change-notes/2021-03-23-django-forms-fields-classes.md diff --git a/python/change-notes/2021-03-25-remove-legacy.md b/python/old-change-notes/2021-03-25-remove-legacy.md similarity index 100% rename from python/change-notes/2021-03-25-remove-legacy.md rename to python/old-change-notes/2021-03-25-remove-legacy.md diff --git a/python/change-notes/2021-04-09-split-weak-crypto-query.md b/python/old-change-notes/2021-04-09-split-weak-crypto-query.md similarity index 100% rename from python/change-notes/2021-04-09-split-weak-crypto-query.md rename to python/old-change-notes/2021-04-09-split-weak-crypto-query.md diff --git a/python/change-notes/2021-04-13-pep249-api-graphs.md b/python/old-change-notes/2021-04-13-pep249-api-graphs.md similarity index 100% rename from python/change-notes/2021-04-13-pep249-api-graphs.md rename to python/old-change-notes/2021-04-13-pep249-api-graphs.md diff --git a/python/change-notes/2021-04-13-werkzeug-api-graphs.md b/python/old-change-notes/2021-04-13-werkzeug-api-graphs.md similarity index 100% rename from python/change-notes/2021-04-13-werkzeug-api-graphs.md rename to python/old-change-notes/2021-04-13-werkzeug-api-graphs.md diff --git a/python/change-notes/2021-04-15-pathlib-Paths.md b/python/old-change-notes/2021-04-15-pathlib-Paths.md similarity index 100% rename from python/change-notes/2021-04-15-pathlib-Paths.md rename to python/old-change-notes/2021-04-15-pathlib-Paths.md diff --git a/python/change-notes/2021-04-20-stepsummary-localsourcenode.md b/python/old-change-notes/2021-04-20-stepsummary-localsourcenode.md similarity index 100% rename from python/change-notes/2021-04-20-stepsummary-localsourcenode.md rename to python/old-change-notes/2021-04-20-stepsummary-localsourcenode.md diff --git a/python/change-notes/2021-04-21-django-v3.2.md b/python/old-change-notes/2021-04-21-django-v3.2.md similarity index 100% rename from python/change-notes/2021-04-21-django-v3.2.md rename to python/old-change-notes/2021-04-21-django-v3.2.md diff --git a/python/change-notes/2021-05-10-idna-add-modeling.md b/python/old-change-notes/2021-05-10-idna-add-modeling.md similarity index 100% rename from python/change-notes/2021-05-10-idna-add-modeling.md rename to python/old-change-notes/2021-05-10-idna-add-modeling.md diff --git a/python/change-notes/2021-05-10-simplejson-add-modeling.md b/python/old-change-notes/2021-05-10-simplejson-add-modeling.md similarity index 100% rename from python/change-notes/2021-05-10-simplejson-add-modeling.md rename to python/old-change-notes/2021-05-10-simplejson-add-modeling.md diff --git a/python/change-notes/2021-05-10-ujson-add-modeling.md b/python/old-change-notes/2021-05-10-ujson-add-modeling.md similarity index 100% rename from python/change-notes/2021-05-10-ujson-add-modeling.md rename to python/old-change-notes/2021-05-10-ujson-add-modeling.md diff --git a/python/change-notes/2021-05-21-api-graph-await.md b/python/old-change-notes/2021-05-21-api-graph-await.md similarity index 100% rename from python/change-notes/2021-05-21-api-graph-await.md rename to python/old-change-notes/2021-05-21-api-graph-await.md diff --git a/python/change-notes/2021-05-25-add-ClickHouse-sql-libs.md b/python/old-change-notes/2021-05-25-add-ClickHouse-sql-libs.md similarity index 100% rename from python/change-notes/2021-05-25-add-ClickHouse-sql-libs.md rename to python/old-change-notes/2021-05-25-add-ClickHouse-sql-libs.md diff --git a/python/change-notes/2021-06-03-aiohttp-webserver-modeling.md b/python/old-change-notes/2021-06-03-aiohttp-webserver-modeling.md similarity index 100% rename from python/change-notes/2021-06-03-aiohttp-webserver-modeling.md rename to python/old-change-notes/2021-06-03-aiohttp-webserver-modeling.md diff --git a/python/change-notes/2021-06-04-sensitive-data-modeling-expanded.md b/python/old-change-notes/2021-06-04-sensitive-data-modeling-expanded.md similarity index 100% rename from python/change-notes/2021-06-04-sensitive-data-modeling-expanded.md rename to python/old-change-notes/2021-06-04-sensitive-data-modeling-expanded.md diff --git a/python/change-notes/2021-06-08-twisted-add-modeling.md b/python/old-change-notes/2021-06-08-twisted-add-modeling.md similarity index 100% rename from python/change-notes/2021-06-08-twisted-add-modeling.md rename to python/old-change-notes/2021-06-08-twisted-add-modeling.md diff --git a/python/change-notes/2021-06-09-add-jmespath-modeling.md b/python/old-change-notes/2021-06-09-add-jmespath-modeling.md similarity index 100% rename from python/change-notes/2021-06-09-add-jmespath-modeling.md rename to python/old-change-notes/2021-06-09-add-jmespath-modeling.md diff --git a/python/change-notes/2021-06-09-rsa-add-modeling.md b/python/old-change-notes/2021-06-09-rsa-add-modeling.md similarity index 100% rename from python/change-notes/2021-06-09-rsa-add-modeling.md rename to python/old-change-notes/2021-06-09-rsa-add-modeling.md diff --git a/python/change-notes/2021-06-15-add-method-call-conveniences.md b/python/old-change-notes/2021-06-15-add-method-call-conveniences.md similarity index 100% rename from python/change-notes/2021-06-15-add-method-call-conveniences.md rename to python/old-change-notes/2021-06-15-add-method-call-conveniences.md diff --git a/python/change-notes/2021-06-16-MarkupSafe-add-modeling.md b/python/old-change-notes/2021-06-16-MarkupSafe-add-modeling.md similarity index 100% rename from python/change-notes/2021-06-16-MarkupSafe-add-modeling.md rename to python/old-change-notes/2021-06-16-MarkupSafe-add-modeling.md diff --git a/python/change-notes/2021-06-24-add-CookieWrite-concept.md b/python/old-change-notes/2021-06-24-add-CookieWrite-concept.md similarity index 100% rename from python/change-notes/2021-06-24-add-CookieWrite-concept.md rename to python/old-change-notes/2021-06-24-add-CookieWrite-concept.md diff --git a/python/change-notes/2021-06-24-dataflow-implicit-reads.md b/python/old-change-notes/2021-06-24-dataflow-implicit-reads.md similarity index 100% rename from python/change-notes/2021-06-24-dataflow-implicit-reads.md rename to python/old-change-notes/2021-06-24-dataflow-implicit-reads.md diff --git a/python/change-notes/2021-06-25-add-peewee-modeling.md b/python/old-change-notes/2021-06-25-add-peewee-modeling.md similarity index 100% rename from python/change-notes/2021-06-25-add-peewee-modeling.md rename to python/old-change-notes/2021-06-25-add-peewee-modeling.md diff --git a/python/change-notes/2021-07-12-add-typetrackingnode.md b/python/old-change-notes/2021-07-12-add-typetrackingnode.md similarity index 100% rename from python/change-notes/2021-07-12-add-typetrackingnode.md rename to python/old-change-notes/2021-07-12-add-typetrackingnode.md diff --git a/python/change-notes/2021-07-13-path-problem-customization.md b/python/old-change-notes/2021-07-13-path-problem-customization.md similarity index 100% rename from python/change-notes/2021-07-13-path-problem-customization.md rename to python/old-change-notes/2021-07-13-path-problem-customization.md diff --git a/python/change-notes/2021-07-16-deprecate-importnode.md b/python/old-change-notes/2021-07-16-deprecate-importnode.md similarity index 100% rename from python/change-notes/2021-07-16-deprecate-importnode.md rename to python/old-change-notes/2021-07-16-deprecate-importnode.md diff --git a/python/change-notes/2021-07-28-port-RoDoS-queries.md b/python/old-change-notes/2021-07-28-port-RoDoS-queries.md similarity index 100% rename from python/change-notes/2021-07-28-port-RoDoS-queries.md rename to python/old-change-notes/2021-07-28-port-RoDoS-queries.md diff --git a/python/change-notes/2021-08-26-bad-tag-filter.md b/python/old-change-notes/2021-08-26-bad-tag-filter.md similarity index 100% rename from python/change-notes/2021-08-26-bad-tag-filter.md rename to python/old-change-notes/2021-08-26-bad-tag-filter.md diff --git a/python/change-notes/2021-08-30-port-modifying-default-query.md b/python/old-change-notes/2021-08-30-port-modifying-default-query.md similarity index 100% rename from python/change-notes/2021-08-30-port-modifying-default-query.md rename to python/old-change-notes/2021-08-30-port-modifying-default-query.md diff --git a/python/change-notes/2021-09-02-add-Flask-SQLAlchemy-modeling.md b/python/old-change-notes/2021-09-02-add-Flask-SQLAlchemy-modeling.md similarity index 100% rename from python/change-notes/2021-09-02-add-Flask-SQLAlchemy-modeling.md rename to python/old-change-notes/2021-09-02-add-Flask-SQLAlchemy-modeling.md diff --git a/python/change-notes/2021-09-02-add-SQLAlchemy-modeling.md b/python/old-change-notes/2021-09-02-add-SQLAlchemy-modeling.md similarity index 100% rename from python/change-notes/2021-09-02-add-SQLAlchemy-modeling.md rename to python/old-change-notes/2021-09-02-add-SQLAlchemy-modeling.md diff --git a/python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md b/python/old-change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md similarity index 100% rename from python/change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md rename to python/old-change-notes/2021-09-02-add-SQLAlchemyTextClauseInjection.md diff --git a/python/change-notes/2021-09-08-add-flow-from-default-values.md b/python/old-change-notes/2021-09-08-add-flow-from-default-values.md similarity index 100% rename from python/change-notes/2021-09-08-add-flow-from-default-values.md rename to python/old-change-notes/2021-09-08-add-flow-from-default-values.md diff --git a/python/change-notes/2021-09-14-promote-regex-injection.md b/python/old-change-notes/2021-09-14-promote-regex-injection.md similarity index 100% rename from python/change-notes/2021-09-14-promote-regex-injection.md rename to python/old-change-notes/2021-09-14-promote-regex-injection.md diff --git a/python/change-notes/2021-09-29-model-asyncpg.md b/python/old-change-notes/2021-09-29-model-asyncpg.md similarity index 100% rename from python/change-notes/2021-09-29-model-asyncpg.md rename to python/old-change-notes/2021-09-29-model-asyncpg.md diff --git a/python/change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md b/python/old-change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md similarity index 100% rename from python/change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md rename to python/old-change-notes/2021-10-08-add-dataflow-for-boolean-expressions.md diff --git a/python/change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md b/python/old-change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md similarity index 100% rename from python/change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md rename to python/old-change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md diff --git a/python/change-notes/2021-10-11-model-aiomysql.md b/python/old-change-notes/2021-10-11-model-aiomysql.md similarity index 100% rename from python/change-notes/2021-10-11-model-aiomysql.md rename to python/old-change-notes/2021-10-11-model-aiomysql.md diff --git a/python/change-notes/2021-10-20-extraction-errors-as-warnings.md b/python/old-change-notes/2021-10-20-extraction-errors-as-warnings.md similarity index 100% rename from python/change-notes/2021-10-20-extraction-errors-as-warnings.md rename to python/old-change-notes/2021-10-20-extraction-errors-as-warnings.md diff --git a/python/change-notes/2021-10-25-add-FastAPI-modeling.md b/python/old-change-notes/2021-10-25-add-FastAPI-modeling.md similarity index 100% rename from python/change-notes/2021-10-25-add-FastAPI-modeling.md rename to python/old-change-notes/2021-10-25-add-FastAPI-modeling.md diff --git a/python/change-notes/2021-10-26-ruamel.yaml-modeling.md b/python/old-change-notes/2021-10-26-ruamel.yaml-modeling.md similarity index 100% rename from python/change-notes/2021-10-26-ruamel.yaml-modeling.md rename to python/old-change-notes/2021-10-26-ruamel.yaml-modeling.md diff --git a/python/change-notes/2021-10-28-flask-send_file.md b/python/old-change-notes/2021-10-28-flask-send_file.md similarity index 100% rename from python/change-notes/2021-10-28-flask-send_file.md rename to python/old-change-notes/2021-10-28-flask-send_file.md diff --git a/python/change-notes/2021-10-28-promote-ReDoS-queries.md b/python/old-change-notes/2021-10-28-promote-ReDoS-queries.md similarity index 100% rename from python/change-notes/2021-10-28-promote-ReDoS-queries.md rename to python/old-change-notes/2021-10-28-promote-ReDoS-queries.md diff --git a/python/change-notes/2021-10-29-django-REST-framework-modeling.md b/python/old-change-notes/2021-10-29-django-REST-framework-modeling.md similarity index 100% rename from python/change-notes/2021-10-29-django-REST-framework-modeling.md rename to python/old-change-notes/2021-10-29-django-REST-framework-modeling.md diff --git a/ruby/change-notes/2021-10-14-codeql-ruby-beta.md b/ruby/old-change-notes/2021-10-14-codeql-ruby-beta.md similarity index 100% rename from ruby/change-notes/2021-10-14-codeql-ruby-beta.md rename to ruby/old-change-notes/2021-10-14-codeql-ruby-beta.md diff --git a/ruby/change-notes/2021-10-20-path-injection.md b/ruby/old-change-notes/2021-10-20-path-injection.md similarity index 100% rename from ruby/change-notes/2021-10-20-path-injection.md rename to ruby/old-change-notes/2021-10-20-path-injection.md diff --git a/ruby/change-notes/2021-10-29-regexp-injection.md b/ruby/old-change-notes/2021-10-29-regexp-injection.md similarity index 100% rename from ruby/change-notes/2021-10-29-regexp-injection.md rename to ruby/old-change-notes/2021-10-29-regexp-injection.md From 59da2cdf69b5324c343b4518985eb28b8cc8862f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 14 Dec 2021 21:35:09 +0000 Subject: [PATCH 18/31] Release preparation for version 2.7.4 --- cpp/ql/lib/CHANGELOG.md | 2 ++ cpp/ql/lib/change-notes/released/0.0.5.md | 1 + cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 7 +++++++ .../2021-11-25-certificate-not-checked.md | 5 ----- .../2021-11-25-certificate-result-conflation.md | 5 ----- cpp/ql/src/change-notes/released/0.0.5.md | 6 ++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- cpp/upgrades/CHANGELOG.md | 2 ++ cpp/upgrades/change-notes/released/0.0.5.md | 1 + cpp/upgrades/codeql-pack.release.yml | 2 +- cpp/upgrades/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 2 ++ csharp/ql/lib/change-notes/released/0.0.5.md | 1 + csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 2 ++ csharp/ql/src/change-notes/released/0.0.5.md | 1 + csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- csharp/upgrades/CHANGELOG.md | 2 ++ csharp/upgrades/change-notes/released/0.0.5.md | 1 + csharp/upgrades/codeql-pack.release.yml | 2 +- csharp/upgrades/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 7 +++++++ .../0.0.5.md} | 8 ++++---- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 6 ++++++ .../0.0.5.md} | 8 ++++---- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- java/upgrades/CHANGELOG.md | 2 ++ java/upgrades/change-notes/released/0.0.5.md | 1 + java/upgrades/codeql-pack.release.yml | 2 +- java/upgrades/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 ++++++ .../ql/lib/change-notes/2021-11-23-typescript-4.5.md | 5 ----- javascript/ql/lib/change-notes/released/0.0.6.md | 5 +++++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 ++++++ .../ql/src/change-notes/2021-11-23-typescript-4.5.md | 5 ----- javascript/ql/src/change-notes/released/0.0.6.md | 5 +++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- javascript/upgrades/CHANGELOG.md | 2 ++ javascript/upgrades/change-notes/released/0.0.6.md | 1 + javascript/upgrades/codeql-pack.release.yml | 2 +- javascript/upgrades/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 11 +++++++++++ .../2021-11-15-model-wsgiref-simple-server-app.md | 5 ----- python/ql/lib/change-notes/2021-11-16-posixpath.md | 5 ----- .../2021-11-24-FastAPI-Custom-APIRouter-Subclass.md | 5 ----- ...021-11-24-FastAPI-FileResponse-FileSystemAccess.md | 5 ----- .../ql/lib/change-notes/2021-11-26-os-file-access.md | 5 ----- .../change-notes/2021-11-26-tempfile-file-access.md | 5 ----- python/ql/lib/change-notes/released/0.0.5.md | 10 ++++++++++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 10 ++++++++++ .../2021-11-15-model-wsgiref-simple-server-app.md | 5 ----- python/ql/src/change-notes/2021-11-16-posixpath.md | 5 ----- ...021-11-24-FastAPI-FileResponse-FileSystemAccess.md | 5 ----- .../ql/src/change-notes/2021-11-26-os-file-access.md | 5 ----- .../change-notes/2021-11-26-tempfile-file-access.md | 5 ----- python/ql/src/change-notes/released/0.0.5.md | 9 +++++++++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- python/upgrades/CHANGELOG.md | 2 ++ python/upgrades/change-notes/released/0.0.5.md | 1 + python/upgrades/codeql-pack.release.yml | 2 +- python/upgrades/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 ++++++ .../0.0.5.md} | 8 ++++---- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 2 ++ ruby/ql/src/change-notes/released/0.0.5.md | 1 + ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- 83 files changed, 167 insertions(+), 121 deletions(-) create mode 100644 cpp/ql/lib/change-notes/released/0.0.5.md delete mode 100644 cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md delete mode 100644 cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md create mode 100644 cpp/ql/src/change-notes/released/0.0.5.md create mode 100644 cpp/upgrades/change-notes/released/0.0.5.md create mode 100644 csharp/ql/lib/change-notes/released/0.0.5.md create mode 100644 csharp/ql/src/change-notes/released/0.0.5.md create mode 100644 csharp/upgrades/change-notes/released/0.0.5.md rename java/ql/lib/change-notes/{2021-11-25-surrogate-char-literals.md => released/0.0.5.md} (81%) rename java/ql/src/change-notes/{2021-11-25-surrogate-char-literals.md => released/0.0.5.md} (69%) create mode 100644 java/upgrades/change-notes/released/0.0.5.md delete mode 100644 javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md create mode 100644 javascript/ql/lib/change-notes/released/0.0.6.md delete mode 100644 javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md create mode 100644 javascript/ql/src/change-notes/released/0.0.6.md create mode 100644 javascript/upgrades/change-notes/released/0.0.6.md delete mode 100644 python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md delete mode 100644 python/ql/lib/change-notes/2021-11-16-posixpath.md delete mode 100644 python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md delete mode 100644 python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md delete mode 100644 python/ql/lib/change-notes/2021-11-26-os-file-access.md delete mode 100644 python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md create mode 100644 python/ql/lib/change-notes/released/0.0.5.md delete mode 100644 python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md delete mode 100644 python/ql/src/change-notes/2021-11-16-posixpath.md delete mode 100644 python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md delete mode 100644 python/ql/src/change-notes/2021-11-26-os-file-access.md delete mode 100644 python/ql/src/change-notes/2021-11-26-tempfile-file-access.md create mode 100644 python/ql/src/change-notes/released/0.0.5.md create mode 100644 python/upgrades/change-notes/released/0.0.5.md rename ruby/ql/lib/change-notes/{2021-12-07-customizations.md => released/0.0.5.md} (69%) create mode 100644 ruby/ql/src/change-notes/released/0.0.5.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 3b8fc34bb3f..b61316a853d 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.5 + ## 0.0.4 ### New Features diff --git a/cpp/ql/lib/change-notes/released/0.0.5.md b/cpp/ql/lib/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 95a9da48aa6..68e31e2eaf9 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.0.5-dev +version: 0.0.5 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 09ad248a4f9..f56b07d8086 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.5 + +### New Queries + +* A new query `cpp/certificate-not-checked` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. +* A new query `cpp/certificate-result-conflation` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. + ## 0.0.4 ### New Queries diff --git a/cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md b/cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md deleted file mode 100644 index 93a73af7eed..00000000000 --- a/cpp/ql/src/change-notes/2021-11-25-certificate-not-checked.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery -tags: [lgtm,codescanning] ---- -* A new query `cpp/certificate-not-checked` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. diff --git a/cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md b/cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md deleted file mode 100644 index 9d0cbfdd012..00000000000 --- a/cpp/ql/src/change-notes/2021-11-25-certificate-result-conflation.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery -tags: [lgtm,codescanning] ---- -* A new query `cpp/certificate-result-conflation` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. diff --git a/cpp/ql/src/change-notes/released/0.0.5.md b/cpp/ql/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..d69c30f28a4 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.0.5.md @@ -0,0 +1,6 @@ +## 0.0.5 + +### New Queries + +* A new query `cpp/certificate-not-checked` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. +* A new query `cpp/certificate-result-conflation` has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 51761e13365..0f431aa0200 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.0.5-dev +version: 0.0.5 groups: cpp dependencies: codeql/cpp-all: "*" diff --git a/cpp/upgrades/CHANGELOG.md b/cpp/upgrades/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/cpp/upgrades/CHANGELOG.md +++ b/cpp/upgrades/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/cpp/upgrades/change-notes/released/0.0.5.md b/cpp/upgrades/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/cpp/upgrades/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/cpp/upgrades/codeql-pack.release.yml b/cpp/upgrades/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/cpp/upgrades/codeql-pack.release.yml +++ b/cpp/upgrades/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/cpp/upgrades/qlpack.yml b/cpp/upgrades/qlpack.yml index 38944dfdfc5..a1b792bb60a 100644 --- a/cpp/upgrades/qlpack.yml +++ b/cpp/upgrades/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-upgrades groups: cpp upgrades: . -version: 0.0.5-dev +version: 0.0.5 library: true diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/csharp/ql/lib/change-notes/released/0.0.5.md b/csharp/ql/lib/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 55e707fb2f5..928f7d5bb53 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.0.5-dev +version: 0.0.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/csharp/ql/src/change-notes/released/0.0.5.md b/csharp/ql/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index f928d2d09ef..15a776b73d8 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.0.5-dev +version: 0.0.5 groups: csharp suites: codeql-suites extractor: csharp diff --git a/csharp/upgrades/CHANGELOG.md b/csharp/upgrades/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/csharp/upgrades/CHANGELOG.md +++ b/csharp/upgrades/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/csharp/upgrades/change-notes/released/0.0.5.md b/csharp/upgrades/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/csharp/upgrades/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/csharp/upgrades/codeql-pack.release.yml b/csharp/upgrades/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/csharp/upgrades/codeql-pack.release.yml +++ b/csharp/upgrades/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/csharp/upgrades/qlpack.yml b/csharp/upgrades/qlpack.yml index 6e6379211b1..cf3a3506c01 100644 --- a/csharp/upgrades/qlpack.yml +++ b/csharp/upgrades/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-upgrades groups: csharp -version: 0.0.5-dev +version: 0.0.5 upgrades: . library: true diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 5dec32d6688..054184eb7e5 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.5 + +### Bug Fixes + +* `CharacterLiteral`'s `getCodePointValue` predicate now returns the correct value for UTF-16 surrogates. +* The `RangeAnalysis` module now properly handles comparisons with Unicode surrogate character literals. + ## 0.0.4 ### Bug Fixes diff --git a/java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md b/java/ql/lib/change-notes/released/0.0.5.md similarity index 81% rename from java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md rename to java/ql/lib/change-notes/released/0.0.5.md index d1be437cb83..4d056321c28 100644 --- a/java/ql/lib/change-notes/2021-11-25-surrogate-char-literals.md +++ b/java/ql/lib/change-notes/released/0.0.5.md @@ -1,6 +1,6 @@ ---- -category: fix -tags: [lgtm,codescanning] ---- +## 0.0.5 + +### Bug Fixes + * `CharacterLiteral`'s `getCodePointValue` predicate now returns the correct value for UTF-16 surrogates. * The `RangeAnalysis` module now properly handles comparisons with Unicode surrogate character literals. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c2b157b1ad5..c3e1981278e 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.0.5-dev +version: 0.0.5 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 3268fefb272..f6dd930d629 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1 +1,7 @@ +## 0.0.5 + +### Minor Analysis Improvements + +* The `java/constant-comparison` query no longer raises false alerts regarding comparisons with Unicode surrogate character literals. + ## 0.0.4 diff --git a/java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md b/java/ql/src/change-notes/released/0.0.5.md similarity index 69% rename from java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md rename to java/ql/src/change-notes/released/0.0.5.md index b33dca1b6c8..632fad94c8c 100644 --- a/java/ql/src/change-notes/2021-11-25-surrogate-char-literals.md +++ b/java/ql/src/change-notes/released/0.0.5.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- +## 0.0.5 + +### Minor Analysis Improvements + * The `java/constant-comparison` query no longer raises false alerts regarding comparisons with Unicode surrogate character literals. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 8152e4d1d5c..00bc7da584b 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.0.5-dev +version: 0.0.5 groups: java suites: codeql-suites extractor: java diff --git a/java/upgrades/CHANGELOG.md b/java/upgrades/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/java/upgrades/CHANGELOG.md +++ b/java/upgrades/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/java/upgrades/change-notes/released/0.0.5.md b/java/upgrades/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/java/upgrades/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/java/upgrades/codeql-pack.release.yml b/java/upgrades/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/java/upgrades/codeql-pack.release.yml +++ b/java/upgrades/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/java/upgrades/qlpack.yml b/java/upgrades/qlpack.yml index 75cc8f06721..22f5c51f7d0 100644 --- a/java/upgrades/qlpack.yml +++ b/java/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/java-upgrades groups: java upgrades: . library: true -version: 0.0.5-dev +version: 0.0.5 diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 259776640e3..894fb54ef75 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1 +1,7 @@ +## 0.0.6 + +### New Features + +* TypeScript 4.5 is now supported. + ## 0.0.5 diff --git a/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md b/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md deleted file mode 100644 index 13485c949dc..00000000000 --- a/javascript/ql/lib/change-notes/2021-11-23-typescript-4.5.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature -tags: [lgtm,codescanning] ---- -* TypeScript 4.5 is now supported. diff --git a/javascript/ql/lib/change-notes/released/0.0.6.md b/javascript/ql/lib/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..d6b2cd58b65 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.0.6.md @@ -0,0 +1,5 @@ +## 0.0.6 + +### New Features + +* TypeScript 4.5 is now supported. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index edececa2335..66756d92702 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.0.5 +version: 0.0.6 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index ccd1b78a045..de6fd0ef3a0 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.6 + +### Major Analysis Improvements + +* TypeScript 4.5 is now supported. + ## 0.0.5 ### New Queries diff --git a/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md b/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md deleted file mode 100644 index 44aa6cdba13..00000000000 --- a/javascript/ql/src/change-notes/2021-11-23-typescript-4.5.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: majorAnalysis -tags: [lgtm,codescanning] ---- -* TypeScript 4.5 is now supported. diff --git a/javascript/ql/src/change-notes/released/0.0.6.md b/javascript/ql/src/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..7121ef23816 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.0.6.md @@ -0,0 +1,5 @@ +## 0.0.6 + +### Major Analysis Improvements + +* TypeScript 4.5 is now supported. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 6fdbcf3432c..48b4b4d3c53 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.0.5 +version: 0.0.6 groups: javascript suites: codeql-suites extractor: javascript diff --git a/javascript/upgrades/CHANGELOG.md b/javascript/upgrades/CHANGELOG.md index 259776640e3..21e20e1bd27 100644 --- a/javascript/upgrades/CHANGELOG.md +++ b/javascript/upgrades/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.6 + ## 0.0.5 diff --git a/javascript/upgrades/change-notes/released/0.0.6.md b/javascript/upgrades/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..7cad4d986e5 --- /dev/null +++ b/javascript/upgrades/change-notes/released/0.0.6.md @@ -0,0 +1 @@ +## 0.0.6 diff --git a/javascript/upgrades/codeql-pack.release.yml b/javascript/upgrades/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/javascript/upgrades/codeql-pack.release.yml +++ b/javascript/upgrades/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/javascript/upgrades/qlpack.yml b/javascript/upgrades/qlpack.yml index 35cc49e190a..25df9685769 100644 --- a/javascript/upgrades/qlpack.yml +++ b/javascript/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/javascript-upgrades groups: javascript upgrades: . library: true -version: 0.0.5 +version: 0.0.6 diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index a555fec2cae..fe8deb57f81 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.0.5 + +### Minor Analysis Improvements + +* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. +* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. +* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized. +* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`. +* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks. +* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. + ## 0.0.4 ### Major Analysis Improvements diff --git a/python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md b/python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md deleted file mode 100644 index 1d08b550a9b..00000000000 --- a/python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/ql/lib/change-notes/2021-11-16-posixpath.md b/python/ql/lib/change-notes/2021-11-16-posixpath.md deleted file mode 100644 index 37f20269b56..00000000000 --- a/python/ql/lib/change-notes/2021-11-16-posixpath.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks. diff --git a/python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md b/python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md deleted file mode 100644 index 4a5a4ab600f..00000000000 --- a/python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized. diff --git a/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md b/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md deleted file mode 100644 index fb3b4d095b6..00000000000 --- a/python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`. diff --git a/python/ql/lib/change-notes/2021-11-26-os-file-access.md b/python/ql/lib/change-notes/2021-11-26-os-file-access.md deleted file mode 100644 index f9a2adb836d..00000000000 --- a/python/ql/lib/change-notes/2021-11-26-os-file-access.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. diff --git a/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md b/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md deleted file mode 100644 index 46862a16996..00000000000 --- a/python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. diff --git a/python/ql/lib/change-notes/released/0.0.5.md b/python/ql/lib/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..e68a6991246 --- /dev/null +++ b/python/ql/lib/change-notes/released/0.0.5.md @@ -0,0 +1,10 @@ +## 0.0.5 + +### Minor Analysis Improvements + +* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. +* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. +* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized. +* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`. +* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks. +* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index b55f847bcb6..ca4f7c8b23b 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.0.5-dev +version: 0.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 21fcb7c1ee4..35f7b59a781 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.0.5 + +### Minor Analysis Improvements + +* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. + ## 0.0.4 ### Query Metadata Changes diff --git a/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md b/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md deleted file mode 100644 index 1d08b550a9b..00000000000 --- a/python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/ql/src/change-notes/2021-11-16-posixpath.md b/python/ql/src/change-notes/2021-11-16-posixpath.md deleted file mode 100644 index c35dc4099a7..00000000000 --- a/python/ql/src/change-notes/2021-11-16-posixpath.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md b/python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md deleted file mode 100644 index e320e2b3ba7..00000000000 --- a/python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/ql/src/change-notes/2021-11-26-os-file-access.md b/python/ql/src/change-notes/2021-11-26-os-file-access.md deleted file mode 100644 index c55735e3a8d..00000000000 --- a/python/ql/src/change-notes/2021-11-26-os-file-access.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/ql/src/change-notes/2021-11-26-tempfile-file-access.md b/python/ql/src/change-notes/2021-11-26-tempfile-file-access.md deleted file mode 100644 index 29a5b51e8a0..00000000000 --- a/python/ql/src/change-notes/2021-11-26-tempfile-file-access.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis -tags: [lgtm,codescanning] ---- -* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. diff --git a/python/ql/src/change-notes/released/0.0.5.md b/python/ql/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..0da6129f52e --- /dev/null +++ b/python/ql/src/change-notes/released/0.0.5.md @@ -0,0 +1,9 @@ +## 0.0.5 + +### Minor Analysis Improvements + +* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query. +* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index d7dad13d0cc..5001a802ad9 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.0.5-dev +version: 0.0.5 groups: python dependencies: codeql/python-all: "*" diff --git a/python/upgrades/CHANGELOG.md b/python/upgrades/CHANGELOG.md index 3268fefb272..05dbc9d5f4e 100644 --- a/python/upgrades/CHANGELOG.md +++ b/python/upgrades/CHANGELOG.md @@ -1 +1,3 @@ +## 0.0.5 + ## 0.0.4 diff --git a/python/upgrades/change-notes/released/0.0.5.md b/python/upgrades/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/python/upgrades/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/python/upgrades/codeql-pack.release.yml b/python/upgrades/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/python/upgrades/codeql-pack.release.yml +++ b/python/upgrades/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/python/upgrades/qlpack.yml b/python/upgrades/qlpack.yml index 9053f986dcf..052a69ae22c 100644 --- a/python/upgrades/qlpack.yml +++ b/python/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/python-upgrades groups: python upgrades: . library: true -version: 0.0.5-dev +version: 0.0.5 diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 3268fefb272..1c670691d2b 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1 +1,7 @@ +## 0.0.5 + +### New Features + +* A new library, `Customizations.qll`, has been added, which allows for global customizations that affect all queries. + ## 0.0.4 diff --git a/ruby/ql/lib/change-notes/2021-12-07-customizations.md b/ruby/ql/lib/change-notes/released/0.0.5.md similarity index 69% rename from ruby/ql/lib/change-notes/2021-12-07-customizations.md rename to ruby/ql/lib/change-notes/released/0.0.5.md index 94f2b27230c..bfa8799eac6 100644 --- a/ruby/ql/lib/change-notes/2021-12-07-customizations.md +++ b/ruby/ql/lib/change-notes/released/0.0.5.md @@ -1,5 +1,5 @@ ---- -category: feature -tags: [lgtm,codescanning] ---- +## 0.0.5 + +### New Features + * A new library, `Customizations.qll`, has been added, which allows for global customizations that affect all queries. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 463960b41c3..efa35ab6a5e 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.0.5-dev +version: 0.0.5 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index e406cd11ae8..6946f97e5a9 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.5 + ## 0.0.4 ### New Queries diff --git a/ruby/ql/src/change-notes/released/0.0.5.md b/ruby/ql/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..259776640e3 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.0.5.md @@ -0,0 +1 @@ +## 0.0.5 diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ecb9f446bba..65946fd8085 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.0.5-dev +version: 0.0.5 groups: ruby suites: codeql-suites defaultSuiteFile: codeql-suites/ruby-code-scanning.qls From f5471e34f8778af3e26b148a97d22c0f9ae8f82e Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 22 Dec 2021 10:06:39 +0100 Subject: [PATCH 19/31] C#: Fix bad join-order in dispatch library Before ``` [2021-12-22 09:46:31] (395s) Tuple counts for Dispatch::Internal::hasCallable#fff/3@258418l2 after 5m27s: 49000 ~0% {2} r1 = JOIN Declaration::Declaration::getUnboundDeclaration_dispred#ff_10#join_rhs WITH project#Dispatch::Internal::DispatchMethodOrAccessorCall::getAStaticTargetExt#ff ON FIRST 1 OUTPUT Lhs.1 'c', Rhs.0 31302 ~3% {3} r2 = JOIN r1 WITH Type::ValueOrRefType::getAMember_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'c', Lhs.1 'source', Rhs.1 299700 ~0% {3} r3 = JOIN r1 WITH Type::ValueOrRefType::hasOverriddenMember_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.0 'c', Lhs.1 'source', Rhs.1 16650 ~1% {3} r4 = JOIN r1 WITH Property::Accessor::getDeclaration_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'source', Lhs.0 'c' 15984 ~0% {3} r5 = JOIN r4 WITH Type::ValueOrRefType::getAMember_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2 'c', Lhs.1 'source', Rhs.1 315684 ~1% {3} r6 = r3 UNION r5 346986 ~1% {3} r7 = r2 UNION r6 0 ~0% {3} r8 = JOIN r4 WITH Type::ValueOrRefType::hasOverriddenMember_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2 'c', Lhs.1 'source', Rhs.1 666 ~0% {3} r9 = JOIN r1 WITH Type::hasNonOverriddenMember#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'source', Lhs.0 'c' 0 ~0% {3} r10 = JOIN r9 WITH boundedFastTC(Type::ValueOrRefType::getBaseClass_dispred#ff_10#join_rhs,Dispatch::Internal::hasCallable#fff#higher_order_body) ON FIRST 1 OUTPUT Lhs.2 'c', Lhs.1 'source', Rhs.1 0 ~0% {3} r11 = JOIN r4 WITH Type::hasNonOverriddenMember#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'source', Lhs.2 'c' 0 ~0% {3} r12 = JOIN r11 WITH boundedFastTC(Type::ValueOrRefType::getBaseClass_dispred#ff_10#join_rhs,Dispatch::Internal::hasCallable#fff#higher_order_body#1) ON FIRST 1 OUTPUT Lhs.2 'c', Lhs.1 'source', Rhs.1 0 ~0% {3} r13 = r10 UNION r12 0 ~0% {3} r14 = r8 UNION r13 346986 ~1% {3} r15 = r7 UNION r14 11963234000 ~2% {4} r16 = JOIN r15 WITH Dispatch::Internal::hasOverrider#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1 't', Lhs.1 'source', Lhs.0 'c' 207126 ~27% {3} r17 = JOIN r16 WITH Unification::Gvn::Cached::getGlobalValueNumber#ff ON FIRST 2 OUTPUT Lhs.2 'source', Lhs.1 't', Lhs.3 'c' return r17 ``` After ``` [2021-12-22 10:39:41] (0s) Tuple counts for Dispatch::Internal::hasCallable0#fff/3@82341e2h after 331ms: 93569 ~0% {2} r1 = JOIN Type::ValueOrRefType::getAMember_dispred#fb_10#join_rhs WITH OverridableCallable::OverridableCallable#f ON FIRST 1 OUTPUT Rhs.0 'c', Lhs.1 511767 ~0% {2} r2 = JOIN Type::ValueOrRefType::hasOverriddenMember_dispred#ff_10#join_rhs WITH OverridableCallable::OverridableCallable#f ON FIRST 1 OUTPUT Rhs.0 'c', Lhs.1 35659 ~0% {2} r3 = JOIN OverridableCallable::OverridableCallable#f WITH Property::Accessor::getDeclaration_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'c' 35659 ~4% {2} r4 = JOIN r3 WITH Type::ValueOrRefType::getAMember_dispred#fb_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'c', Rhs.1 547426 ~0% {2} r5 = r2 UNION r4 640995 ~4% {2} r6 = r1 UNION r5 74835 ~4% {2} r7 = JOIN r3 WITH Type::ValueOrRefType::hasOverriddenMember_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'c', Rhs.1 32748 ~0% {2} r8 = JOIN Type::hasNonOverriddenMember#fb_10#join_rhs WITH OverridableCallable::OverridableCallable#f ON FIRST 1 OUTPUT Lhs.1, Rhs.0 'c' 171228 ~0% {2} r9 = JOIN r8 WITH boundedFastTC(Type::ValueOrRefType::getBaseClass_dispred#ff_10#join_rhs,Dispatch::Internal::hasCallable0#fff#higher_order_body) ON FIRST 1 OUTPUT Lhs.1 'c', Rhs.1 9056 ~0% {2} r10 = JOIN r3 WITH Type::hasNonOverriddenMember#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'c' 23633 ~1% {2} r11 = JOIN r10 WITH boundedFastTC(Type::ValueOrRefType::getBaseClass_dispred#ff_10#join_rhs,Dispatch::Internal::hasCallable0#fff#higher_order_body#1) ON FIRST 1 OUTPUT Lhs.1 'c', Rhs.1 194861 ~0% {2} r12 = r9 UNION r11 269696 ~0% {2} r13 = r7 UNION r12 910691 ~4% {2} r14 = r6 UNION r13 910691 ~2% {3} r15 = JOIN r14 WITH Declaration::Declaration::getUnboundDeclaration_dispred#ff ON FIRST 1 OUTPUT Rhs.1 'source', Lhs.0 'c', Lhs.1 579872 ~2% {3} r16 = JOIN r15 WITH project#Dispatch::Internal::DispatchMethodOrAccessorCall::getAStaticTargetExt#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'c', Lhs.0 'source' 753465 ~41% {3} r17 = JOIN r16 WITH Unification::Gvn::Cached::getGlobalValueNumber#ff ON FIRST 1 OUTPUT Rhs.1 't', Lhs.1 'c', Lhs.2 'source' return r17 [2021-12-22 10:39:41] (0s) Tuple counts for Dispatch::Internal::hasCallable#fff/3@e44e67tv after 24ms: 201843 ~0% {3} r1 = JOIN Dispatch::Internal::hasOverrider#ff WITH Dispatch::Internal::hasCallable0#fff ON FIRST 2 OUTPUT Lhs.0 't', Lhs.1 'c', Rhs.2 'source' return r1 ``` --- .../semmle/code/csharp/dispatch/Dispatch.qll | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll b/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll index 509bdfb5e04..1fbba72f864 100644 --- a/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll +++ b/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll @@ -233,18 +233,23 @@ private module Internal { } pragma[noinline] - private predicate hasOverrider(OverridableCallable oc, Gvn::GvnType t) { + private predicate hasOverrider(Gvn::GvnType t, OverridableCallable oc) { exists(oc.getAnOverrider(any(ValueOrRefType t0 | Gvn::getGlobalValueNumber(t0) = t))) } pragma[noinline] - private predicate hasCallable(OverridableCallable source, Gvn::GvnType t, OverridableCallable c) { + private predicate hasCallable0(Gvn::GvnType t, OverridableCallable c, OverridableCallable source) { c.getUnboundDeclaration() = source and any(ValueOrRefType t0 | Gvn::getGlobalValueNumber(t0) = t).hasCallable(c) and - hasOverrider(c, t) and source = any(DispatchMethodOrAccessorCall call).getAStaticTargetExt() } + pragma[noinline] + private predicate hasCallable(Gvn::GvnType t, OverridableCallable c, OverridableCallable source) { + hasCallable0(t, c, source) and + hasOverrider(t, c) + } + abstract private class DispatchMethodOrAccessorCall extends DispatchCallImpl { pragma[noinline] OverridableCallable getAStaticTargetExt() { @@ -260,7 +265,7 @@ private module Internal { pragma[noinline] private predicate hasSubsumedQualifierType(Gvn::GvnType t) { - hasOverrider(_, t) and + hasOverrider(t, _) and exists(Type t0 | t0 = getAPossibleType(this.getQualifier(), false) and not t0 instanceof TypeParameter @@ -287,7 +292,7 @@ private module Internal { pragma[nomagic] predicate hasSubsumedQualifierTypeOverridden(Gvn::GvnType t, OverridableCallable c) { this.hasSubsumedQualifierType(t) and - hasCallable(any(OverridableCallable oc | oc = this.getAStaticTargetExt()), t, c) + hasCallable(t, c, any(OverridableCallable oc | oc = this.getAStaticTargetExt())) } /** @@ -553,7 +558,7 @@ private module Internal { pragma[nomagic] private predicate contextArgHasSubsumedType(DispatchCall ctx, Gvn::GvnType t) { - hasOverrider(_, t) and + hasOverrider(t, _) and exists(Gvn::GvnType t0 | this.contextArgHasNonTypeParameterType(ctx, t0) | t = t0 or From 8c18aaae74ac332ab0cbd0b6af7fb65d8a1ecba0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 9 Dec 2021 08:57:02 +0100 Subject: [PATCH 20/31] Ruby: Prepare for data flow through arrays --- ruby/ql/lib/codeql/ruby/ApiGraphs.qll | 2 +- .../lib/codeql/ruby/dataflow/FlowSummary.qll | 42 +++++++++++++++++-- .../dataflow/internal/DataFlowDispatch.qll | 2 +- .../dataflow/internal/DataFlowPrivate.qll | 12 ++++-- .../ruby/dataflow/internal/DataFlowPublic.qll | 40 ++++++++++++++---- .../internal/FlowSummaryImplSpecific.qll | 21 ++++++++++ .../internal/TaintTrackingPrivate.qll | 9 ++-- .../library-tests/dataflow/local/Nodes.ql | 3 +- .../dataflow/summaries/Summaries.expected | 1 + .../dataflow/summaries/Summaries.ql | 6 +++ 10 files changed, 115 insertions(+), 23 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll index d0b8a7e352d..1647536be3e 100644 --- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll +++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll @@ -98,7 +98,7 @@ module API { /** * Gets a `new` call to the function represented by this API component. */ - DataFlow::Node getAnInstantiation() { result = this.getInstance().getAnImmediateUse() } + DataFlow::ExprNode getAnInstantiation() { result = getInstance().getAnImmediateUse() } /** * Gets a node representing a subclass of the class represented by this node. diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll index 05c01429fb8..678a2421386 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll @@ -4,6 +4,7 @@ import ruby import codeql.ruby.DataFlow private import internal.FlowSummaryImpl as Impl private import internal.DataFlowDispatch +private import internal.DataFlowPrivate // import all instances below private module Summaries { @@ -22,12 +23,34 @@ module SummaryComponent { predicate content = SC::content/1; - /** Gets a summary component that represents a qualifier. */ - SummaryComponent qualifier() { result = argument(any(ParameterPosition pos | pos.isSelf())) } + /** Gets a summary component that represents a `self` argument. */ + SummaryComponent self() { result = argument(any(ParameterPosition pos | pos.isSelf())) } /** Gets a summary component that represents a block argument. */ SummaryComponent block() { result = argument(any(ParameterPosition pos | pos.isBlock())) } + /** Gets a summary component that represents an element in an array at an unknown index. */ + SummaryComponent arrayElementUnknown() { result = SC::content(TUnknownArrayElementContent()) } + + /** Gets a summary component that represents an element in an array at a known index. */ + bindingset[i] + SummaryComponent arrayElementKnown(int i) { + result = SC::content(TKnownArrayElementContent(i)) + or + // `i` may be out of range + not exists(TKnownArrayElementContent(i)) and + result = arrayElementUnknown() + } + + /** + * Gets a summary component that represents an element in an array at either an unknown + * index or known index. This predicate should never be used in the output specification + * of a flow summary; use `arrayElementUnknown()` instead. + */ + SummaryComponent arrayElementAny() { + result in [arrayElementUnknown(), SC::content(TKnownArrayElementContent(_))] + } + /** Gets a summary component that represents the return value of a call. */ SummaryComponent return() { result = SC::return(any(NormalReturnKind rk)) } } @@ -44,8 +67,8 @@ module SummaryComponentStack { predicate argument = SCS::argument/1; - /** Gets a singleton stack representing a qualifier. */ - SummaryComponentStack qualifier() { result = singleton(SummaryComponent::qualifier()) } + /** Gets a singleton stack representing a `self` argument. */ + SummaryComponentStack self() { result = singleton(SummaryComponent::self()) } /** Gets a singleton stack representing a block argument. */ SummaryComponentStack block() { result = singleton(SummaryComponent::block()) } @@ -108,6 +131,17 @@ abstract class SummarizedCallable extends LibraryCallable { predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { none() } } +/** + * A callable with a flow summary, identified by a unique string, where all + * calls to a method with the same name are considered relevant. + */ +abstract class SimpleSummarizedCallable extends SummarizedCallable { + bindingset[this] + SimpleSummarizedCallable() { any() } + + final override MethodCall getACall() { result.getMethodName() = this } +} + private class SummarizedCallableAdapter extends Impl::Public::SummarizedCallable { private SummarizedCallable sc; diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll index aec9a7237ab..46e0e4ea6ad 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll @@ -250,7 +250,7 @@ private module Cached { TPositionalParameterPosition(int pos) { pos = any(Parameter p).getPosition() or - pos in [0 .. 10] // TODO: remove once `Argument[_]` summaries are replaced with `Argument[i..]` + pos in [0 .. 100] // TODO: remove once `Argument[_]` summaries are replaced with `Argument[i..]` or FlowSummaryImplSpecific::ParsePositions::isParsedArgumentPosition(_, pos) } or diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index 285cdf40b65..da4cce90cdf 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -294,9 +294,13 @@ private module Cached { } cached - newtype TContent = TTodoContent() // stub + newtype TContent = + TKnownArrayElementContent(int i) { i in [0 .. 10] } or + TUnknownArrayElementContent() } +class TArrayElementContent = TKnownArrayElementContent or TUnknownArrayElementContent; + import Cached /** Holds if `n` should be hidden from path explanations. */ @@ -741,8 +745,6 @@ predicate readStep(Node node1, Content c, Node node2) { * in `x.f = newValue`. */ predicate clearsContent(Node n, Content c) { - storeStep(_, c, n) - or FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c) } @@ -886,4 +888,6 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves * One example would be to allow flow like `p.foo = p.bar;`, which is disallowed * by default as a heuristic. */ -predicate allowParameterReturnInSelf(ParameterNode p) { none() } +predicate allowParameterReturnInSelf(ParameterNode p) { + FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p) +} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 4717d4995e6..432c3d8f977 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -45,19 +45,19 @@ class Node extends TNode { } /** A data-flow node corresponding to a call in the control-flow graph. */ -class CallNode extends LocalSourceNode { +class CallNode extends LocalSourceNode, ExprNode { private CfgNodes::ExprNodes::CallCfgNode node; - CallNode() { node = this.asExpr() } + CallNode() { node = this.getExprNode() } /** Gets the data-flow node corresponding to the receiver of the call corresponding to this data-flow node */ - Node getReceiver() { result.asExpr() = node.getReceiver() } + ExprNode getReceiver() { result.getExprNode() = node.getReceiver() } /** Gets the data-flow node corresponding to the `n`th argument of the call corresponding to this data-flow node */ - Node getArgument(int n) { result.asExpr() = node.getArgument(n) } + ExprNode getArgument(int n) { result.getExprNode() = node.getArgument(n) } /** Gets the data-flow node corresponding to the named argument of the call corresponding to this data-flow node */ - Node getKeywordArgument(string name) { result.asExpr() = node.getKeywordArgument(name) } + ExprNode getKeywordArgument(string name) { result.getExprNode() = node.getKeywordArgument(name) } /** Gets the name of the the method called by the method call (if any) corresponding to this data-flow node */ string getMethodName() { result = node.getExpr().(MethodCall).getMethodName() } @@ -161,10 +161,7 @@ predicate localExprFlow(CfgNodes::ExprCfgNode e1, CfgNodes::ExprCfgNode e2) { localFlow(exprNode(e1), exprNode(e2)) } -/** - * A reference contained in an object. This is either a field, a property, - * or an element in a collection. - */ +/** A reference contained in an object. */ class Content extends TContent { /** Gets a textual representation of this content. */ string toString() { none() } @@ -173,6 +170,31 @@ class Content extends TContent { Location getLocation() { none() } } +/** Provides different sub classes of `Content`. */ +module Content { + /** An element in an array. */ + class ArrayElementContent extends Content, TArrayElementContent { } + + /** An element in an array at a known index. */ + class KnownArrayElementContent extends ArrayElementContent, TKnownArrayElementContent { + private int i; + + KnownArrayElementContent() { this = TKnownArrayElementContent(i) } + + /** Gets the index in the array. */ + int getIndex() { result = i } + + override string toString() { result = "array element " + i } + } + + /** An element in an array at an unknown index. */ + class UnknownArrayElementContent extends ArrayElementContent, TUnknownArrayElementContent { + UnknownArrayElementContent() { this = TUnknownArrayElementContent() } + + override string toString() { result = "array element" } + } +} + /** * A guard that validates some expression. * diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll index dee26f0b4d3..127e15edc03 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll @@ -58,12 +58,33 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string * This covers all the Ruby-specific components of a flow summary, and * is currently restricted to `"BlockArgument"`. */ +bindingset[c] SummaryComponent interpretComponentSpecific(string c) { + c = "Self" and + result = FlowSummary::SummaryComponent::self() + or c = "BlockArgument" and result = FlowSummary::SummaryComponent::block() or c = "Argument[_]" and result = FlowSummary::SummaryComponent::argument(any(ParameterPosition pos | pos.isPositional(_))) + or + c = "ArrayElement" and + result = FlowSummary::SummaryComponent::arrayElementAny() + or + c = "ArrayElement[?]" and + result = FlowSummary::SummaryComponent::arrayElementUnknown() + or + exists(int i | + c.regexpCapture("ArrayElement\\[([0-9]+)\\]", 1).toInt() = i and + result = FlowSummary::SummaryComponent::arrayElementKnown(i) + ) + or + exists(int i1, int i2 | + c.regexpCapture("ArrayElement\\[([-0-9]+)\\.\\.([0-9]+)\\]", 1).toInt() = i1 and + c.regexpCapture("ArrayElement\\[([-0-9]+)\\.\\.([0-9]+)\\]", 2).toInt() = i2 and + result = FlowSummary::SummaryComponent::arrayElementKnown([i1 .. i2]) + ) } /** Gets the textual representation of a summary component in the format used for flow summaries. */ diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll index 86c8ffb7f50..b3e04e7a3dc 100755 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll @@ -1,4 +1,5 @@ private import ruby +private import DataFlowPrivate private import TaintTrackingPublic private import codeql.ruby.CFG private import codeql.ruby.DataFlow @@ -34,8 +35,10 @@ predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nod nodeFrom.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() or - // element reference from nodeFrom - nodeFrom.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::ElementReferenceCfgNode).getReceiver() - or FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false) + or + // Although flow through arrays is modelled precisely using stores/reads, we still + // allow flow out of a _tainted_ array. This is needed in order to support taint- + // tracking configurations where the source is an array. + readStep(nodeFrom, any(DataFlow::Content::ArrayElementContent c), nodeTo) } diff --git a/ruby/ql/test/library-tests/dataflow/local/Nodes.ql b/ruby/ql/test/library-tests/dataflow/local/Nodes.ql index c676f125f79..23476a4a195 100644 --- a/ruby/ql/test/library-tests/dataflow/local/Nodes.ql +++ b/ruby/ql/test/library-tests/dataflow/local/Nodes.ql @@ -5,5 +5,6 @@ import codeql.ruby.dataflow.internal.DataFlowDispatch query predicate ret(ReturningNode node) { any() } query predicate arg(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { - n.argumentOf(call, pos) + n.argumentOf(call, pos) and + not n instanceof SummaryNode } diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected index a3536938432..96e5fdf8355 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected +++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.expected @@ -27,6 +27,7 @@ nodes | summaries.rb:18:6:18:13 | tainted3 | semmle.label | tainted3 | subpaths invalidSpecComponent +invalidOutputSpecComponent #select | summaries.rb:2:6:2:12 | tainted | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:2:6:2:12 | tainted | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | | summaries.rb:5:8:5:8 | x | summaries.rb:1:20:1:26 | "taint" : | summaries.rb:5:8:5:8 | x | $@ | summaries.rb:1:20:1:26 | "taint" : | "taint" : | diff --git a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql index 6d9db3f5c82..7c16273aa97 100644 --- a/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql +++ b/ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql @@ -13,6 +13,12 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) Private::External::invalidSpecComponent(s, c) } +query predicate invalidOutputSpecComponent(SummarizedCallable sc, string s, string c) { + sc.propagatesFlowExt(_, s, _) and + Private::External::specSplit(s, c, _) and + c = "ArrayElement" // not allowed in output specs; use `ArrayElement[?] instead +} + private class SummarizedCallableIdentity extends SummarizedCallable { SummarizedCallableIdentity() { this = "identity" } From 51e3c582deb151d43061b4e30a8c3c2171d631ef Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 22 Dec 2021 09:34:28 +0100 Subject: [PATCH 21/31] C#: Re-write ForEachCapture test to avoid using LibraryTypeDataFlow and rely in MaD summaries instead. --- csharp/ql/src/Language Abuse/ForeachCapture.ql | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/csharp/ql/src/Language Abuse/ForeachCapture.ql b/csharp/ql/src/Language Abuse/ForeachCapture.ql index 47c1c79ef3f..50aad192c20 100644 --- a/csharp/ql/src/Language Abuse/ForeachCapture.ql +++ b/csharp/ql/src/Language Abuse/ForeachCapture.ql @@ -12,7 +12,8 @@ */ import csharp -import semmle.code.csharp.dataflow.LibraryTypeDataFlow +import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate import semmle.code.csharp.frameworks.system.Collections import semmle.code.csharp.frameworks.system.collections.Generic @@ -74,14 +75,10 @@ Element getAssignmentTarget(Expr e) { Element getCollectionAssignmentTarget(Expr e) { // Store into collection via method - exists( - MethodCall mc, Method m, LibraryTypeDataFlow ltdf, CallableFlowSource source, - CallableFlowSink sink - | - m = mc.getTarget().getUnboundDeclaration() and - ltdf.callableFlow(source, AccessPath::empty(), sink, AccessPath::element(), m, _) and - e = source.getSource(mc) and - result.(Variable).getAnAccess() = sink.getSink(mc) + exists(DataFlow::Node postNode, Expr nodeExp | + FlowSummaryImpl::Private::Steps::summarySetterStep(DataFlow::exprNode(e), _, postNode) and + nodeExp = postNode.(DataFlowPrivate::PostUpdateNode).getPreUpdateNode().asExpr() and + result.(Variable).getAnAccess() = nodeExp ) or // Array initializer From fef6770a21966f6b0d4a3893c833a5dd48391c41 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 22 Dec 2021 09:36:24 +0100 Subject: [PATCH 22/31] C#: Remove the callableFlow for the Add method in subtypes of System.Collections.IEnumerable. --- .../csharp/dataflow/LibraryTypeDataFlow.qll | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll index 4fc6ed468b5..a266e602ec9 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll @@ -478,25 +478,6 @@ class SystemTextStringBuilderFlow extends LibraryTypeDataFlow, SystemTextStringB class IEnumerableFlow extends LibraryTypeDataFlow, RefType { IEnumerableFlow() { this.getABaseType*() instanceof SystemCollectionsIEnumerableInterface } - override predicate callableFlow( - CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp, - SourceDeclarationCallable c, boolean preservesValue - ) { - preservesValue = true and - exists(string name, int arity | - arity = c.getNumberOfParameters() and - c = this.getAMethod() and - c.getUndecoratedName() = name - | - name = "Add" and - arity = 1 and - source = TCallableFlowSourceArg(0) and - sourceAp = AccessPath::empty() and - sink instanceof CallableFlowSinkQualifier and - sinkAp = AccessPath::element() - ) - } - override predicate clearsContent( CallableFlowSource source, Content content, SourceDeclarationCallable callable ) { From 748b2d250722b025ea4f4bed47fd10123455cce4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 22 Dec 2021 13:34:44 +0100 Subject: [PATCH 23/31] C#: Simplify the ForEachCapture query. Co-authored-by: Tom Hvitved --- csharp/ql/src/Language Abuse/ForeachCapture.ql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/csharp/ql/src/Language Abuse/ForeachCapture.ql b/csharp/ql/src/Language Abuse/ForeachCapture.ql index 50aad192c20..7bef3bc3405 100644 --- a/csharp/ql/src/Language Abuse/ForeachCapture.ql +++ b/csharp/ql/src/Language Abuse/ForeachCapture.ql @@ -75,10 +75,9 @@ Element getAssignmentTarget(Expr e) { Element getCollectionAssignmentTarget(Expr e) { // Store into collection via method - exists(DataFlow::Node postNode, Expr nodeExp | + exists(DataFlowPrivate::PostUpdateNode postNode | FlowSummaryImpl::Private::Steps::summarySetterStep(DataFlow::exprNode(e), _, postNode) and - nodeExp = postNode.(DataFlowPrivate::PostUpdateNode).getPreUpdateNode().asExpr() and - result.(Variable).getAnAccess() = nodeExp + result.(Variable).getAnAccess() = postNode.getPreUpdateNode().asExpr() ) or // Array initializer From 400802c5cebfaa957b75141b6005909310a2c5c0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 9 Dec 2021 08:50:41 +0100 Subject: [PATCH 24/31] Ruby: Add flow summaries for `Array`/`Enumerable` methods --- .../ruby/frameworks/StandardLibrary.qll | 1102 +++++++++++++++++ .../dataflow/array-flow/array-flow.expected | 1078 ++++++++++++++++ .../dataflow/array-flow/array-flow.ql | 15 + .../dataflow/array-flow/array_flow.rb | 523 ++++++++ .../security/cwe-022/PathInjection.expected | 4 +- .../cwe-078/CommandInjection.expected | 22 +- .../security/cwe-078/KernelOpen.expected | 6 +- .../security/cwe-079/ReflectedXSS.expected | 10 +- .../security/cwe-089/SqlInjection.expected | 34 +- .../security/cwe-094/CodeInjection.expected | 8 +- .../PolynomialReDoS.expected | 44 +- .../RegExpInjection.expected | 20 +- .../UnsafeDeserialization.expected | 4 +- .../UnsafeDeserialization.expected | 30 +- .../security/cwe-601/UrlRedirect.expected | 4 +- .../query-tests/security/cwe-611/Xxe.expected | 50 +- .../cwe-918/ServerSideRequestForgery.expected | 4 +- 17 files changed, 2875 insertions(+), 83 deletions(-) create mode 100644 ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected create mode 100644 ruby/ql/test/library-tests/dataflow/array-flow/array-flow.ql create mode 100644 ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll index 547f0f74287..07f1a4cfe9a 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll @@ -449,3 +449,1105 @@ private class LoggerSetPrognameCall extends LoggerLoggingCall { ) } } + +private class SplatSummary extends SummarizedCallable { + SplatSummary() { this = "*(splat)" } + + override SplatExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + // *1 = [1] + input = "Self" and + output = "ArrayElement[0] of ReturnValue" + or + // *[1] = [1] + input = "Self" and + output = "ReturnValue" + ) and + preservesValue = true + } +} + +private class ArrayIndex extends int { + ArrayIndex() { this = any(DataFlow::Content::KnownArrayElementContent c).getIndex() } +} + +/** + * Provides flow summaries for the `Array` class. + * + * The summaries are ordered (and implemented) based on + * https://ruby-doc.org/core-2.7.0/Array.html, however for methods that have the + * more general `Enumerable` scope, they are implemented in the `Enumerable` + * module instead. + */ +module Array { + bindingset[arg] + private DataFlow::Content::KnownArrayElementContent getKnownArrayElementContent(Expr arg) { + result.getIndex() = arg.getValueText().toInt() + } + + bindingset[arg] + private predicate isUnknownArrayElementContent(Expr arg) { + not exists(getKnownArrayElementContent(arg)) and + not arg instanceof RangeLiteral + } + + private class ArrayLiteralSummary extends SummarizedCallable { + ArrayLiteralSummary() { this = "Array.[]" } + + override MethodCall getACall() { + result = API::getTopLevelMember("Array").getAMethodCall("[]").getExprNode().getExpr() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + exists(ArrayIndex i | + input = "Argument[" + i + "]" and + output = "ArrayElement[" + i + "] of ReturnValue" and + preservesValue = true + ) + } + } + + private class NewSummary extends SummarizedCallable { + NewSummary() { this = "Array.new" } + + override MethodCall getACall() { + result = API::getTopLevelMember("Array").getAnInstantiation().getExprNode().getExpr() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "Argument[1]" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Argument[0]" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = "ArrayElement[?] of Argument[0]" and + output = "ArrayElement[?] of ReturnValue" + or + input = "ReturnValue of BlockArgument" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class TryConvertSummary extends SummarizedCallable { + TryConvertSummary() { this = "Array.try_convert" } + + override MethodCall getACall() { + result = API::getTopLevelMember("Array").getAMethodCall("try_convert").getExprNode().getExpr() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Argument[0]" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = "ArrayElement[?] of Argument[0]" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class SetIntersectionSummary extends SummarizedCallable { + SetIntersectionSummary() { this = "&" } + + override BitwiseAndExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = ["ArrayElement of Self", "ArrayElement of Argument[0]"] and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class RepetitionSummary extends SummarizedCallable { + RepetitionSummary() { this = "*" } + + override MulExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class ConcatenationSummary extends SummarizedCallable { + ConcatenationSummary() { this = "+" } + + override AddExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = ["ArrayElement[?] of Self", "ArrayElement of Argument[0]"] and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class SetDifferenceSummary extends SummarizedCallable { + SetDifferenceSummary() { this = "-" } + + override SubExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class AppendSummary extends SummarizedCallable { + AppendSummary() { this = "<<" } + + override LShiftExpr getACall() { any() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = ["ArrayElement[?] of Self", "Argument[0]"] and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + /** A call to `[]`. */ + abstract private class ElementReferenceReadSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + ElementReferenceReadSummary() { mc.getMethodName() = "[]" } + + override MethodCall getACall() { result = mc } + } + + /** A call to `[]` with a known index. */ + private class ElementReferenceReadKnownSummary extends ElementReferenceReadSummary { + private int i; + + ElementReferenceReadKnownSummary() { + this = "[" + i + "]" and + mc.getNumberOfArguments() = 1 and + i = getKnownArrayElementContent(mc.getArgument(0)).getIndex() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement[" + [i.toString(), "?"] + "] of Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + /** A call to `[]` with an unknown index. */ + private class ElementReferenceReadUnknownSummary extends ElementReferenceReadSummary { + ElementReferenceReadUnknownSummary() { + this = "[](index)" and + mc.getNumberOfArguments() = 1 and + isUnknownArrayElementContent(mc.getArgument(0)) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + /** A call to `[]` with two arguments or a range argument. */ + private class ElementReferenceSliceReadSummary extends ElementReferenceReadSummary { + ElementReferenceSliceReadSummary() { + this = "[](slice)" and + ( + mc.getNumberOfArguments() = 2 + or + mc.getNumberOfArguments() = 1 and + mc.getArgument(0) instanceof RangeLiteral + ) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + /** A call to `[]=`. */ + abstract private class ElementReferenceStoreSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + ElementReferenceStoreSummary() { mc.getMethodName() = "[]=" } + + final override MethodCall getACall() { result = mc } + } + + /** A call to `[]=` with a known index. */ + private class ElementReferenceStoreKnownSummary extends ElementReferenceStoreSummary { + private DataFlow::Content::KnownArrayElementContent c; + + ElementReferenceStoreKnownSummary() { + mc.getNumberOfArguments() = 2 and + c = getKnownArrayElementContent(mc.getArgument(0)) and + this = "[" + c.getIndex() + "]=" + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[1]" and + output = "ArrayElement[" + c.getIndex() + "] of Self" and + preservesValue = true + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content = c + } + } + + /** A call to `[]=` with an unknown index. */ + private class ElementReferenceStoreUnknownSummary extends ElementReferenceStoreSummary { + ElementReferenceStoreUnknownSummary() { + mc.getNumberOfArguments() = 2 and + isUnknownArrayElementContent(mc.getArgument(0)) and + this = "[]=" + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[1]" and + output = "ArrayElement[?] of Self" and + preservesValue = true + } + } + + /** A call to `[]=` with two arguments or a range argument. */ + private class ElementReferenceSliceStoreUnknownSummary extends ElementReferenceStoreSummary { + ElementReferenceSliceStoreUnknownSummary() { + this = "[]=(slice)" and + ( + mc.getNumberOfArguments() > 2 + or + mc.getNumberOfArguments() = 2 and + mc.getArgument(0) instanceof RangeLiteral + ) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + exists(string arg | + arg = "Argument[" + (mc.getNumberOfArguments() - 1) + "]" and + input = ["ArrayElement of " + arg, arg, "ArrayElement of Self"] and + output = "ArrayElement[?] of Self" and + preservesValue = true + ) + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::KnownArrayElementContent + } + } + + private class AssocSummary extends SimpleSummarizedCallable { + AssocSummary() { this = "assoc" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + abstract private class AtSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + AtSummary() { mc.getMethodName() = "at" } + + override MethodCall getACall() { result = mc } + } + + private class AtKnownSummary extends AtSummary { + private int i; + + AtKnownSummary() { + this = "at(" + i + "]" and + mc.getNumberOfArguments() = 1 and + i = getKnownArrayElementContent(mc.getArgument(0)).getIndex() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement[" + [i.toString(), "?"] + "] of Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + private class AtUnknownSummary extends AtSummary { + AtUnknownSummary() { + this = "at" and + mc.getNumberOfArguments() = 1 and + isUnknownArrayElementContent(mc.getArgument(0)) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + private class BSearchSummary extends SimpleSummarizedCallable { + BSearchSummary() { this = "bsearch" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ReturnValue"] and + preservesValue = true + } + } + + private class BSearchIndexSummary extends SimpleSummarizedCallable { + BSearchIndexSummary() { this = "bsearch_index" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class ClearSummary extends SimpleSummarizedCallable { + ClearSummary() { this = "clear" } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::ArrayElementContent + } + } + + private class CombinationSummary extends SimpleSummarizedCallable { + CombinationSummary() { this = "combination" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class CompactSummary extends SimpleSummarizedCallable { + CompactSummary() { this = "compact" + ["", "!"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class ConcatSummary extends SimpleSummarizedCallable { + ConcatSummary() { this = "concat" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Argument[_]" and + output = "ArrayElement[?] of Self" and + preservesValue = true + } + } + + private class DeleteSummary extends SimpleSummarizedCallable { + DeleteSummary() { this = "delete" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = ["ArrayElement of Self", "ReturnValue of BlockArgument"] and + output = "ReturnValue" and + preservesValue = true + } + } + + private class DeleteAtSummary extends SimpleSummarizedCallable { + DeleteAtSummary() { this = "delete_at" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + private class DeleteIfSummary extends SimpleSummarizedCallable { + DeleteIfSummary() { this = "delete_if" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and + preservesValue = true + } + } + + private class DifferenceSummary extends SimpleSummarizedCallable { + DifferenceSummary() { this = "difference" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + any(SetDifferenceSummary s).propagatesFlowExt(input, output, preservesValue) + } + } + + private string getDigArg(MethodCall dig, int i) { + dig.getMethodName() = "dig" and + exists(Expr arg | arg = dig.getArgument(i) | + result = arg.getValueText().toInt().toString() + or + not exists(arg.getValueText()) and + result = "?" + ) + } + + private class RelevantDigMethodCall extends MethodCall { + RelevantDigMethodCall() { + forall(int i | i in [0 .. this.getNumberOfArguments() - 1] | exists(getDigArg(this, i))) + } + } + + private string buildDigInputSpecComponent(RelevantDigMethodCall dig, int i) { + exists(string s | + s = getDigArg(dig, i) and + if s = "?" then result = "" else result = "[" + [s, "?"] + "]" + ) + } + + language[monotonicAggregates] + private string buildDigInputSpec(RelevantDigMethodCall dig) { + result = + strictconcat(int i | + i in [0 .. dig.getNumberOfArguments() - 1] + | + "ArrayElement" + buildDigInputSpecComponent(dig, i) + " of " order by i desc + ) + } + + private class DigSummary extends SummarizedCallable { + private RelevantDigMethodCall dig; + + DigSummary() { + this = + "dig(" + + strictconcat(int i | + i in [0 .. dig.getNumberOfArguments() - 1] + | + getDigArg(dig, i), "," order by i + ) + ")" + } + + override MethodCall getACall() { result = dig } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = buildDigInputSpec(dig) + "Self" and + output = "ReturnValue" and + preservesValue = true + } + } + + private class EachSummary extends SimpleSummarizedCallable { + EachSummary() { this = "each" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class EachIndexSummary extends SimpleSummarizedCallable { + EachIndexSummary() { this = "each_index" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class FetchSummary extends SimpleSummarizedCallable { + FetchSummary() { this = "fetch" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "ReturnValue" + or + input = "Argument[0]" and + output = "Parameter[0] of BlockArgument" + ) and + preservesValue = true + } + } + + abstract private class FillSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + FillSummary() { mc.getMethodName() = "fill" } + + override MethodCall getACall() { result = mc } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = ["Argument[0]", "ReturnValue of BlockArgument"] and + output = "ArrayElement[?] of Self" and + preservesValue = true + } + } + + private class FillAllSummary extends FillSummary { + FillAllSummary() { + this = "fill(all)" and + if exists(mc.getBlock()) then mc.getNumberOfArguments() = 0 else mc.getNumberOfArguments() = 1 + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::ArrayElementContent + } + } + + private class FillSomeSummary extends FillSummary { + FillSomeSummary() { + this = "fill(some)" and + if exists(mc.getBlock()) then mc.getNumberOfArguments() > 0 else mc.getNumberOfArguments() > 1 + } + } + + private class FilterBangSummary extends SimpleSummarizedCallable { + FilterBangSummary() { this = "filter!" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and + preservesValue = true + } + } + + private class FlattenSummary extends SimpleSummarizedCallable { + FlattenSummary() { this = "flatten" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = + [ + "ArrayElement of Self", "ArrayElement of ArrayElement of Self", + "ArrayElement of ArrayElement of ArrayElement of Self" + ] and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class FlattenBangSummary extends SimpleSummarizedCallable { + FlattenBangSummary() { this = "flatten!" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = + [ + "ArrayElement of Self", "ArrayElement of ArrayElement of Self", + "ArrayElement of ArrayElement of ArrayElement of Self" + ] and + output = "ArrayElement[?] of Self" + ) and + preservesValue = true + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::ArrayElementContent + } + } + + private class IndexSummary extends SimpleSummarizedCallable { + IndexSummary() { this = "index" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class InitializeCopySummary extends SimpleSummarizedCallable { + InitializeCopySummary() { this = "initialize_copy" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement[?] of Argument[0]" and + output = "ArrayElement[?] of Self" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Argument[0]" and + output = "ArrayElement[" + i + "] of Self" + ) + ) and + preservesValue = true + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::ArrayElementContent + } + } + + private class PrependSummary extends SummarizedCallable { + private MethodCall mc; + + PrependSummary() { + mc.getMethodName() = "prepend" and + this = "prepend(" + mc.getNumberOfArguments() + ")" + } + + override MethodCall getACall() { result = mc } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + exists(ArrayIndex i, int num | num = mc.getNumberOfArguments() and preservesValue = true | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + (i + num) + "] of Self" + or + input = "Argument[" + i + "]" and + output = "ArrayElement[" + i + "] of Self" + ) + } + + override predicate clearsContent(ParameterPosition pos, DataFlow::Content content) { + pos.isSelf() and + content instanceof DataFlow::Content::KnownArrayElementContent + } + } +} + +/** + * Provides flow summaries for the `Enumerable` class. + * + * The summaries are ordered (and implemented) based on + * https://ruby-doc.org/core-2.7.0/Enumerable.html. + */ +module Enumerable { + private class AllSummary extends SimpleSummarizedCallable { + AllSummary() { this = "all?" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + or + input = "ReturnValue of BlockArgument" and + output = "ReturnValue" and + preservesValue = false + } + } + + private class AnySummary extends SimpleSummarizedCallable { + AnySummary() { this = "any?" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + or + input = "ReturnValue of BlockArgument" and + output = "ReturnValue" and + preservesValue = false + } + } + + private class CollectSummary extends SimpleSummarizedCallable { + CollectSummary() { this = ["collect", "collect!"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + or + input = "ReturnValue of BlockArgument" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class CollectConcatSummary extends SimpleSummarizedCallable { + CollectConcatSummary() { this = "collect_concat" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + or + input = "ArrayElement of ReturnValue of BlockArgument" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class CountSummary extends SimpleSummarizedCallable { + CountSummary() { this = "count" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class CycleSummary extends SimpleSummarizedCallable { + CycleSummary() { this = "cycle" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class DetectSummary extends SimpleSummarizedCallable { + DetectSummary() { this = "detect" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ReturnValue"] + or + input = "ReturnValue of Argument[0]" and + output = "ReturnValue" + ) and + preservesValue = true + } + } + + abstract private class DropSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + DropSummary() { mc.getMethodName() = "drop" } + + override MethodCall getACall() { result = mc } + } + + private class DropKnownSummary extends DropSummary { + private int i; + + DropKnownSummary() { + this = "drop(" + i + ")" and + i = mc.getArgument(0).getValueText().toInt() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex j | + input = "ArrayElement[" + j + "] of Self" and + output = "ArrayElement[" + (j - i) + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class DropUnknownSummary extends DropSummary { + DropUnknownSummary() { + this = "drop(index)" and + not exists(mc.getArgument(0).getValueText().toInt()) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + + private class DropWhileSummary extends SimpleSummarizedCallable { + DropWhileSummary() { this = "drop_while" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = ["ArrayElement[?] of ReturnValue", "Parameter[0] of BlockArgument"] and + preservesValue = true + } + } + + private class EachConsSummary extends SimpleSummarizedCallable { + EachConsSummary() { this = "each_cons" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + private class EachEntrySummary extends SimpleSummarizedCallable { + EachEntrySummary() { this = "each_entry" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class EachSliceSummary extends SimpleSummarizedCallable { + EachSliceSummary() { this = "each_slice" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "ArrayElement[?] of Parameter[0] of BlockArgument" + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class EachWithIndexSummary extends SimpleSummarizedCallable { + EachWithIndexSummary() { this = "each_with_index" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + or + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + ) and + preservesValue = true + } + } + + private class EachWithObjectSummary extends SimpleSummarizedCallable { + EachWithObjectSummary() { this = "each_with_object" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "Argument[0]" and + output = ["Parameter[1] of BlockArgument", "ReturnValue"] + ) and + preservesValue = true + } + } + + private class FilterSummary extends SimpleSummarizedCallable { + FilterSummary() { this = ["filter", "filter_map"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and + preservesValue = true + } + } + + private class FindSummary extends SimpleSummarizedCallable { + FindSummary() { this = "find" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = ["Parameter[0] of BlockArgument", "ReturnValue"] + or + input = "ReturnValue of Argument[0]" and + output = "ReturnValue" + ) and + preservesValue = true + } + } + + private class FindAllSummary extends SimpleSummarizedCallable { + FindAllSummary() { this = "find_all" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + any(FilterSummary f).propagatesFlowExt(input, output, preservesValue) + } + } + + private class FindIndexSummary extends SimpleSummarizedCallable { + FindIndexSummary() { this = "find_index" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" and + preservesValue = true + } + } + + abstract private class FirstSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + FirstSummary() { mc.getMethodName() = "first" } + + override MethodCall getACall() { result = mc } + } + + private class FirstNoArgSummary extends FirstSummary { + FirstNoArgSummary() { this = "first(no_arg)" and mc.getNumberOfArguments() = 0 } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = ["ArrayElement[0] of Self", "ArrayElement[?] of Self"] and + output = "ReturnValue" and + preservesValue = true + } + } + + private class FirstArgKnownSummary extends FirstSummary { + private int n; + + FirstArgKnownSummary() { + this = "first(" + n + ")" and n = mc.getArgument(0).getValueText().toInt() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + exists(ArrayIndex i | + i < n and + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class FirstArgUnknownSummary extends FirstSummary { + FirstArgUnknownSummary() { + this = "first(?)" and + mc.getNumberOfArguments() > 0 and + not exists(mc.getArgument(0).getValueText().toInt()) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + exists(ArrayIndex i | + input = "ArrayElement[" + i + "] of Self" and + output = "ArrayElement[" + i + "] of ReturnValue" + ) + or + input = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class FlatMapSummary extends SimpleSummarizedCallable { + FlatMapSummary() { this = "flat_map" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "ArrayElement of ReturnValue of BlockArgument" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + abstract private class GrepSummary extends SummarizedCallable { + MethodCall mc; + + bindingset[this] + GrepSummary() { mc.getMethodName() = ["grep", "grep_v"] } + + override MethodCall getACall() { result = mc } + } + + private class GrepBlockSummary extends GrepSummary { + GrepBlockSummary() { this = "grep(block)" and exists(mc.getBlock()) } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "ArrayElement of Self" and + output = "Parameter[0] of BlockArgument" + or + input = "ReturnValue of BlockArgument" and + output = "ArrayElement[?] of ReturnValue" + ) and + preservesValue = true + } + } + + private class GrepNoBlockSummary extends GrepSummary { + GrepNoBlockSummary() { this = "grep(no_block)" and not exists(mc.getBlock()) } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "ArrayElement of Self" and + output = "ArrayElement[?] of ReturnValue" and + preservesValue = true + } + } + // TODO: Implement `group_by` when we have flow through hashes +} diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected new file mode 100644 index 00000000000..29f99d38f94 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected @@ -0,0 +1,1078 @@ +failures +edges +| array_flow.rb:2:9:2:18 | * ... [array element 0] : | array_flow.rb:3:10:3:10 | a [array element 0] : | +| array_flow.rb:2:9:2:18 | * ... [array element 0] : | array_flow.rb:5:10:5:10 | a [array element 0] : | +| array_flow.rb:2:10:2:18 | call to source : | array_flow.rb:2:9:2:18 | * ... [array element 0] : | +| array_flow.rb:3:10:3:10 | a [array element 0] : | array_flow.rb:3:10:3:13 | ...[...] | +| array_flow.rb:5:10:5:10 | a [array element 0] : | array_flow.rb:5:10:5:13 | ...[...] | +| array_flow.rb:9:13:9:21 | call to source : | array_flow.rb:11:10:11:10 | a [array element 1] : | +| array_flow.rb:9:13:9:21 | call to source : | array_flow.rb:13:10:13:10 | a [array element 1] : | +| array_flow.rb:11:10:11:10 | a [array element 1] : | array_flow.rb:11:10:11:13 | ...[...] | +| array_flow.rb:13:10:13:10 | a [array element 1] : | array_flow.rb:13:10:13:13 | ...[...] | +| array_flow.rb:17:9:17:33 | call to new [array element] : | array_flow.rb:18:10:18:10 | a [array element] : | +| array_flow.rb:17:9:17:33 | call to new [array element] : | array_flow.rb:19:10:19:10 | a [array element] : | +| array_flow.rb:17:9:17:33 | call to new [array element] : | array_flow.rb:21:19:21:19 | a [array element] : | +| array_flow.rb:17:22:17:32 | call to source : | array_flow.rb:17:9:17:33 | call to new [array element] : | +| array_flow.rb:18:10:18:10 | a [array element] : | array_flow.rb:18:10:18:13 | ...[...] | +| array_flow.rb:19:10:19:10 | a [array element] : | array_flow.rb:19:10:19:13 | ...[...] | +| array_flow.rb:21:9:21:20 | call to new [array element] : | array_flow.rb:22:10:22:10 | b [array element] : | +| array_flow.rb:21:9:21:20 | call to new [array element] : | array_flow.rb:23:10:23:10 | b [array element] : | +| array_flow.rb:21:19:21:19 | a [array element] : | array_flow.rb:21:9:21:20 | call to new [array element] : | +| array_flow.rb:22:10:22:10 | b [array element] : | array_flow.rb:22:10:22:13 | ...[...] | +| array_flow.rb:23:10:23:10 | b [array element] : | array_flow.rb:23:10:23:13 | ...[...] | +| array_flow.rb:25:9:27:7 | call to new [array element] : | array_flow.rb:28:10:28:10 | c [array element] : | +| array_flow.rb:25:9:27:7 | call to new [array element] : | array_flow.rb:29:10:29:10 | c [array element] : | +| array_flow.rb:26:9:26:19 | call to source : | array_flow.rb:25:9:27:7 | call to new [array element] : | +| array_flow.rb:28:10:28:10 | c [array element] : | array_flow.rb:28:10:28:13 | ...[...] | +| array_flow.rb:29:10:29:10 | c [array element] : | array_flow.rb:29:10:29:13 | ...[...] | +| array_flow.rb:33:10:33:18 | call to source : | array_flow.rb:34:27:34:27 | a [array element 0] : | +| array_flow.rb:34:9:34:28 | call to try_convert [array element 0] : | array_flow.rb:35:10:35:10 | b [array element 0] : | +| array_flow.rb:34:27:34:27 | a [array element 0] : | array_flow.rb:34:9:34:28 | call to try_convert [array element 0] : | +| array_flow.rb:35:10:35:10 | b [array element 0] : | array_flow.rb:35:10:35:13 | ...[...] | +| array_flow.rb:40:10:40:20 | call to source : | array_flow.rb:42:9:42:9 | a [array element 0] : | +| array_flow.rb:41:16:41:26 | call to source : | array_flow.rb:42:13:42:13 | b [array element 2] : | +| array_flow.rb:42:9:42:9 | a [array element 0] : | array_flow.rb:42:9:42:13 | ... & ... [array element] : | +| array_flow.rb:42:9:42:13 | ... & ... [array element] : | array_flow.rb:43:10:43:10 | c [array element] : | +| array_flow.rb:42:9:42:13 | ... & ... [array element] : | array_flow.rb:44:10:44:10 | c [array element] : | +| array_flow.rb:42:13:42:13 | b [array element 2] : | array_flow.rb:42:9:42:13 | ... & ... [array element] : | +| array_flow.rb:43:10:43:10 | c [array element] : | array_flow.rb:43:10:43:13 | ...[...] | +| array_flow.rb:44:10:44:10 | c [array element] : | array_flow.rb:44:10:44:13 | ...[...] | +| array_flow.rb:48:10:48:18 | call to source : | array_flow.rb:49:9:49:9 | a [array element 0] : | +| array_flow.rb:49:9:49:9 | a [array element 0] : | array_flow.rb:49:9:49:13 | ... * ... [array element] : | +| array_flow.rb:49:9:49:13 | ... * ... [array element] : | array_flow.rb:50:10:50:10 | b [array element] : | +| array_flow.rb:49:9:49:13 | ... * ... [array element] : | array_flow.rb:51:10:51:10 | b [array element] : | +| array_flow.rb:50:10:50:10 | b [array element] : | array_flow.rb:50:10:50:13 | ...[...] | +| array_flow.rb:51:10:51:10 | b [array element] : | array_flow.rb:51:10:51:13 | ...[...] | +| array_flow.rb:55:10:55:20 | call to source : | array_flow.rb:57:9:57:9 | a [array element 0] : | +| array_flow.rb:56:13:56:23 | call to source : | array_flow.rb:57:13:57:13 | b [array element 1] : | +| array_flow.rb:57:9:57:9 | a [array element 0] : | array_flow.rb:57:9:57:13 | ... + ... [array element 0] : | +| array_flow.rb:57:9:57:13 | ... + ... [array element 0] : | array_flow.rb:58:10:58:10 | c [array element 0] : | +| array_flow.rb:57:9:57:13 | ... + ... [array element] : | array_flow.rb:58:10:58:10 | c [array element] : | +| array_flow.rb:57:9:57:13 | ... + ... [array element] : | array_flow.rb:59:10:59:10 | c [array element] : | +| array_flow.rb:57:13:57:13 | b [array element 1] : | array_flow.rb:57:9:57:13 | ... + ... [array element] : | +| array_flow.rb:58:10:58:10 | c [array element 0] : | array_flow.rb:58:10:58:13 | ...[...] | +| array_flow.rb:58:10:58:10 | c [array element] : | array_flow.rb:58:10:58:13 | ...[...] | +| array_flow.rb:59:10:59:10 | c [array element] : | array_flow.rb:59:10:59:13 | ...[...] | +| array_flow.rb:63:10:63:20 | call to source : | array_flow.rb:65:9:65:9 | a [array element 0] : | +| array_flow.rb:65:9:65:9 | a [array element 0] : | array_flow.rb:65:9:65:13 | ... - ... [array element] : | +| array_flow.rb:65:9:65:13 | ... - ... [array element] : | array_flow.rb:66:10:66:10 | c [array element] : | +| array_flow.rb:65:9:65:13 | ... - ... [array element] : | array_flow.rb:67:10:67:10 | c [array element] : | +| array_flow.rb:66:10:66:10 | c [array element] : | array_flow.rb:66:10:66:13 | ...[...] | +| array_flow.rb:67:10:67:10 | c [array element] : | array_flow.rb:67:10:67:13 | ...[...] | +| array_flow.rb:71:10:71:20 | call to source : | array_flow.rb:72:9:72:9 | a [array element 0] : | +| array_flow.rb:72:9:72:9 | a [array element 0] : | array_flow.rb:72:9:72:24 | ... << ... [array element 0] : | +| array_flow.rb:72:9:72:24 | ... << ... [array element 0] : | array_flow.rb:73:10:73:10 | b [array element 0] : | +| array_flow.rb:72:9:72:24 | ... << ... [array element] : | array_flow.rb:73:10:73:10 | b [array element] : | +| array_flow.rb:72:9:72:24 | ... << ... [array element] : | array_flow.rb:74:10:74:10 | b [array element] : | +| array_flow.rb:72:14:72:24 | call to source : | array_flow.rb:72:9:72:24 | ... << ... [array element] : | +| array_flow.rb:73:10:73:10 | b [array element 0] : | array_flow.rb:73:10:73:13 | ...[...] | +| array_flow.rb:73:10:73:10 | b [array element] : | array_flow.rb:73:10:73:13 | ...[...] | +| array_flow.rb:74:10:74:10 | b [array element] : | array_flow.rb:74:10:74:13 | ...[...] | +| array_flow.rb:78:13:78:21 | call to source : | array_flow.rb:79:15:79:15 | a [array element 1] : | +| array_flow.rb:79:15:79:15 | a [array element 1] : | array_flow.rb:81:10:81:10 | c | +| array_flow.rb:86:13:86:22 | call to source : | array_flow.rb:87:9:87:9 | a [array element 1] : | +| array_flow.rb:87:9:87:9 | a [array element 1] : | array_flow.rb:87:9:87:15 | ...[...] [array element] : | +| array_flow.rb:87:9:87:15 | ...[...] [array element] : | array_flow.rb:88:10:88:10 | b [array element] : | +| array_flow.rb:87:9:87:15 | ...[...] [array element] : | array_flow.rb:89:10:89:10 | b [array element] : | +| array_flow.rb:87:9:87:15 | ...[...] [array element] : | array_flow.rb:90:10:90:10 | b [array element] : | +| array_flow.rb:88:10:88:10 | b [array element] : | array_flow.rb:88:10:88:13 | ...[...] | +| array_flow.rb:89:10:89:10 | b [array element] : | array_flow.rb:89:10:89:13 | ...[...] | +| array_flow.rb:90:10:90:10 | b [array element] : | array_flow.rb:90:10:90:13 | ...[...] | +| array_flow.rb:94:13:94:22 | call to source : | array_flow.rb:95:9:95:9 | a [array element 1] : | +| array_flow.rb:95:9:95:9 | a [array element 1] : | array_flow.rb:95:9:95:15 | ...[...] [array element] : | +| array_flow.rb:95:9:95:15 | ...[...] [array element] : | array_flow.rb:96:10:96:10 | b [array element] : | +| array_flow.rb:95:9:95:15 | ...[...] [array element] : | array_flow.rb:97:10:97:10 | b [array element] : | +| array_flow.rb:95:9:95:15 | ...[...] [array element] : | array_flow.rb:98:10:98:10 | b [array element] : | +| array_flow.rb:96:10:96:10 | b [array element] : | array_flow.rb:96:10:96:13 | ...[...] | +| array_flow.rb:97:10:97:10 | b [array element] : | array_flow.rb:97:10:97:13 | ...[...] | +| array_flow.rb:98:10:98:10 | b [array element] : | array_flow.rb:98:10:98:13 | ...[...] | +| array_flow.rb:103:5:103:5 | [post] a [array element] : | array_flow.rb:104:10:104:10 | a [array element] : | +| array_flow.rb:103:5:103:5 | [post] a [array element] : | array_flow.rb:105:10:105:10 | a [array element] : | +| array_flow.rb:103:5:103:5 | [post] a [array element] : | array_flow.rb:106:10:106:10 | a [array element] : | +| array_flow.rb:103:15:103:24 | call to source : | array_flow.rb:103:5:103:5 | [post] a [array element] : | +| array_flow.rb:104:10:104:10 | a [array element] : | array_flow.rb:104:10:104:13 | ...[...] | +| array_flow.rb:105:10:105:10 | a [array element] : | array_flow.rb:105:10:105:13 | ...[...] | +| array_flow.rb:106:10:106:10 | a [array element] : | array_flow.rb:106:10:106:13 | ...[...] | +| array_flow.rb:111:5:111:5 | [post] a [array element] : | array_flow.rb:112:10:112:10 | a [array element] : | +| array_flow.rb:111:5:111:5 | [post] a [array element] : | array_flow.rb:113:10:113:10 | a [array element] : | +| array_flow.rb:111:5:111:5 | [post] a [array element] : | array_flow.rb:114:10:114:10 | a [array element] : | +| array_flow.rb:111:19:111:28 | call to source : | array_flow.rb:111:5:111:5 | [post] a [array element] : | +| array_flow.rb:112:10:112:10 | a [array element] : | array_flow.rb:112:10:112:13 | ...[...] | +| array_flow.rb:113:10:113:10 | a [array element] : | array_flow.rb:113:10:113:13 | ...[...] | +| array_flow.rb:114:10:114:10 | a [array element] : | array_flow.rb:114:10:114:13 | ...[...] | +| array_flow.rb:119:5:119:5 | [post] a [array element] : | array_flow.rb:120:10:120:10 | a [array element] : | +| array_flow.rb:119:5:119:5 | [post] a [array element] : | array_flow.rb:121:10:121:10 | a [array element] : | +| array_flow.rb:119:5:119:5 | [post] a [array element] : | array_flow.rb:122:10:122:10 | a [array element] : | +| array_flow.rb:119:15:119:24 | call to source : | array_flow.rb:119:5:119:5 | [post] a [array element] : | +| array_flow.rb:120:10:120:10 | a [array element] : | array_flow.rb:120:10:120:13 | ...[...] | +| array_flow.rb:121:10:121:10 | a [array element] : | array_flow.rb:121:10:121:13 | ...[...] | +| array_flow.rb:122:10:122:10 | a [array element] : | array_flow.rb:122:10:122:13 | ...[...] | +| array_flow.rb:127:5:127:5 | [post] a [array element] : | array_flow.rb:128:10:128:10 | a [array element] : | +| array_flow.rb:127:5:127:5 | [post] a [array element] : | array_flow.rb:129:10:129:10 | a [array element] : | +| array_flow.rb:127:5:127:5 | [post] a [array element] : | array_flow.rb:130:10:130:10 | a [array element] : | +| array_flow.rb:127:19:127:28 | call to source : | array_flow.rb:127:5:127:5 | [post] a [array element] : | +| array_flow.rb:128:10:128:10 | a [array element] : | array_flow.rb:128:10:128:13 | ...[...] | +| array_flow.rb:129:10:129:10 | a [array element] : | array_flow.rb:129:10:129:13 | ...[...] | +| array_flow.rb:130:10:130:10 | a [array element] : | array_flow.rb:130:10:130:13 | ...[...] | +| array_flow.rb:134:16:134:25 | call to source : | array_flow.rb:135:5:135:5 | a [array element 2] : | +| array_flow.rb:135:5:135:5 | a [array element 2] : | array_flow.rb:135:16:135:16 | x : | +| array_flow.rb:135:16:135:16 | x : | array_flow.rb:136:14:136:14 | x | +| array_flow.rb:141:16:141:25 | call to source : | array_flow.rb:142:5:142:5 | a [array element 2] : | +| array_flow.rb:142:5:142:5 | a [array element 2] : | array_flow.rb:142:16:142:16 | x : | +| array_flow.rb:142:16:142:16 | x : | array_flow.rb:143:14:143:14 | x | +| array_flow.rb:150:15:150:24 | call to source : | array_flow.rb:151:16:151:16 | c [array element 1] : | +| array_flow.rb:151:16:151:16 | c [array element 1] : | array_flow.rb:152:11:152:11 | d [array element 2, array element 1] : | +| array_flow.rb:151:16:151:16 | c [array element 1] : | array_flow.rb:153:11:153:11 | d [array element 2, array element 1] : | +| array_flow.rb:152:11:152:11 | d [array element 2, array element 1] : | array_flow.rb:152:11:152:22 | call to assoc [array element] : | +| array_flow.rb:152:11:152:22 | call to assoc [array element] : | array_flow.rb:152:11:152:25 | ...[...] : | +| array_flow.rb:152:11:152:25 | ...[...] : | array_flow.rb:152:10:152:26 | ( ... ) | +| array_flow.rb:153:11:153:11 | d [array element 2, array element 1] : | array_flow.rb:153:11:153:22 | call to assoc [array element] : | +| array_flow.rb:153:11:153:22 | call to assoc [array element] : | array_flow.rb:153:11:153:25 | ...[...] : | +| array_flow.rb:153:11:153:25 | ...[...] : | array_flow.rb:153:10:153:26 | ( ... ) | +| array_flow.rb:157:13:157:22 | call to source : | array_flow.rb:159:10:159:10 | a [array element 1] : | +| array_flow.rb:157:13:157:22 | call to source : | array_flow.rb:161:10:161:10 | a [array element 1] : | +| array_flow.rb:159:10:159:10 | a [array element 1] : | array_flow.rb:159:10:159:16 | call to at | +| array_flow.rb:161:10:161:10 | a [array element 1] : | array_flow.rb:161:10:161:16 | call to at | +| array_flow.rb:165:16:165:25 | call to source : | array_flow.rb:166:9:166:9 | a [array element 2] : | +| array_flow.rb:166:9:166:9 | a [array element 2] : | array_flow.rb:166:9:168:7 | call to bsearch : | +| array_flow.rb:166:9:166:9 | a [array element 2] : | array_flow.rb:166:23:166:23 | x : | +| array_flow.rb:166:9:168:7 | call to bsearch : | array_flow.rb:169:10:169:10 | b | +| array_flow.rb:166:23:166:23 | x : | array_flow.rb:167:14:167:14 | x | +| array_flow.rb:173:16:173:25 | call to source : | array_flow.rb:174:9:174:9 | a [array element 2] : | +| array_flow.rb:174:9:174:9 | a [array element 2] : | array_flow.rb:174:29:174:29 | x : | +| array_flow.rb:174:29:174:29 | x : | array_flow.rb:175:14:175:14 | x | +| array_flow.rb:187:16:187:25 | call to source : | array_flow.rb:188:9:188:9 | a [array element 2] : | +| array_flow.rb:188:9:188:9 | a [array element 2] : | array_flow.rb:188:9:191:7 | call to collect [array element] : | +| array_flow.rb:188:9:188:9 | a [array element 2] : | array_flow.rb:188:23:188:23 | x : | +| array_flow.rb:188:9:191:7 | call to collect [array element] : | array_flow.rb:192:10:192:10 | b [array element] : | +| array_flow.rb:188:23:188:23 | x : | array_flow.rb:189:14:189:14 | x | +| array_flow.rb:192:10:192:10 | b [array element] : | array_flow.rb:192:10:192:13 | ...[...] | +| array_flow.rb:196:16:196:25 | call to source : | array_flow.rb:197:9:197:9 | a [array element 2] : | +| array_flow.rb:197:9:197:9 | a [array element 2] : | array_flow.rb:197:9:200:7 | call to collect_concat [array element] : | +| array_flow.rb:197:9:197:9 | a [array element 2] : | array_flow.rb:197:30:197:30 | x : | +| array_flow.rb:197:9:200:7 | call to collect_concat [array element] : | array_flow.rb:201:10:201:10 | b [array element] : | +| array_flow.rb:197:30:197:30 | x : | array_flow.rb:198:14:198:14 | x | +| array_flow.rb:201:10:201:10 | b [array element] : | array_flow.rb:201:10:201:13 | ...[...] | +| array_flow.rb:205:16:205:25 | call to source : | array_flow.rb:206:5:206:5 | a [array element 2] : | +| array_flow.rb:206:5:206:5 | a [array element 2] : | array_flow.rb:206:26:206:26 | x [array element] : | +| array_flow.rb:206:26:206:26 | x [array element] : | array_flow.rb:207:14:207:14 | x [array element] : | +| array_flow.rb:207:14:207:14 | x [array element] : | array_flow.rb:207:14:207:17 | ...[...] | +| array_flow.rb:212:16:212:25 | call to source : | array_flow.rb:213:9:213:9 | a [array element 2] : | +| array_flow.rb:213:9:213:9 | a [array element 2] : | array_flow.rb:213:9:213:17 | call to compact [array element] : | +| array_flow.rb:213:9:213:17 | call to compact [array element] : | array_flow.rb:214:10:214:10 | b [array element] : | +| array_flow.rb:214:10:214:10 | b [array element] : | array_flow.rb:214:10:214:13 | ...[...] | +| array_flow.rb:218:16:218:27 | call to source : | array_flow.rb:222:10:222:10 | a [array element 2] : | +| array_flow.rb:219:16:219:27 | call to source : | array_flow.rb:220:14:220:14 | b [array element 2] : | +| array_flow.rb:220:5:220:5 | [post] a [array element] : | array_flow.rb:221:10:221:10 | a [array element] : | +| array_flow.rb:220:5:220:5 | [post] a [array element] : | array_flow.rb:222:10:222:10 | a [array element] : | +| array_flow.rb:220:14:220:14 | b [array element 2] : | array_flow.rb:220:5:220:5 | [post] a [array element] : | +| array_flow.rb:221:10:221:10 | a [array element] : | array_flow.rb:221:10:221:13 | ...[...] | +| array_flow.rb:222:10:222:10 | a [array element 2] : | array_flow.rb:222:10:222:13 | ...[...] | +| array_flow.rb:222:10:222:10 | a [array element] : | array_flow.rb:222:10:222:13 | ...[...] | +| array_flow.rb:226:16:226:25 | call to source : | array_flow.rb:227:5:227:5 | a [array element 2] : | +| array_flow.rb:227:5:227:5 | a [array element 2] : | array_flow.rb:227:17:227:17 | x : | +| array_flow.rb:227:17:227:17 | x : | array_flow.rb:228:14:228:14 | x | +| array_flow.rb:233:16:233:25 | call to source : | array_flow.rb:234:5:234:5 | a [array element 2] : | +| array_flow.rb:234:5:234:5 | a [array element 2] : | array_flow.rb:234:20:234:20 | x : | +| array_flow.rb:234:20:234:20 | x : | array_flow.rb:235:14:235:14 | x | +| array_flow.rb:240:16:240:27 | call to source : | array_flow.rb:241:9:241:9 | a [array element 2] : | +| array_flow.rb:241:9:241:9 | a [array element 2] : | array_flow.rb:241:9:241:36 | call to delete : | +| array_flow.rb:241:9:241:36 | call to delete : | array_flow.rb:242:10:242:10 | b | +| array_flow.rb:241:23:241:34 | call to source : | array_flow.rb:241:9:241:36 | call to delete : | +| array_flow.rb:246:16:246:25 | call to source : | array_flow.rb:247:9:247:9 | a [array element 2] : | +| array_flow.rb:247:9:247:9 | a [array element 2] : | array_flow.rb:247:9:247:22 | call to delete_at : | +| array_flow.rb:247:9:247:22 | call to delete_at : | array_flow.rb:248:10:248:10 | b | +| array_flow.rb:252:16:252:25 | call to source : | array_flow.rb:253:9:253:9 | a [array element 2] : | +| array_flow.rb:253:9:253:9 | a [array element 2] : | array_flow.rb:253:9:255:7 | call to delete_if [array element] : | +| array_flow.rb:253:9:253:9 | a [array element 2] : | array_flow.rb:253:25:253:25 | x : | +| array_flow.rb:253:9:255:7 | call to delete_if [array element] : | array_flow.rb:256:10:256:10 | b [array element] : | +| array_flow.rb:253:25:253:25 | x : | array_flow.rb:254:14:254:14 | x | +| array_flow.rb:256:10:256:10 | b [array element] : | array_flow.rb:256:10:256:13 | ...[...] | +| array_flow.rb:260:16:260:25 | call to source : | array_flow.rb:261:9:261:9 | a [array element 2] : | +| array_flow.rb:261:9:261:9 | a [array element 2] : | array_flow.rb:261:9:261:25 | call to difference [array element] : | +| array_flow.rb:261:9:261:25 | call to difference [array element] : | array_flow.rb:262:10:262:10 | b [array element] : | +| array_flow.rb:262:10:262:10 | b [array element] : | array_flow.rb:262:10:262:13 | ...[...] | +| array_flow.rb:266:16:266:27 | call to source : | array_flow.rb:268:10:268:10 | a [array element 2] : | +| array_flow.rb:266:16:266:27 | call to source : | array_flow.rb:269:10:269:10 | a [array element 2] : | +| array_flow.rb:266:34:266:45 | call to source : | array_flow.rb:271:10:271:10 | a [array element 3, array element 1] : | +| array_flow.rb:268:10:268:10 | a [array element 2] : | array_flow.rb:268:10:268:17 | call to dig | +| array_flow.rb:269:10:269:10 | a [array element 2] : | array_flow.rb:269:10:269:17 | call to dig | +| array_flow.rb:271:10:271:10 | a [array element 3, array element 1] : | array_flow.rb:271:10:271:19 | call to dig | +| array_flow.rb:275:16:275:27 | call to source : | array_flow.rb:276:9:276:9 | a [array element 2] : | +| array_flow.rb:276:9:276:9 | a [array element 2] : | array_flow.rb:276:9:278:7 | call to detect : | +| array_flow.rb:276:9:276:9 | a [array element 2] : | array_flow.rb:276:43:276:43 | x : | +| array_flow.rb:276:9:278:7 | call to detect : | array_flow.rb:279:10:279:10 | b | +| array_flow.rb:276:23:276:34 | call to source : | array_flow.rb:276:9:278:7 | call to detect : | +| array_flow.rb:276:43:276:43 | x : | array_flow.rb:277:14:277:14 | x | +| array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:284:9:284:9 | a [array element 2] : | +| array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:286:9:286:9 | a [array element 2] : | +| array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:291:9:291:9 | a [array element 2] : | +| array_flow.rb:283:30:283:41 | call to source : | array_flow.rb:284:9:284:9 | a [array element 3] : | +| array_flow.rb:283:30:283:41 | call to source : | array_flow.rb:286:9:286:9 | a [array element 3] : | +| array_flow.rb:284:9:284:9 | a [array element 2] : | array_flow.rb:284:9:284:17 | call to drop [array element] : | +| array_flow.rb:284:9:284:9 | a [array element 3] : | array_flow.rb:284:9:284:17 | call to drop [array element] : | +| array_flow.rb:284:9:284:17 | call to drop [array element] : | array_flow.rb:285:10:285:10 | b [array element] : | +| array_flow.rb:285:10:285:10 | b [array element] : | array_flow.rb:285:10:285:13 | ...[...] | +| array_flow.rb:286:9:286:9 | a [array element 2] : | array_flow.rb:286:9:286:17 | call to drop [array element 1] : | +| array_flow.rb:286:9:286:9 | a [array element 3] : | array_flow.rb:286:9:286:17 | call to drop [array element 2] : | +| array_flow.rb:286:9:286:17 | call to drop [array element 1] : | array_flow.rb:288:10:288:10 | b [array element 1] : | +| array_flow.rb:286:9:286:17 | call to drop [array element 1] : | array_flow.rb:289:10:289:10 | b [array element 1] : | +| array_flow.rb:286:9:286:17 | call to drop [array element 2] : | array_flow.rb:289:10:289:10 | b [array element 2] : | +| array_flow.rb:288:10:288:10 | b [array element 1] : | array_flow.rb:288:10:288:13 | ...[...] | +| array_flow.rb:289:10:289:10 | b [array element 1] : | array_flow.rb:289:10:289:13 | ...[...] | +| array_flow.rb:289:10:289:10 | b [array element 2] : | array_flow.rb:289:10:289:13 | ...[...] | +| array_flow.rb:290:5:290:5 | [post] a [array element] : | array_flow.rb:291:9:291:9 | a [array element] : | +| array_flow.rb:290:12:290:23 | call to source : | array_flow.rb:290:5:290:5 | [post] a [array element] : | +| array_flow.rb:291:9:291:9 | a [array element 2] : | array_flow.rb:291:9:291:17 | call to drop [array element 1] : | +| array_flow.rb:291:9:291:9 | a [array element] : | array_flow.rb:291:9:291:17 | call to drop [array element] : | +| array_flow.rb:291:9:291:17 | call to drop [array element 1] : | array_flow.rb:292:10:292:10 | b [array element 1] : | +| array_flow.rb:291:9:291:17 | call to drop [array element] : | array_flow.rb:292:10:292:10 | b [array element] : | +| array_flow.rb:291:9:291:17 | call to drop [array element] : | array_flow.rb:293:9:293:9 | b [array element] : | +| array_flow.rb:292:10:292:10 | b [array element 1] : | array_flow.rb:292:10:292:13 | ...[...] | +| array_flow.rb:292:10:292:10 | b [array element] : | array_flow.rb:292:10:292:13 | ...[...] | +| array_flow.rb:293:9:293:9 | b [array element] : | array_flow.rb:293:9:293:19 | call to drop [array element] : | +| array_flow.rb:293:9:293:19 | call to drop [array element] : | array_flow.rb:294:10:294:10 | c [array element] : | +| array_flow.rb:294:10:294:10 | c [array element] : | array_flow.rb:294:10:294:13 | ...[...] | +| array_flow.rb:298:16:298:27 | call to source : | array_flow.rb:299:9:299:9 | a [array element 2] : | +| array_flow.rb:298:30:298:41 | call to source : | array_flow.rb:299:9:299:9 | a [array element 3] : | +| array_flow.rb:299:9:299:9 | a [array element 2] : | array_flow.rb:299:9:301:7 | call to drop_while [array element] : | +| array_flow.rb:299:9:299:9 | a [array element 2] : | array_flow.rb:299:26:299:26 | x : | +| array_flow.rb:299:9:299:9 | a [array element 3] : | array_flow.rb:299:9:301:7 | call to drop_while [array element] : | +| array_flow.rb:299:9:299:9 | a [array element 3] : | array_flow.rb:299:26:299:26 | x : | +| array_flow.rb:299:9:301:7 | call to drop_while [array element] : | array_flow.rb:302:10:302:10 | b [array element] : | +| array_flow.rb:299:26:299:26 | x : | array_flow.rb:300:14:300:14 | x | +| array_flow.rb:302:10:302:10 | b [array element] : | array_flow.rb:302:10:302:13 | ...[...] | +| array_flow.rb:306:16:306:25 | call to source : | array_flow.rb:307:9:307:9 | a [array element 2] : | +| array_flow.rb:307:9:307:9 | a [array element 2] : | array_flow.rb:307:9:309:7 | call to each [array element 2] : | +| array_flow.rb:307:9:307:9 | a [array element 2] : | array_flow.rb:307:20:307:20 | x : | +| array_flow.rb:307:9:309:7 | call to each [array element 2] : | array_flow.rb:310:10:310:10 | b [array element 2] : | +| array_flow.rb:307:20:307:20 | x : | array_flow.rb:308:14:308:14 | x | +| array_flow.rb:310:10:310:10 | b [array element 2] : | array_flow.rb:310:10:310:13 | ...[...] | +| array_flow.rb:314:16:314:25 | call to source : | array_flow.rb:315:18:315:18 | a [array element 2] : | +| array_flow.rb:315:9:317:7 | ... = ... : | array_flow.rb:315:9:317:7 | call to each : | +| array_flow.rb:315:9:317:7 | __synth__0__1 : | array_flow.rb:315:9:317:7 | ... = ... : | +| array_flow.rb:315:9:317:7 | __synth__0__1 : | array_flow.rb:316:14:316:14 | x | +| array_flow.rb:315:9:317:7 | call to each : | array_flow.rb:318:10:318:10 | x | +| array_flow.rb:315:18:315:18 | a [array element 2] : | array_flow.rb:315:9:317:7 | __synth__0__1 : | +| array_flow.rb:315:18:315:18 | a [array element 2] : | array_flow.rb:319:10:319:10 | b [array element 2] : | +| array_flow.rb:319:10:319:10 | b [array element 2] : | array_flow.rb:319:10:319:13 | ...[...] | +| array_flow.rb:323:16:323:25 | call to source : | array_flow.rb:324:5:324:5 | a [array element 2] : | +| array_flow.rb:324:5:324:5 | a [array element 2] : | array_flow.rb:324:24:324:24 | x [array element] : | +| array_flow.rb:324:24:324:24 | x [array element] : | array_flow.rb:325:15:325:15 | x [array element] : | +| array_flow.rb:325:15:325:15 | x [array element] : | array_flow.rb:325:15:325:18 | ...[...] : | +| array_flow.rb:325:15:325:18 | ...[...] : | array_flow.rb:325:14:325:19 | ( ... ) | +| array_flow.rb:330:16:330:25 | call to source : | array_flow.rb:331:9:331:9 | a [array element 2] : | +| array_flow.rb:331:9:331:9 | a [array element 2] : | array_flow.rb:331:9:333:7 | call to each_entry [array element 2] : | +| array_flow.rb:331:9:331:9 | a [array element 2] : | array_flow.rb:331:26:331:26 | x : | +| array_flow.rb:331:9:333:7 | call to each_entry [array element 2] : | array_flow.rb:334:10:334:10 | b [array element 2] : | +| array_flow.rb:331:26:331:26 | x : | array_flow.rb:332:14:332:14 | x | +| array_flow.rb:334:10:334:10 | b [array element 2] : | array_flow.rb:334:10:334:13 | ...[...] | +| array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:339:9:339:9 | a [array element 2] : | +| array_flow.rb:339:9:339:9 | a [array element 2] : | array_flow.rb:339:9:341:7 | call to each_index [array element 2] : | +| array_flow.rb:339:9:341:7 | call to each_index [array element 2] : | array_flow.rb:342:10:342:10 | b [array element 2] : | +| array_flow.rb:342:10:342:10 | b [array element 2] : | array_flow.rb:342:10:342:13 | ...[...] | +| array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:347:9:347:9 | a [array element 3] : | +| array_flow.rb:347:9:347:9 | a [array element 3] : | array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | +| array_flow.rb:347:9:347:9 | a [array element 3] : | array_flow.rb:347:26:347:26 | x [array element] : | +| array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | array_flow.rb:350:10:350:10 | b [array element 3] : | +| array_flow.rb:347:26:347:26 | x [array element] : | array_flow.rb:348:14:348:14 | x [array element] : | +| array_flow.rb:348:14:348:14 | x [array element] : | array_flow.rb:348:14:348:17 | ...[...] | +| array_flow.rb:350:10:350:10 | b [array element 3] : | array_flow.rb:350:10:350:13 | ...[...] | +| array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:355:9:355:9 | a [array element 3] : | +| array_flow.rb:355:9:355:9 | a [array element 3] : | array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | +| array_flow.rb:355:9:355:9 | a [array element 3] : | array_flow.rb:355:31:355:31 | x : | +| array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | array_flow.rb:359:10:359:10 | b [array element 3] : | +| array_flow.rb:355:31:355:31 | x : | array_flow.rb:356:14:356:14 | x | +| array_flow.rb:359:10:359:10 | b [array element 3] : | array_flow.rb:359:10:359:13 | ...[...] | +| array_flow.rb:363:19:363:30 | call to source : | array_flow.rb:364:9:364:9 | a [array element 3] : | +| array_flow.rb:364:9:364:9 | a [array element 3] : | array_flow.rb:364:46:364:46 | x : | +| array_flow.rb:364:9:367:7 | call to each_with_object : | array_flow.rb:368:10:368:10 | b | +| array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:364:9:367:7 | call to each_with_object : | +| array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:364:48:364:48 | a : | +| array_flow.rb:364:46:364:46 | x : | array_flow.rb:365:14:365:14 | x | +| array_flow.rb:364:48:364:48 | a : | array_flow.rb:366:14:366:14 | a | +| array_flow.rb:372:19:372:30 | call to source : | array_flow.rb:373:9:373:9 | a [array element 3] : | +| array_flow.rb:373:9:373:9 | a [array element 3] : | array_flow.rb:373:9:375:7 | call to fetch : | +| array_flow.rb:373:9:375:7 | call to fetch : | array_flow.rb:376:10:376:10 | b | +| array_flow.rb:373:17:373:28 | call to source : | array_flow.rb:373:35:373:35 | x : | +| array_flow.rb:373:35:373:35 | x : | array_flow.rb:374:14:374:14 | x | +| array_flow.rb:380:19:380:30 | call to source : | array_flow.rb:382:10:382:10 | a [array element 3] : | +| array_flow.rb:381:5:381:5 | [post] a [array element] : | array_flow.rb:382:10:382:10 | a [array element] : | +| array_flow.rb:381:12:381:23 | call to source : | array_flow.rb:381:5:381:5 | [post] a [array element] : | +| array_flow.rb:382:10:382:10 | a [array element 3] : | array_flow.rb:382:10:382:13 | ...[...] | +| array_flow.rb:382:10:382:10 | a [array element] : | array_flow.rb:382:10:382:13 | ...[...] | +| array_flow.rb:383:5:383:5 | [post] a [array element] : | array_flow.rb:384:10:384:10 | a [array element] : | +| array_flow.rb:383:12:383:23 | call to source : | array_flow.rb:383:5:383:5 | [post] a [array element] : | +| array_flow.rb:384:10:384:10 | a [array element] : | array_flow.rb:384:10:384:13 | ...[...] | +| array_flow.rb:385:5:385:5 | [post] a [array element] : | array_flow.rb:388:10:388:10 | a [array element] : | +| array_flow.rb:385:5:385:5 | [post] a [array element] : | array_flow.rb:392:10:392:10 | a [array element] : | +| array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:385:5:385:5 | [post] a [array element] : | +| array_flow.rb:388:10:388:10 | a [array element] : | array_flow.rb:388:10:388:13 | ...[...] | +| array_flow.rb:389:5:389:5 | [post] a [array element] : | array_flow.rb:392:10:392:10 | a [array element] : | +| array_flow.rb:390:9:390:20 | call to source : | array_flow.rb:389:5:389:5 | [post] a [array element] : | +| array_flow.rb:392:10:392:10 | a [array element] : | array_flow.rb:392:10:392:13 | ...[...] | +| array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:397:9:397:9 | a [array element 3] : | +| array_flow.rb:397:9:397:9 | a [array element 3] : | array_flow.rb:397:9:399:7 | call to filter [array element] : | +| array_flow.rb:397:9:397:9 | a [array element 3] : | array_flow.rb:397:22:397:22 | x : | +| array_flow.rb:397:9:399:7 | call to filter [array element] : | array_flow.rb:400:10:400:10 | b [array element] : | +| array_flow.rb:397:22:397:22 | x : | array_flow.rb:398:14:398:14 | x | +| array_flow.rb:400:10:400:10 | b [array element] : | array_flow.rb:400:10:400:13 | ...[...] | +| array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:405:9:405:9 | a [array element 3] : | +| array_flow.rb:405:9:405:9 | a [array element 3] : | array_flow.rb:405:9:407:7 | call to filter_map [array element] : | +| array_flow.rb:405:9:405:9 | a [array element 3] : | array_flow.rb:405:26:405:26 | x : | +| array_flow.rb:405:9:407:7 | call to filter_map [array element] : | array_flow.rb:408:10:408:10 | b [array element] : | +| array_flow.rb:405:26:405:26 | x : | array_flow.rb:406:14:406:14 | x | +| array_flow.rb:408:10:408:10 | b [array element] : | array_flow.rb:408:10:408:13 | ...[...] | +| array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:413:9:413:9 | a [array element 3] : | +| array_flow.rb:413:9:413:9 | a [array element 3] : | array_flow.rb:413:9:415:7 | call to filter! [array element] : | +| array_flow.rb:413:9:413:9 | a [array element 3] : | array_flow.rb:413:23:413:23 | x : | +| array_flow.rb:413:9:415:7 | call to filter! [array element] : | array_flow.rb:416:10:416:10 | b [array element] : | +| array_flow.rb:413:23:413:23 | x : | array_flow.rb:414:14:414:14 | x | +| array_flow.rb:416:10:416:10 | b [array element] : | array_flow.rb:416:10:416:13 | ...[...] | +| array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:421:9:421:9 | a [array element 3] : | +| array_flow.rb:421:9:421:9 | a [array element 3] : | array_flow.rb:421:9:423:7 | call to find : | +| array_flow.rb:421:9:421:9 | a [array element 3] : | array_flow.rb:421:41:421:41 | x : | +| array_flow.rb:421:9:423:7 | call to find : | array_flow.rb:424:10:424:10 | b | +| array_flow.rb:421:21:421:32 | call to source : | array_flow.rb:421:9:423:7 | call to find : | +| array_flow.rb:421:41:421:41 | x : | array_flow.rb:422:14:422:14 | x | +| array_flow.rb:428:19:428:28 | call to source : | array_flow.rb:429:9:429:9 | a [array element 3] : | +| array_flow.rb:429:9:429:9 | a [array element 3] : | array_flow.rb:429:9:431:7 | call to find_all [array element] : | +| array_flow.rb:429:9:429:9 | a [array element 3] : | array_flow.rb:429:24:429:24 | x : | +| array_flow.rb:429:9:431:7 | call to find_all [array element] : | array_flow.rb:432:10:432:10 | b [array element] : | +| array_flow.rb:429:24:429:24 | x : | array_flow.rb:430:14:430:14 | x | +| array_flow.rb:432:10:432:10 | b [array element] : | array_flow.rb:432:10:432:13 | ...[...] | +| array_flow.rb:436:19:436:28 | call to source : | array_flow.rb:437:5:437:5 | a [array element 3] : | +| array_flow.rb:437:5:437:5 | a [array element 3] : | array_flow.rb:437:22:437:22 | x : | +| array_flow.rb:437:22:437:22 | x : | array_flow.rb:438:14:438:14 | x | +| array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:445:10:445:10 | a [array element 0] : | +| array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:446:9:446:9 | a [array element 0] : | +| array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:449:9:449:9 | a [array element 0] : | +| array_flow.rb:443:30:443:41 | call to source : | array_flow.rb:449:9:449:9 | a [array element 3] : | +| array_flow.rb:444:5:444:5 | [post] a [array element] : | array_flow.rb:445:10:445:10 | a [array element] : | +| array_flow.rb:444:5:444:5 | [post] a [array element] : | array_flow.rb:446:9:446:9 | a [array element] : | +| array_flow.rb:444:5:444:5 | [post] a [array element] : | array_flow.rb:449:9:449:9 | a [array element] : | +| array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:444:5:444:5 | [post] a [array element] : | +| array_flow.rb:445:10:445:10 | a [array element 0] : | array_flow.rb:445:10:445:16 | call to first | +| array_flow.rb:445:10:445:10 | a [array element] : | array_flow.rb:445:10:445:16 | call to first | +| array_flow.rb:446:9:446:9 | a [array element 0] : | array_flow.rb:446:9:446:18 | call to first [array element 0] : | +| array_flow.rb:446:9:446:9 | a [array element] : | array_flow.rb:446:9:446:18 | call to first [array element] : | +| array_flow.rb:446:9:446:18 | call to first [array element 0] : | array_flow.rb:447:10:447:10 | b [array element 0] : | +| array_flow.rb:446:9:446:18 | call to first [array element] : | array_flow.rb:447:10:447:10 | b [array element] : | +| array_flow.rb:446:9:446:18 | call to first [array element] : | array_flow.rb:448:10:448:10 | b [array element] : | +| array_flow.rb:447:10:447:10 | b [array element 0] : | array_flow.rb:447:10:447:13 | ...[...] | +| array_flow.rb:447:10:447:10 | b [array element] : | array_flow.rb:447:10:447:13 | ...[...] | +| array_flow.rb:448:10:448:10 | b [array element] : | array_flow.rb:448:10:448:13 | ...[...] | +| array_flow.rb:449:9:449:9 | a [array element 0] : | array_flow.rb:449:9:449:18 | call to first [array element 0] : | +| array_flow.rb:449:9:449:9 | a [array element 3] : | array_flow.rb:449:9:449:18 | call to first [array element 3] : | +| array_flow.rb:449:9:449:9 | a [array element] : | array_flow.rb:449:9:449:18 | call to first [array element] : | +| array_flow.rb:449:9:449:18 | call to first [array element 0] : | array_flow.rb:450:10:450:10 | c [array element 0] : | +| array_flow.rb:449:9:449:18 | call to first [array element 3] : | array_flow.rb:451:10:451:10 | c [array element 3] : | +| array_flow.rb:449:9:449:18 | call to first [array element] : | array_flow.rb:450:10:450:10 | c [array element] : | +| array_flow.rb:449:9:449:18 | call to first [array element] : | array_flow.rb:451:10:451:10 | c [array element] : | +| array_flow.rb:450:10:450:10 | c [array element 0] : | array_flow.rb:450:10:450:13 | ...[...] | +| array_flow.rb:450:10:450:10 | c [array element] : | array_flow.rb:450:10:450:13 | ...[...] | +| array_flow.rb:451:10:451:10 | c [array element 3] : | array_flow.rb:451:10:451:13 | ...[...] | +| array_flow.rb:451:10:451:10 | c [array element] : | array_flow.rb:451:10:451:13 | ...[...] | +| array_flow.rb:455:19:455:30 | call to source : | array_flow.rb:456:9:456:9 | a [array element 3] : | +| array_flow.rb:456:9:456:9 | a [array element 3] : | array_flow.rb:456:9:459:7 | call to flat_map [array element] : | +| array_flow.rb:456:9:456:9 | a [array element 3] : | array_flow.rb:456:24:456:24 | x : | +| array_flow.rb:456:9:459:7 | call to flat_map [array element] : | array_flow.rb:460:10:460:10 | b [array element] : | +| array_flow.rb:456:24:456:24 | x : | array_flow.rb:457:14:457:14 | x | +| array_flow.rb:458:13:458:24 | call to source : | array_flow.rb:456:9:459:7 | call to flat_map [array element] : | +| array_flow.rb:460:10:460:10 | b [array element] : | array_flow.rb:460:10:460:13 | ...[...] | +| array_flow.rb:464:20:464:29 | call to source : | array_flow.rb:465:9:465:9 | a [array element 2, array element 1] : | +| array_flow.rb:465:9:465:9 | a [array element 2, array element 1] : | array_flow.rb:465:9:465:17 | call to flatten [array element] : | +| array_flow.rb:465:9:465:17 | call to flatten [array element] : | array_flow.rb:466:10:466:10 | b [array element] : | +| array_flow.rb:466:10:466:10 | b [array element] : | array_flow.rb:466:10:466:13 | ...[...] | +| array_flow.rb:470:20:470:29 | call to source : | array_flow.rb:471:10:471:10 | a [array element 2, array element 1] : | +| array_flow.rb:470:20:470:29 | call to source : | array_flow.rb:472:5:472:5 | a [array element 2, array element 1] : | +| array_flow.rb:471:10:471:10 | a [array element 2, array element 1] : | array_flow.rb:471:10:471:13 | ...[...] [array element 1] : | +| array_flow.rb:471:10:471:13 | ...[...] [array element 1] : | array_flow.rb:471:10:471:16 | ...[...] | +| array_flow.rb:472:5:472:5 | [post] a [array element, array element 1] : | array_flow.rb:474:10:474:10 | a [array element, array element 1] : | +| array_flow.rb:472:5:472:5 | [post] a [array element] : | array_flow.rb:473:10:473:10 | a [array element] : | +| array_flow.rb:472:5:472:5 | a [array element 2, array element 1] : | array_flow.rb:472:5:472:5 | [post] a [array element, array element 1] : | +| array_flow.rb:472:5:472:5 | a [array element 2, array element 1] : | array_flow.rb:472:5:472:5 | [post] a [array element] : | +| array_flow.rb:473:10:473:10 | a [array element] : | array_flow.rb:473:10:473:13 | ...[...] | +| array_flow.rb:474:10:474:10 | a [array element, array element 1] : | array_flow.rb:474:10:474:13 | ...[...] [array element 1] : | +| array_flow.rb:474:10:474:13 | ...[...] [array element 1] : | array_flow.rb:474:10:474:16 | ...[...] | +| array_flow.rb:478:19:478:30 | call to source : | array_flow.rb:479:9:479:9 | a [array element 3] : | +| array_flow.rb:478:19:478:30 | call to source : | array_flow.rb:481:9:481:9 | a [array element 3] : | +| array_flow.rb:479:9:479:9 | a [array element 3] : | array_flow.rb:479:9:479:20 | call to grep [array element] : | +| array_flow.rb:479:9:479:20 | call to grep [array element] : | array_flow.rb:480:10:480:10 | b [array element] : | +| array_flow.rb:480:10:480:10 | b [array element] : | array_flow.rb:480:10:480:13 | ...[...] | +| array_flow.rb:481:9:481:9 | a [array element 3] : | array_flow.rb:481:26:481:26 | x : | +| array_flow.rb:481:9:484:7 | call to grep [array element] : | array_flow.rb:485:10:485:10 | b [array element] : | +| array_flow.rb:481:26:481:26 | x : | array_flow.rb:482:14:482:14 | x | +| array_flow.rb:483:9:483:20 | call to source : | array_flow.rb:481:9:484:7 | call to grep [array element] : | +| array_flow.rb:485:10:485:10 | b [array element] : | array_flow.rb:485:10:485:13 | ...[...] | +| array_flow.rb:489:19:489:30 | call to source : | array_flow.rb:490:9:490:9 | a [array element 3] : | +| array_flow.rb:489:19:489:30 | call to source : | array_flow.rb:492:9:492:9 | a [array element 3] : | +| array_flow.rb:490:9:490:9 | a [array element 3] : | array_flow.rb:490:9:490:21 | call to grep_v [array element] : | +| array_flow.rb:490:9:490:21 | call to grep_v [array element] : | array_flow.rb:491:10:491:10 | b [array element] : | +| array_flow.rb:491:10:491:10 | b [array element] : | array_flow.rb:491:10:491:13 | ...[...] | +| array_flow.rb:492:9:492:9 | a [array element 3] : | array_flow.rb:492:27:492:27 | x : | +| array_flow.rb:492:9:495:7 | call to grep_v [array element] : | array_flow.rb:496:10:496:10 | b [array element] : | +| array_flow.rb:492:27:492:27 | x : | array_flow.rb:493:14:493:14 | x | +| array_flow.rb:494:9:494:20 | call to source : | array_flow.rb:492:9:495:7 | call to grep_v [array element] : | +| array_flow.rb:496:10:496:10 | b [array element] : | array_flow.rb:496:10:496:13 | ...[...] | +| array_flow.rb:500:19:500:28 | call to source : | array_flow.rb:501:5:501:5 | a [array element 3] : | +| array_flow.rb:501:5:501:5 | a [array element 3] : | array_flow.rb:501:17:501:17 | x : | +| array_flow.rb:501:17:501:17 | x : | array_flow.rb:502:14:502:14 | x | +| array_flow.rb:508:5:508:5 | [post] a [array element 0] : | array_flow.rb:509:10:509:10 | a [array element 0] : | +| array_flow.rb:508:24:508:35 | call to source : | array_flow.rb:508:5:508:5 | [post] a [array element 0] : | +| array_flow.rb:509:10:509:10 | a [array element 0] : | array_flow.rb:509:10:509:13 | ...[...] | +| array_flow.rb:515:16:515:29 | call to source : | array_flow.rb:516:5:516:5 | a [array element 2] : | +| array_flow.rb:516:5:516:5 | [post] a [array element 2] : | array_flow.rb:519:10:519:10 | a [array element 2] : | +| array_flow.rb:516:5:516:5 | [post] a [array element 5] : | array_flow.rb:522:10:522:10 | a [array element 5] : | +| array_flow.rb:516:5:516:5 | a [array element 2] : | array_flow.rb:516:5:516:5 | [post] a [array element 5] : | +| array_flow.rb:516:21:516:34 | call to source : | array_flow.rb:516:5:516:5 | [post] a [array element 2] : | +| array_flow.rb:519:10:519:10 | a [array element 2] : | array_flow.rb:519:10:519:13 | ...[...] | +| array_flow.rb:522:10:522:10 | a [array element 5] : | array_flow.rb:522:10:522:13 | ...[...] | +nodes +| array_flow.rb:2:9:2:18 | * ... [array element 0] : | semmle.label | * ... [array element 0] : | +| array_flow.rb:2:10:2:18 | call to source : | semmle.label | call to source : | +| array_flow.rb:3:10:3:10 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:3:10:3:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:5:10:5:10 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:5:10:5:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:9:13:9:21 | call to source : | semmle.label | call to source : | +| array_flow.rb:11:10:11:10 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:11:10:11:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:13:10:13:10 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:13:10:13:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:17:9:17:33 | call to new [array element] : | semmle.label | call to new [array element] : | +| array_flow.rb:17:22:17:32 | call to source : | semmle.label | call to source : | +| array_flow.rb:18:10:18:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:18:10:18:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:19:10:19:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:19:10:19:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:21:9:21:20 | call to new [array element] : | semmle.label | call to new [array element] : | +| array_flow.rb:21:19:21:19 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:22:10:22:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:22:10:22:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:23:10:23:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:23:10:23:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:25:9:27:7 | call to new [array element] : | semmle.label | call to new [array element] : | +| array_flow.rb:26:9:26:19 | call to source : | semmle.label | call to source : | +| array_flow.rb:28:10:28:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:28:10:28:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:29:10:29:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:29:10:29:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:33:10:33:18 | call to source : | semmle.label | call to source : | +| array_flow.rb:34:9:34:28 | call to try_convert [array element 0] : | semmle.label | call to try_convert [array element 0] : | +| array_flow.rb:34:27:34:27 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:35:10:35:10 | b [array element 0] : | semmle.label | b [array element 0] : | +| array_flow.rb:35:10:35:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:40:10:40:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:41:16:41:26 | call to source : | semmle.label | call to source : | +| array_flow.rb:42:9:42:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:42:9:42:13 | ... & ... [array element] : | semmle.label | ... & ... [array element] : | +| array_flow.rb:42:13:42:13 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:43:10:43:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:43:10:43:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:44:10:44:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:44:10:44:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:48:10:48:18 | call to source : | semmle.label | call to source : | +| array_flow.rb:49:9:49:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:49:9:49:13 | ... * ... [array element] : | semmle.label | ... * ... [array element] : | +| array_flow.rb:50:10:50:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:50:10:50:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:51:10:51:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:51:10:51:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:55:10:55:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:56:13:56:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:57:9:57:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:57:9:57:13 | ... + ... [array element 0] : | semmle.label | ... + ... [array element 0] : | +| array_flow.rb:57:9:57:13 | ... + ... [array element] : | semmle.label | ... + ... [array element] : | +| array_flow.rb:57:13:57:13 | b [array element 1] : | semmle.label | b [array element 1] : | +| array_flow.rb:58:10:58:10 | c [array element 0] : | semmle.label | c [array element 0] : | +| array_flow.rb:58:10:58:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:58:10:58:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:59:10:59:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:59:10:59:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:63:10:63:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:65:9:65:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:65:9:65:13 | ... - ... [array element] : | semmle.label | ... - ... [array element] : | +| array_flow.rb:66:10:66:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:66:10:66:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:67:10:67:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:67:10:67:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:71:10:71:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:72:9:72:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:72:9:72:24 | ... << ... [array element 0] : | semmle.label | ... << ... [array element 0] : | +| array_flow.rb:72:9:72:24 | ... << ... [array element] : | semmle.label | ... << ... [array element] : | +| array_flow.rb:72:14:72:24 | call to source : | semmle.label | call to source : | +| array_flow.rb:73:10:73:10 | b [array element 0] : | semmle.label | b [array element 0] : | +| array_flow.rb:73:10:73:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:73:10:73:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:74:10:74:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:74:10:74:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:78:13:78:21 | call to source : | semmle.label | call to source : | +| array_flow.rb:79:15:79:15 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:81:10:81:10 | c | semmle.label | c | +| array_flow.rb:86:13:86:22 | call to source : | semmle.label | call to source : | +| array_flow.rb:87:9:87:9 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:87:9:87:15 | ...[...] [array element] : | semmle.label | ...[...] [array element] : | +| array_flow.rb:88:10:88:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:88:10:88:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:89:10:89:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:89:10:89:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:90:10:90:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:90:10:90:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:94:13:94:22 | call to source : | semmle.label | call to source : | +| array_flow.rb:95:9:95:9 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:95:9:95:15 | ...[...] [array element] : | semmle.label | ...[...] [array element] : | +| array_flow.rb:96:10:96:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:96:10:96:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:97:10:97:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:97:10:97:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:98:10:98:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:98:10:98:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:103:5:103:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:103:15:103:24 | call to source : | semmle.label | call to source : | +| array_flow.rb:104:10:104:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:104:10:104:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:105:10:105:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:105:10:105:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:106:10:106:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:106:10:106:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:111:5:111:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:111:19:111:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:112:10:112:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:112:10:112:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:113:10:113:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:113:10:113:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:114:10:114:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:114:10:114:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:119:5:119:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:119:15:119:24 | call to source : | semmle.label | call to source : | +| array_flow.rb:120:10:120:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:120:10:120:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:121:10:121:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:121:10:121:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:122:10:122:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:122:10:122:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:127:5:127:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:127:19:127:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:128:10:128:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:128:10:128:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:129:10:129:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:129:10:129:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:130:10:130:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:130:10:130:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:134:16:134:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:135:5:135:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:135:16:135:16 | x : | semmle.label | x : | +| array_flow.rb:136:14:136:14 | x | semmle.label | x | +| array_flow.rb:141:16:141:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:142:5:142:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:142:16:142:16 | x : | semmle.label | x : | +| array_flow.rb:143:14:143:14 | x | semmle.label | x | +| array_flow.rb:150:15:150:24 | call to source : | semmle.label | call to source : | +| array_flow.rb:151:16:151:16 | c [array element 1] : | semmle.label | c [array element 1] : | +| array_flow.rb:152:10:152:26 | ( ... ) | semmle.label | ( ... ) | +| array_flow.rb:152:11:152:11 | d [array element 2, array element 1] : | semmle.label | d [array element 2, array element 1] : | +| array_flow.rb:152:11:152:22 | call to assoc [array element] : | semmle.label | call to assoc [array element] : | +| array_flow.rb:152:11:152:25 | ...[...] : | semmle.label | ...[...] : | +| array_flow.rb:153:10:153:26 | ( ... ) | semmle.label | ( ... ) | +| array_flow.rb:153:11:153:11 | d [array element 2, array element 1] : | semmle.label | d [array element 2, array element 1] : | +| array_flow.rb:153:11:153:22 | call to assoc [array element] : | semmle.label | call to assoc [array element] : | +| array_flow.rb:153:11:153:25 | ...[...] : | semmle.label | ...[...] : | +| array_flow.rb:157:13:157:22 | call to source : | semmle.label | call to source : | +| array_flow.rb:159:10:159:10 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:159:10:159:16 | call to at | semmle.label | call to at | +| array_flow.rb:161:10:161:10 | a [array element 1] : | semmle.label | a [array element 1] : | +| array_flow.rb:161:10:161:16 | call to at | semmle.label | call to at | +| array_flow.rb:165:16:165:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:166:9:166:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:166:9:168:7 | call to bsearch : | semmle.label | call to bsearch : | +| array_flow.rb:166:23:166:23 | x : | semmle.label | x : | +| array_flow.rb:167:14:167:14 | x | semmle.label | x | +| array_flow.rb:169:10:169:10 | b | semmle.label | b | +| array_flow.rb:173:16:173:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:174:9:174:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:174:29:174:29 | x : | semmle.label | x : | +| array_flow.rb:175:14:175:14 | x | semmle.label | x | +| array_flow.rb:187:16:187:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:188:9:188:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:188:9:191:7 | call to collect [array element] : | semmle.label | call to collect [array element] : | +| array_flow.rb:188:23:188:23 | x : | semmle.label | x : | +| array_flow.rb:189:14:189:14 | x | semmle.label | x | +| array_flow.rb:192:10:192:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:192:10:192:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:196:16:196:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:197:9:197:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:197:9:200:7 | call to collect_concat [array element] : | semmle.label | call to collect_concat [array element] : | +| array_flow.rb:197:30:197:30 | x : | semmle.label | x : | +| array_flow.rb:198:14:198:14 | x | semmle.label | x | +| array_flow.rb:201:10:201:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:201:10:201:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:205:16:205:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:206:5:206:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:206:26:206:26 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:207:14:207:14 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:207:14:207:17 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:212:16:212:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:213:9:213:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:213:9:213:17 | call to compact [array element] : | semmle.label | call to compact [array element] : | +| array_flow.rb:214:10:214:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:214:10:214:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:218:16:218:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:219:16:219:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:220:5:220:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:220:14:220:14 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:221:10:221:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:221:10:221:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:222:10:222:10 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:222:10:222:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:222:10:222:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:226:16:226:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:227:5:227:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:227:17:227:17 | x : | semmle.label | x : | +| array_flow.rb:228:14:228:14 | x | semmle.label | x | +| array_flow.rb:233:16:233:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:234:5:234:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:234:20:234:20 | x : | semmle.label | x : | +| array_flow.rb:235:14:235:14 | x | semmle.label | x | +| array_flow.rb:240:16:240:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:241:9:241:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:241:9:241:36 | call to delete : | semmle.label | call to delete : | +| array_flow.rb:241:23:241:34 | call to source : | semmle.label | call to source : | +| array_flow.rb:242:10:242:10 | b | semmle.label | b | +| array_flow.rb:246:16:246:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:247:9:247:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:247:9:247:22 | call to delete_at : | semmle.label | call to delete_at : | +| array_flow.rb:248:10:248:10 | b | semmle.label | b | +| array_flow.rb:252:16:252:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:253:9:253:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:253:9:255:7 | call to delete_if [array element] : | semmle.label | call to delete_if [array element] : | +| array_flow.rb:253:25:253:25 | x : | semmle.label | x : | +| array_flow.rb:254:14:254:14 | x | semmle.label | x | +| array_flow.rb:256:10:256:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:256:10:256:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:260:16:260:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:261:9:261:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:261:9:261:25 | call to difference [array element] : | semmle.label | call to difference [array element] : | +| array_flow.rb:262:10:262:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:262:10:262:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:266:16:266:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:266:34:266:45 | call to source : | semmle.label | call to source : | +| array_flow.rb:268:10:268:10 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:268:10:268:17 | call to dig | semmle.label | call to dig | +| array_flow.rb:269:10:269:10 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:269:10:269:17 | call to dig | semmle.label | call to dig | +| array_flow.rb:271:10:271:10 | a [array element 3, array element 1] : | semmle.label | a [array element 3, array element 1] : | +| array_flow.rb:271:10:271:19 | call to dig | semmle.label | call to dig | +| array_flow.rb:275:16:275:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:276:9:276:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:276:9:278:7 | call to detect : | semmle.label | call to detect : | +| array_flow.rb:276:23:276:34 | call to source : | semmle.label | call to source : | +| array_flow.rb:276:43:276:43 | x : | semmle.label | x : | +| array_flow.rb:277:14:277:14 | x | semmle.label | x | +| array_flow.rb:279:10:279:10 | b | semmle.label | b | +| array_flow.rb:283:16:283:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:283:30:283:41 | call to source : | semmle.label | call to source : | +| array_flow.rb:284:9:284:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:284:9:284:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:284:9:284:17 | call to drop [array element] : | semmle.label | call to drop [array element] : | +| array_flow.rb:285:10:285:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:285:10:285:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:286:9:286:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:286:9:286:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:286:9:286:17 | call to drop [array element 1] : | semmle.label | call to drop [array element 1] : | +| array_flow.rb:286:9:286:17 | call to drop [array element 2] : | semmle.label | call to drop [array element 2] : | +| array_flow.rb:288:10:288:10 | b [array element 1] : | semmle.label | b [array element 1] : | +| array_flow.rb:288:10:288:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:289:10:289:10 | b [array element 1] : | semmle.label | b [array element 1] : | +| array_flow.rb:289:10:289:10 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:289:10:289:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:290:5:290:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:290:12:290:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:291:9:291:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:291:9:291:9 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:291:9:291:17 | call to drop [array element 1] : | semmle.label | call to drop [array element 1] : | +| array_flow.rb:291:9:291:17 | call to drop [array element] : | semmle.label | call to drop [array element] : | +| array_flow.rb:292:10:292:10 | b [array element 1] : | semmle.label | b [array element 1] : | +| array_flow.rb:292:10:292:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:292:10:292:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:293:9:293:9 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:293:9:293:19 | call to drop [array element] : | semmle.label | call to drop [array element] : | +| array_flow.rb:294:10:294:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:294:10:294:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:298:16:298:27 | call to source : | semmle.label | call to source : | +| array_flow.rb:298:30:298:41 | call to source : | semmle.label | call to source : | +| array_flow.rb:299:9:299:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:299:9:299:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:299:9:301:7 | call to drop_while [array element] : | semmle.label | call to drop_while [array element] : | +| array_flow.rb:299:26:299:26 | x : | semmle.label | x : | +| array_flow.rb:300:14:300:14 | x | semmle.label | x | +| array_flow.rb:302:10:302:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:302:10:302:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:306:16:306:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:307:9:307:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:307:9:309:7 | call to each [array element 2] : | semmle.label | call to each [array element 2] : | +| array_flow.rb:307:20:307:20 | x : | semmle.label | x : | +| array_flow.rb:308:14:308:14 | x | semmle.label | x | +| array_flow.rb:310:10:310:10 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:310:10:310:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:314:16:314:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:315:9:317:7 | ... = ... : | semmle.label | ... = ... : | +| array_flow.rb:315:9:317:7 | __synth__0__1 : | semmle.label | __synth__0__1 : | +| array_flow.rb:315:9:317:7 | call to each : | semmle.label | call to each : | +| array_flow.rb:315:18:315:18 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:316:14:316:14 | x | semmle.label | x | +| array_flow.rb:318:10:318:10 | x | semmle.label | x | +| array_flow.rb:319:10:319:10 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:319:10:319:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:323:16:323:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:324:5:324:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:324:24:324:24 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:325:14:325:19 | ( ... ) | semmle.label | ( ... ) | +| array_flow.rb:325:15:325:15 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:325:15:325:18 | ...[...] : | semmle.label | ...[...] : | +| array_flow.rb:330:16:330:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:331:9:331:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:331:9:333:7 | call to each_entry [array element 2] : | semmle.label | call to each_entry [array element 2] : | +| array_flow.rb:331:26:331:26 | x : | semmle.label | x : | +| array_flow.rb:332:14:332:14 | x | semmle.label | x | +| array_flow.rb:334:10:334:10 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:334:10:334:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:338:16:338:25 | call to source : | semmle.label | call to source : | +| array_flow.rb:339:9:339:9 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:339:9:341:7 | call to each_index [array element 2] : | semmle.label | call to each_index [array element 2] : | +| array_flow.rb:342:10:342:10 | b [array element 2] : | semmle.label | b [array element 2] : | +| array_flow.rb:342:10:342:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:346:19:346:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:347:9:347:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | semmle.label | call to each_slice [array element 3] : | +| array_flow.rb:347:26:347:26 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:348:14:348:14 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:348:14:348:17 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:350:10:350:10 | b [array element 3] : | semmle.label | b [array element 3] : | +| array_flow.rb:350:10:350:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:354:19:354:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:355:9:355:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | semmle.label | call to each_with_index [array element 3] : | +| array_flow.rb:355:31:355:31 | x : | semmle.label | x : | +| array_flow.rb:356:14:356:14 | x | semmle.label | x | +| array_flow.rb:359:10:359:10 | b [array element 3] : | semmle.label | b [array element 3] : | +| array_flow.rb:359:10:359:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:363:19:363:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:364:9:364:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:364:9:367:7 | call to each_with_object : | semmle.label | call to each_with_object : | +| array_flow.rb:364:28:364:39 | call to source : | semmle.label | call to source : | +| array_flow.rb:364:46:364:46 | x : | semmle.label | x : | +| array_flow.rb:364:48:364:48 | a : | semmle.label | a : | +| array_flow.rb:365:14:365:14 | x | semmle.label | x | +| array_flow.rb:366:14:366:14 | a | semmle.label | a | +| array_flow.rb:368:10:368:10 | b | semmle.label | b | +| array_flow.rb:372:19:372:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:373:9:373:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:373:9:375:7 | call to fetch : | semmle.label | call to fetch : | +| array_flow.rb:373:17:373:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:373:35:373:35 | x : | semmle.label | x : | +| array_flow.rb:374:14:374:14 | x | semmle.label | x | +| array_flow.rb:376:10:376:10 | b | semmle.label | b | +| array_flow.rb:380:19:380:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:381:5:381:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:381:12:381:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:382:10:382:10 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:382:10:382:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:382:10:382:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:383:5:383:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:383:12:383:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:384:10:384:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:384:10:384:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:385:5:385:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:386:9:386:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:388:10:388:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:388:10:388:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:389:5:389:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:390:9:390:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:392:10:392:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:392:10:392:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:396:19:396:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:397:9:397:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:397:9:399:7 | call to filter [array element] : | semmle.label | call to filter [array element] : | +| array_flow.rb:397:22:397:22 | x : | semmle.label | x : | +| array_flow.rb:398:14:398:14 | x | semmle.label | x | +| array_flow.rb:400:10:400:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:400:10:400:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:404:19:404:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:405:9:405:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:405:9:407:7 | call to filter_map [array element] : | semmle.label | call to filter_map [array element] : | +| array_flow.rb:405:26:405:26 | x : | semmle.label | x : | +| array_flow.rb:406:14:406:14 | x | semmle.label | x | +| array_flow.rb:408:10:408:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:408:10:408:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:412:19:412:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:413:9:413:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:413:9:415:7 | call to filter! [array element] : | semmle.label | call to filter! [array element] : | +| array_flow.rb:413:23:413:23 | x : | semmle.label | x : | +| array_flow.rb:414:14:414:14 | x | semmle.label | x | +| array_flow.rb:416:10:416:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:416:10:416:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:420:19:420:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:421:9:421:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:421:9:423:7 | call to find : | semmle.label | call to find : | +| array_flow.rb:421:21:421:32 | call to source : | semmle.label | call to source : | +| array_flow.rb:421:41:421:41 | x : | semmle.label | x : | +| array_flow.rb:422:14:422:14 | x | semmle.label | x | +| array_flow.rb:424:10:424:10 | b | semmle.label | b | +| array_flow.rb:428:19:428:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:429:9:429:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:429:9:431:7 | call to find_all [array element] : | semmle.label | call to find_all [array element] : | +| array_flow.rb:429:24:429:24 | x : | semmle.label | x : | +| array_flow.rb:430:14:430:14 | x | semmle.label | x | +| array_flow.rb:432:10:432:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:432:10:432:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:436:19:436:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:437:5:437:5 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:437:22:437:22 | x : | semmle.label | x : | +| array_flow.rb:438:14:438:14 | x | semmle.label | x | +| array_flow.rb:443:10:443:21 | call to source : | semmle.label | call to source : | +| array_flow.rb:443:30:443:41 | call to source : | semmle.label | call to source : | +| array_flow.rb:444:5:444:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:444:12:444:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:445:10:445:10 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:445:10:445:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:445:10:445:16 | call to first | semmle.label | call to first | +| array_flow.rb:446:9:446:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:446:9:446:9 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:446:9:446:18 | call to first [array element 0] : | semmle.label | call to first [array element 0] : | +| array_flow.rb:446:9:446:18 | call to first [array element] : | semmle.label | call to first [array element] : | +| array_flow.rb:447:10:447:10 | b [array element 0] : | semmle.label | b [array element 0] : | +| array_flow.rb:447:10:447:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:447:10:447:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:448:10:448:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:448:10:448:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:449:9:449:9 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:449:9:449:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:449:9:449:9 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:449:9:449:18 | call to first [array element 0] : | semmle.label | call to first [array element 0] : | +| array_flow.rb:449:9:449:18 | call to first [array element 3] : | semmle.label | call to first [array element 3] : | +| array_flow.rb:449:9:449:18 | call to first [array element] : | semmle.label | call to first [array element] : | +| array_flow.rb:450:10:450:10 | c [array element 0] : | semmle.label | c [array element 0] : | +| array_flow.rb:450:10:450:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:450:10:450:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:451:10:451:10 | c [array element 3] : | semmle.label | c [array element 3] : | +| array_flow.rb:451:10:451:10 | c [array element] : | semmle.label | c [array element] : | +| array_flow.rb:451:10:451:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:455:19:455:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:456:9:456:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:456:9:459:7 | call to flat_map [array element] : | semmle.label | call to flat_map [array element] : | +| array_flow.rb:456:24:456:24 | x : | semmle.label | x : | +| array_flow.rb:457:14:457:14 | x | semmle.label | x | +| array_flow.rb:458:13:458:24 | call to source : | semmle.label | call to source : | +| array_flow.rb:460:10:460:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:460:10:460:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:464:20:464:29 | call to source : | semmle.label | call to source : | +| array_flow.rb:465:9:465:9 | a [array element 2, array element 1] : | semmle.label | a [array element 2, array element 1] : | +| array_flow.rb:465:9:465:17 | call to flatten [array element] : | semmle.label | call to flatten [array element] : | +| array_flow.rb:466:10:466:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:466:10:466:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:470:20:470:29 | call to source : | semmle.label | call to source : | +| array_flow.rb:471:10:471:10 | a [array element 2, array element 1] : | semmle.label | a [array element 2, array element 1] : | +| array_flow.rb:471:10:471:13 | ...[...] [array element 1] : | semmle.label | ...[...] [array element 1] : | +| array_flow.rb:471:10:471:16 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:472:5:472:5 | [post] a [array element, array element 1] : | semmle.label | [post] a [array element, array element 1] : | +| array_flow.rb:472:5:472:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:472:5:472:5 | a [array element 2, array element 1] : | semmle.label | a [array element 2, array element 1] : | +| array_flow.rb:473:10:473:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:473:10:473:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:474:10:474:10 | a [array element, array element 1] : | semmle.label | a [array element, array element 1] : | +| array_flow.rb:474:10:474:13 | ...[...] [array element 1] : | semmle.label | ...[...] [array element 1] : | +| array_flow.rb:474:10:474:16 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:478:19:478:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:479:9:479:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:479:9:479:20 | call to grep [array element] : | semmle.label | call to grep [array element] : | +| array_flow.rb:480:10:480:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:480:10:480:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:481:9:481:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:481:9:484:7 | call to grep [array element] : | semmle.label | call to grep [array element] : | +| array_flow.rb:481:26:481:26 | x : | semmle.label | x : | +| array_flow.rb:482:14:482:14 | x | semmle.label | x | +| array_flow.rb:483:9:483:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:485:10:485:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:485:10:485:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:489:19:489:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:490:9:490:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:490:9:490:21 | call to grep_v [array element] : | semmle.label | call to grep_v [array element] : | +| array_flow.rb:491:10:491:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:491:10:491:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:492:9:492:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:492:9:495:7 | call to grep_v [array element] : | semmle.label | call to grep_v [array element] : | +| array_flow.rb:492:27:492:27 | x : | semmle.label | x : | +| array_flow.rb:493:14:493:14 | x | semmle.label | x | +| array_flow.rb:494:9:494:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:496:10:496:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:496:10:496:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:500:19:500:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:501:5:501:5 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:501:17:501:17 | x : | semmle.label | x : | +| array_flow.rb:502:14:502:14 | x | semmle.label | x | +| array_flow.rb:508:5:508:5 | [post] a [array element 0] : | semmle.label | [post] a [array element 0] : | +| array_flow.rb:508:24:508:35 | call to source : | semmle.label | call to source : | +| array_flow.rb:509:10:509:10 | a [array element 0] : | semmle.label | a [array element 0] : | +| array_flow.rb:509:10:509:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:515:16:515:29 | call to source : | semmle.label | call to source : | +| array_flow.rb:516:5:516:5 | [post] a [array element 2] : | semmle.label | [post] a [array element 2] : | +| array_flow.rb:516:5:516:5 | [post] a [array element 5] : | semmle.label | [post] a [array element 5] : | +| array_flow.rb:516:5:516:5 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:516:21:516:34 | call to source : | semmle.label | call to source : | +| array_flow.rb:519:10:519:10 | a [array element 2] : | semmle.label | a [array element 2] : | +| array_flow.rb:519:10:519:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:522:10:522:10 | a [array element 5] : | semmle.label | a [array element 5] : | +| array_flow.rb:522:10:522:13 | ...[...] | semmle.label | ...[...] | +subpaths +#select +| array_flow.rb:3:10:3:13 | ...[...] | array_flow.rb:2:10:2:18 | call to source : | array_flow.rb:3:10:3:13 | ...[...] | $@ | array_flow.rb:2:10:2:18 | call to source : | call to source : | +| array_flow.rb:5:10:5:13 | ...[...] | array_flow.rb:2:10:2:18 | call to source : | array_flow.rb:5:10:5:13 | ...[...] | $@ | array_flow.rb:2:10:2:18 | call to source : | call to source : | +| array_flow.rb:11:10:11:13 | ...[...] | array_flow.rb:9:13:9:21 | call to source : | array_flow.rb:11:10:11:13 | ...[...] | $@ | array_flow.rb:9:13:9:21 | call to source : | call to source : | +| array_flow.rb:13:10:13:13 | ...[...] | array_flow.rb:9:13:9:21 | call to source : | array_flow.rb:13:10:13:13 | ...[...] | $@ | array_flow.rb:9:13:9:21 | call to source : | call to source : | +| array_flow.rb:18:10:18:13 | ...[...] | array_flow.rb:17:22:17:32 | call to source : | array_flow.rb:18:10:18:13 | ...[...] | $@ | array_flow.rb:17:22:17:32 | call to source : | call to source : | +| array_flow.rb:19:10:19:13 | ...[...] | array_flow.rb:17:22:17:32 | call to source : | array_flow.rb:19:10:19:13 | ...[...] | $@ | array_flow.rb:17:22:17:32 | call to source : | call to source : | +| array_flow.rb:22:10:22:13 | ...[...] | array_flow.rb:17:22:17:32 | call to source : | array_flow.rb:22:10:22:13 | ...[...] | $@ | array_flow.rb:17:22:17:32 | call to source : | call to source : | +| array_flow.rb:23:10:23:13 | ...[...] | array_flow.rb:17:22:17:32 | call to source : | array_flow.rb:23:10:23:13 | ...[...] | $@ | array_flow.rb:17:22:17:32 | call to source : | call to source : | +| array_flow.rb:28:10:28:13 | ...[...] | array_flow.rb:26:9:26:19 | call to source : | array_flow.rb:28:10:28:13 | ...[...] | $@ | array_flow.rb:26:9:26:19 | call to source : | call to source : | +| array_flow.rb:29:10:29:13 | ...[...] | array_flow.rb:26:9:26:19 | call to source : | array_flow.rb:29:10:29:13 | ...[...] | $@ | array_flow.rb:26:9:26:19 | call to source : | call to source : | +| array_flow.rb:35:10:35:13 | ...[...] | array_flow.rb:33:10:33:18 | call to source : | array_flow.rb:35:10:35:13 | ...[...] | $@ | array_flow.rb:33:10:33:18 | call to source : | call to source : | +| array_flow.rb:43:10:43:13 | ...[...] | array_flow.rb:40:10:40:20 | call to source : | array_flow.rb:43:10:43:13 | ...[...] | $@ | array_flow.rb:40:10:40:20 | call to source : | call to source : | +| array_flow.rb:43:10:43:13 | ...[...] | array_flow.rb:41:16:41:26 | call to source : | array_flow.rb:43:10:43:13 | ...[...] | $@ | array_flow.rb:41:16:41:26 | call to source : | call to source : | +| array_flow.rb:44:10:44:13 | ...[...] | array_flow.rb:40:10:40:20 | call to source : | array_flow.rb:44:10:44:13 | ...[...] | $@ | array_flow.rb:40:10:40:20 | call to source : | call to source : | +| array_flow.rb:44:10:44:13 | ...[...] | array_flow.rb:41:16:41:26 | call to source : | array_flow.rb:44:10:44:13 | ...[...] | $@ | array_flow.rb:41:16:41:26 | call to source : | call to source : | +| array_flow.rb:50:10:50:13 | ...[...] | array_flow.rb:48:10:48:18 | call to source : | array_flow.rb:50:10:50:13 | ...[...] | $@ | array_flow.rb:48:10:48:18 | call to source : | call to source : | +| array_flow.rb:51:10:51:13 | ...[...] | array_flow.rb:48:10:48:18 | call to source : | array_flow.rb:51:10:51:13 | ...[...] | $@ | array_flow.rb:48:10:48:18 | call to source : | call to source : | +| array_flow.rb:58:10:58:13 | ...[...] | array_flow.rb:55:10:55:20 | call to source : | array_flow.rb:58:10:58:13 | ...[...] | $@ | array_flow.rb:55:10:55:20 | call to source : | call to source : | +| array_flow.rb:58:10:58:13 | ...[...] | array_flow.rb:56:13:56:23 | call to source : | array_flow.rb:58:10:58:13 | ...[...] | $@ | array_flow.rb:56:13:56:23 | call to source : | call to source : | +| array_flow.rb:59:10:59:13 | ...[...] | array_flow.rb:56:13:56:23 | call to source : | array_flow.rb:59:10:59:13 | ...[...] | $@ | array_flow.rb:56:13:56:23 | call to source : | call to source : | +| array_flow.rb:66:10:66:13 | ...[...] | array_flow.rb:63:10:63:20 | call to source : | array_flow.rb:66:10:66:13 | ...[...] | $@ | array_flow.rb:63:10:63:20 | call to source : | call to source : | +| array_flow.rb:67:10:67:13 | ...[...] | array_flow.rb:63:10:63:20 | call to source : | array_flow.rb:67:10:67:13 | ...[...] | $@ | array_flow.rb:63:10:63:20 | call to source : | call to source : | +| array_flow.rb:73:10:73:13 | ...[...] | array_flow.rb:71:10:71:20 | call to source : | array_flow.rb:73:10:73:13 | ...[...] | $@ | array_flow.rb:71:10:71:20 | call to source : | call to source : | +| array_flow.rb:73:10:73:13 | ...[...] | array_flow.rb:72:14:72:24 | call to source : | array_flow.rb:73:10:73:13 | ...[...] | $@ | array_flow.rb:72:14:72:24 | call to source : | call to source : | +| array_flow.rb:74:10:74:13 | ...[...] | array_flow.rb:72:14:72:24 | call to source : | array_flow.rb:74:10:74:13 | ...[...] | $@ | array_flow.rb:72:14:72:24 | call to source : | call to source : | +| array_flow.rb:81:10:81:10 | c | array_flow.rb:78:13:78:21 | call to source : | array_flow.rb:81:10:81:10 | c | $@ | array_flow.rb:78:13:78:21 | call to source : | call to source : | +| array_flow.rb:88:10:88:13 | ...[...] | array_flow.rb:86:13:86:22 | call to source : | array_flow.rb:88:10:88:13 | ...[...] | $@ | array_flow.rb:86:13:86:22 | call to source : | call to source : | +| array_flow.rb:89:10:89:13 | ...[...] | array_flow.rb:86:13:86:22 | call to source : | array_flow.rb:89:10:89:13 | ...[...] | $@ | array_flow.rb:86:13:86:22 | call to source : | call to source : | +| array_flow.rb:90:10:90:13 | ...[...] | array_flow.rb:86:13:86:22 | call to source : | array_flow.rb:90:10:90:13 | ...[...] | $@ | array_flow.rb:86:13:86:22 | call to source : | call to source : | +| array_flow.rb:96:10:96:13 | ...[...] | array_flow.rb:94:13:94:22 | call to source : | array_flow.rb:96:10:96:13 | ...[...] | $@ | array_flow.rb:94:13:94:22 | call to source : | call to source : | +| array_flow.rb:97:10:97:13 | ...[...] | array_flow.rb:94:13:94:22 | call to source : | array_flow.rb:97:10:97:13 | ...[...] | $@ | array_flow.rb:94:13:94:22 | call to source : | call to source : | +| array_flow.rb:98:10:98:13 | ...[...] | array_flow.rb:94:13:94:22 | call to source : | array_flow.rb:98:10:98:13 | ...[...] | $@ | array_flow.rb:94:13:94:22 | call to source : | call to source : | +| array_flow.rb:104:10:104:13 | ...[...] | array_flow.rb:103:15:103:24 | call to source : | array_flow.rb:104:10:104:13 | ...[...] | $@ | array_flow.rb:103:15:103:24 | call to source : | call to source : | +| array_flow.rb:105:10:105:13 | ...[...] | array_flow.rb:103:15:103:24 | call to source : | array_flow.rb:105:10:105:13 | ...[...] | $@ | array_flow.rb:103:15:103:24 | call to source : | call to source : | +| array_flow.rb:106:10:106:13 | ...[...] | array_flow.rb:103:15:103:24 | call to source : | array_flow.rb:106:10:106:13 | ...[...] | $@ | array_flow.rb:103:15:103:24 | call to source : | call to source : | +| array_flow.rb:112:10:112:13 | ...[...] | array_flow.rb:111:19:111:28 | call to source : | array_flow.rb:112:10:112:13 | ...[...] | $@ | array_flow.rb:111:19:111:28 | call to source : | call to source : | +| array_flow.rb:113:10:113:13 | ...[...] | array_flow.rb:111:19:111:28 | call to source : | array_flow.rb:113:10:113:13 | ...[...] | $@ | array_flow.rb:111:19:111:28 | call to source : | call to source : | +| array_flow.rb:114:10:114:13 | ...[...] | array_flow.rb:111:19:111:28 | call to source : | array_flow.rb:114:10:114:13 | ...[...] | $@ | array_flow.rb:111:19:111:28 | call to source : | call to source : | +| array_flow.rb:120:10:120:13 | ...[...] | array_flow.rb:119:15:119:24 | call to source : | array_flow.rb:120:10:120:13 | ...[...] | $@ | array_flow.rb:119:15:119:24 | call to source : | call to source : | +| array_flow.rb:121:10:121:13 | ...[...] | array_flow.rb:119:15:119:24 | call to source : | array_flow.rb:121:10:121:13 | ...[...] | $@ | array_flow.rb:119:15:119:24 | call to source : | call to source : | +| array_flow.rb:122:10:122:13 | ...[...] | array_flow.rb:119:15:119:24 | call to source : | array_flow.rb:122:10:122:13 | ...[...] | $@ | array_flow.rb:119:15:119:24 | call to source : | call to source : | +| array_flow.rb:128:10:128:13 | ...[...] | array_flow.rb:127:19:127:28 | call to source : | array_flow.rb:128:10:128:13 | ...[...] | $@ | array_flow.rb:127:19:127:28 | call to source : | call to source : | +| array_flow.rb:129:10:129:13 | ...[...] | array_flow.rb:127:19:127:28 | call to source : | array_flow.rb:129:10:129:13 | ...[...] | $@ | array_flow.rb:127:19:127:28 | call to source : | call to source : | +| array_flow.rb:130:10:130:13 | ...[...] | array_flow.rb:127:19:127:28 | call to source : | array_flow.rb:130:10:130:13 | ...[...] | $@ | array_flow.rb:127:19:127:28 | call to source : | call to source : | +| array_flow.rb:136:14:136:14 | x | array_flow.rb:134:16:134:25 | call to source : | array_flow.rb:136:14:136:14 | x | $@ | array_flow.rb:134:16:134:25 | call to source : | call to source : | +| array_flow.rb:143:14:143:14 | x | array_flow.rb:141:16:141:25 | call to source : | array_flow.rb:143:14:143:14 | x | $@ | array_flow.rb:141:16:141:25 | call to source : | call to source : | +| array_flow.rb:152:10:152:26 | ( ... ) | array_flow.rb:150:15:150:24 | call to source : | array_flow.rb:152:10:152:26 | ( ... ) | $@ | array_flow.rb:150:15:150:24 | call to source : | call to source : | +| array_flow.rb:153:10:153:26 | ( ... ) | array_flow.rb:150:15:150:24 | call to source : | array_flow.rb:153:10:153:26 | ( ... ) | $@ | array_flow.rb:150:15:150:24 | call to source : | call to source : | +| array_flow.rb:159:10:159:16 | call to at | array_flow.rb:157:13:157:22 | call to source : | array_flow.rb:159:10:159:16 | call to at | $@ | array_flow.rb:157:13:157:22 | call to source : | call to source : | +| array_flow.rb:161:10:161:16 | call to at | array_flow.rb:157:13:157:22 | call to source : | array_flow.rb:161:10:161:16 | call to at | $@ | array_flow.rb:157:13:157:22 | call to source : | call to source : | +| array_flow.rb:167:14:167:14 | x | array_flow.rb:165:16:165:25 | call to source : | array_flow.rb:167:14:167:14 | x | $@ | array_flow.rb:165:16:165:25 | call to source : | call to source : | +| array_flow.rb:169:10:169:10 | b | array_flow.rb:165:16:165:25 | call to source : | array_flow.rb:169:10:169:10 | b | $@ | array_flow.rb:165:16:165:25 | call to source : | call to source : | +| array_flow.rb:175:14:175:14 | x | array_flow.rb:173:16:173:25 | call to source : | array_flow.rb:175:14:175:14 | x | $@ | array_flow.rb:173:16:173:25 | call to source : | call to source : | +| array_flow.rb:189:14:189:14 | x | array_flow.rb:187:16:187:25 | call to source : | array_flow.rb:189:14:189:14 | x | $@ | array_flow.rb:187:16:187:25 | call to source : | call to source : | +| array_flow.rb:192:10:192:13 | ...[...] | array_flow.rb:187:16:187:25 | call to source : | array_flow.rb:192:10:192:13 | ...[...] | $@ | array_flow.rb:187:16:187:25 | call to source : | call to source : | +| array_flow.rb:198:14:198:14 | x | array_flow.rb:196:16:196:25 | call to source : | array_flow.rb:198:14:198:14 | x | $@ | array_flow.rb:196:16:196:25 | call to source : | call to source : | +| array_flow.rb:201:10:201:13 | ...[...] | array_flow.rb:196:16:196:25 | call to source : | array_flow.rb:201:10:201:13 | ...[...] | $@ | array_flow.rb:196:16:196:25 | call to source : | call to source : | +| array_flow.rb:207:14:207:17 | ...[...] | array_flow.rb:205:16:205:25 | call to source : | array_flow.rb:207:14:207:17 | ...[...] | $@ | array_flow.rb:205:16:205:25 | call to source : | call to source : | +| array_flow.rb:214:10:214:13 | ...[...] | array_flow.rb:212:16:212:25 | call to source : | array_flow.rb:214:10:214:13 | ...[...] | $@ | array_flow.rb:212:16:212:25 | call to source : | call to source : | +| array_flow.rb:221:10:221:13 | ...[...] | array_flow.rb:219:16:219:27 | call to source : | array_flow.rb:221:10:221:13 | ...[...] | $@ | array_flow.rb:219:16:219:27 | call to source : | call to source : | +| array_flow.rb:222:10:222:13 | ...[...] | array_flow.rb:218:16:218:27 | call to source : | array_flow.rb:222:10:222:13 | ...[...] | $@ | array_flow.rb:218:16:218:27 | call to source : | call to source : | +| array_flow.rb:222:10:222:13 | ...[...] | array_flow.rb:219:16:219:27 | call to source : | array_flow.rb:222:10:222:13 | ...[...] | $@ | array_flow.rb:219:16:219:27 | call to source : | call to source : | +| array_flow.rb:228:14:228:14 | x | array_flow.rb:226:16:226:25 | call to source : | array_flow.rb:228:14:228:14 | x | $@ | array_flow.rb:226:16:226:25 | call to source : | call to source : | +| array_flow.rb:235:14:235:14 | x | array_flow.rb:233:16:233:25 | call to source : | array_flow.rb:235:14:235:14 | x | $@ | array_flow.rb:233:16:233:25 | call to source : | call to source : | +| array_flow.rb:242:10:242:10 | b | array_flow.rb:240:16:240:27 | call to source : | array_flow.rb:242:10:242:10 | b | $@ | array_flow.rb:240:16:240:27 | call to source : | call to source : | +| array_flow.rb:242:10:242:10 | b | array_flow.rb:241:23:241:34 | call to source : | array_flow.rb:242:10:242:10 | b | $@ | array_flow.rb:241:23:241:34 | call to source : | call to source : | +| array_flow.rb:248:10:248:10 | b | array_flow.rb:246:16:246:25 | call to source : | array_flow.rb:248:10:248:10 | b | $@ | array_flow.rb:246:16:246:25 | call to source : | call to source : | +| array_flow.rb:254:14:254:14 | x | array_flow.rb:252:16:252:25 | call to source : | array_flow.rb:254:14:254:14 | x | $@ | array_flow.rb:252:16:252:25 | call to source : | call to source : | +| array_flow.rb:256:10:256:13 | ...[...] | array_flow.rb:252:16:252:25 | call to source : | array_flow.rb:256:10:256:13 | ...[...] | $@ | array_flow.rb:252:16:252:25 | call to source : | call to source : | +| array_flow.rb:262:10:262:13 | ...[...] | array_flow.rb:260:16:260:25 | call to source : | array_flow.rb:262:10:262:13 | ...[...] | $@ | array_flow.rb:260:16:260:25 | call to source : | call to source : | +| array_flow.rb:268:10:268:17 | call to dig | array_flow.rb:266:16:266:27 | call to source : | array_flow.rb:268:10:268:17 | call to dig | $@ | array_flow.rb:266:16:266:27 | call to source : | call to source : | +| array_flow.rb:269:10:269:17 | call to dig | array_flow.rb:266:16:266:27 | call to source : | array_flow.rb:269:10:269:17 | call to dig | $@ | array_flow.rb:266:16:266:27 | call to source : | call to source : | +| array_flow.rb:271:10:271:19 | call to dig | array_flow.rb:266:34:266:45 | call to source : | array_flow.rb:271:10:271:19 | call to dig | $@ | array_flow.rb:266:34:266:45 | call to source : | call to source : | +| array_flow.rb:277:14:277:14 | x | array_flow.rb:275:16:275:27 | call to source : | array_flow.rb:277:14:277:14 | x | $@ | array_flow.rb:275:16:275:27 | call to source : | call to source : | +| array_flow.rb:279:10:279:10 | b | array_flow.rb:275:16:275:27 | call to source : | array_flow.rb:279:10:279:10 | b | $@ | array_flow.rb:275:16:275:27 | call to source : | call to source : | +| array_flow.rb:279:10:279:10 | b | array_flow.rb:276:23:276:34 | call to source : | array_flow.rb:279:10:279:10 | b | $@ | array_flow.rb:276:23:276:34 | call to source : | call to source : | +| array_flow.rb:285:10:285:13 | ...[...] | array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:285:10:285:13 | ...[...] | $@ | array_flow.rb:283:16:283:27 | call to source : | call to source : | +| array_flow.rb:285:10:285:13 | ...[...] | array_flow.rb:283:30:283:41 | call to source : | array_flow.rb:285:10:285:13 | ...[...] | $@ | array_flow.rb:283:30:283:41 | call to source : | call to source : | +| array_flow.rb:288:10:288:13 | ...[...] | array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:288:10:288:13 | ...[...] | $@ | array_flow.rb:283:16:283:27 | call to source : | call to source : | +| array_flow.rb:289:10:289:13 | ...[...] | array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:289:10:289:13 | ...[...] | $@ | array_flow.rb:283:16:283:27 | call to source : | call to source : | +| array_flow.rb:289:10:289:13 | ...[...] | array_flow.rb:283:30:283:41 | call to source : | array_flow.rb:289:10:289:13 | ...[...] | $@ | array_flow.rb:283:30:283:41 | call to source : | call to source : | +| array_flow.rb:292:10:292:13 | ...[...] | array_flow.rb:283:16:283:27 | call to source : | array_flow.rb:292:10:292:13 | ...[...] | $@ | array_flow.rb:283:16:283:27 | call to source : | call to source : | +| array_flow.rb:292:10:292:13 | ...[...] | array_flow.rb:290:12:290:23 | call to source : | array_flow.rb:292:10:292:13 | ...[...] | $@ | array_flow.rb:290:12:290:23 | call to source : | call to source : | +| array_flow.rb:294:10:294:13 | ...[...] | array_flow.rb:290:12:290:23 | call to source : | array_flow.rb:294:10:294:13 | ...[...] | $@ | array_flow.rb:290:12:290:23 | call to source : | call to source : | +| array_flow.rb:300:14:300:14 | x | array_flow.rb:298:16:298:27 | call to source : | array_flow.rb:300:14:300:14 | x | $@ | array_flow.rb:298:16:298:27 | call to source : | call to source : | +| array_flow.rb:300:14:300:14 | x | array_flow.rb:298:30:298:41 | call to source : | array_flow.rb:300:14:300:14 | x | $@ | array_flow.rb:298:30:298:41 | call to source : | call to source : | +| array_flow.rb:302:10:302:13 | ...[...] | array_flow.rb:298:16:298:27 | call to source : | array_flow.rb:302:10:302:13 | ...[...] | $@ | array_flow.rb:298:16:298:27 | call to source : | call to source : | +| array_flow.rb:302:10:302:13 | ...[...] | array_flow.rb:298:30:298:41 | call to source : | array_flow.rb:302:10:302:13 | ...[...] | $@ | array_flow.rb:298:30:298:41 | call to source : | call to source : | +| array_flow.rb:308:14:308:14 | x | array_flow.rb:306:16:306:25 | call to source : | array_flow.rb:308:14:308:14 | x | $@ | array_flow.rb:306:16:306:25 | call to source : | call to source : | +| array_flow.rb:310:10:310:13 | ...[...] | array_flow.rb:306:16:306:25 | call to source : | array_flow.rb:310:10:310:13 | ...[...] | $@ | array_flow.rb:306:16:306:25 | call to source : | call to source : | +| array_flow.rb:316:14:316:14 | x | array_flow.rb:314:16:314:25 | call to source : | array_flow.rb:316:14:316:14 | x | $@ | array_flow.rb:314:16:314:25 | call to source : | call to source : | +| array_flow.rb:318:10:318:10 | x | array_flow.rb:314:16:314:25 | call to source : | array_flow.rb:318:10:318:10 | x | $@ | array_flow.rb:314:16:314:25 | call to source : | call to source : | +| array_flow.rb:319:10:319:13 | ...[...] | array_flow.rb:314:16:314:25 | call to source : | array_flow.rb:319:10:319:13 | ...[...] | $@ | array_flow.rb:314:16:314:25 | call to source : | call to source : | +| array_flow.rb:325:14:325:19 | ( ... ) | array_flow.rb:323:16:323:25 | call to source : | array_flow.rb:325:14:325:19 | ( ... ) | $@ | array_flow.rb:323:16:323:25 | call to source : | call to source : | +| array_flow.rb:332:14:332:14 | x | array_flow.rb:330:16:330:25 | call to source : | array_flow.rb:332:14:332:14 | x | $@ | array_flow.rb:330:16:330:25 | call to source : | call to source : | +| array_flow.rb:334:10:334:13 | ...[...] | array_flow.rb:330:16:330:25 | call to source : | array_flow.rb:334:10:334:13 | ...[...] | $@ | array_flow.rb:330:16:330:25 | call to source : | call to source : | +| array_flow.rb:342:10:342:13 | ...[...] | array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:342:10:342:13 | ...[...] | $@ | array_flow.rb:338:16:338:25 | call to source : | call to source : | +| array_flow.rb:348:14:348:17 | ...[...] | array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:348:14:348:17 | ...[...] | $@ | array_flow.rb:346:19:346:28 | call to source : | call to source : | +| array_flow.rb:350:10:350:13 | ...[...] | array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:350:10:350:13 | ...[...] | $@ | array_flow.rb:346:19:346:28 | call to source : | call to source : | +| array_flow.rb:356:14:356:14 | x | array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:356:14:356:14 | x | $@ | array_flow.rb:354:19:354:28 | call to source : | call to source : | +| array_flow.rb:359:10:359:13 | ...[...] | array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:359:10:359:13 | ...[...] | $@ | array_flow.rb:354:19:354:28 | call to source : | call to source : | +| array_flow.rb:365:14:365:14 | x | array_flow.rb:363:19:363:30 | call to source : | array_flow.rb:365:14:365:14 | x | $@ | array_flow.rb:363:19:363:30 | call to source : | call to source : | +| array_flow.rb:366:14:366:14 | a | array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:366:14:366:14 | a | $@ | array_flow.rb:364:28:364:39 | call to source : | call to source : | +| array_flow.rb:368:10:368:10 | b | array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:368:10:368:10 | b | $@ | array_flow.rb:364:28:364:39 | call to source : | call to source : | +| array_flow.rb:374:14:374:14 | x | array_flow.rb:373:17:373:28 | call to source : | array_flow.rb:374:14:374:14 | x | $@ | array_flow.rb:373:17:373:28 | call to source : | call to source : | +| array_flow.rb:376:10:376:10 | b | array_flow.rb:372:19:372:30 | call to source : | array_flow.rb:376:10:376:10 | b | $@ | array_flow.rb:372:19:372:30 | call to source : | call to source : | +| array_flow.rb:382:10:382:13 | ...[...] | array_flow.rb:380:19:380:30 | call to source : | array_flow.rb:382:10:382:13 | ...[...] | $@ | array_flow.rb:380:19:380:30 | call to source : | call to source : | +| array_flow.rb:382:10:382:13 | ...[...] | array_flow.rb:381:12:381:23 | call to source : | array_flow.rb:382:10:382:13 | ...[...] | $@ | array_flow.rb:381:12:381:23 | call to source : | call to source : | +| array_flow.rb:384:10:384:13 | ...[...] | array_flow.rb:383:12:383:23 | call to source : | array_flow.rb:384:10:384:13 | ...[...] | $@ | array_flow.rb:383:12:383:23 | call to source : | call to source : | +| array_flow.rb:388:10:388:13 | ...[...] | array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:388:10:388:13 | ...[...] | $@ | array_flow.rb:386:9:386:20 | call to source : | call to source : | +| array_flow.rb:392:10:392:13 | ...[...] | array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:392:10:392:13 | ...[...] | $@ | array_flow.rb:386:9:386:20 | call to source : | call to source : | +| array_flow.rb:392:10:392:13 | ...[...] | array_flow.rb:390:9:390:20 | call to source : | array_flow.rb:392:10:392:13 | ...[...] | $@ | array_flow.rb:390:9:390:20 | call to source : | call to source : | +| array_flow.rb:398:14:398:14 | x | array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:398:14:398:14 | x | $@ | array_flow.rb:396:19:396:28 | call to source : | call to source : | +| array_flow.rb:400:10:400:13 | ...[...] | array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:400:10:400:13 | ...[...] | $@ | array_flow.rb:396:19:396:28 | call to source : | call to source : | +| array_flow.rb:406:14:406:14 | x | array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:406:14:406:14 | x | $@ | array_flow.rb:404:19:404:28 | call to source : | call to source : | +| array_flow.rb:408:10:408:13 | ...[...] | array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:408:10:408:13 | ...[...] | $@ | array_flow.rb:404:19:404:28 | call to source : | call to source : | +| array_flow.rb:414:14:414:14 | x | array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:414:14:414:14 | x | $@ | array_flow.rb:412:19:412:28 | call to source : | call to source : | +| array_flow.rb:416:10:416:13 | ...[...] | array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:416:10:416:13 | ...[...] | $@ | array_flow.rb:412:19:412:28 | call to source : | call to source : | +| array_flow.rb:422:14:422:14 | x | array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:422:14:422:14 | x | $@ | array_flow.rb:420:19:420:30 | call to source : | call to source : | +| array_flow.rb:424:10:424:10 | b | array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:424:10:424:10 | b | $@ | array_flow.rb:420:19:420:30 | call to source : | call to source : | +| array_flow.rb:424:10:424:10 | b | array_flow.rb:421:21:421:32 | call to source : | array_flow.rb:424:10:424:10 | b | $@ | array_flow.rb:421:21:421:32 | call to source : | call to source : | +| array_flow.rb:430:14:430:14 | x | array_flow.rb:428:19:428:28 | call to source : | array_flow.rb:430:14:430:14 | x | $@ | array_flow.rb:428:19:428:28 | call to source : | call to source : | +| array_flow.rb:432:10:432:13 | ...[...] | array_flow.rb:428:19:428:28 | call to source : | array_flow.rb:432:10:432:13 | ...[...] | $@ | array_flow.rb:428:19:428:28 | call to source : | call to source : | +| array_flow.rb:438:14:438:14 | x | array_flow.rb:436:19:436:28 | call to source : | array_flow.rb:438:14:438:14 | x | $@ | array_flow.rb:436:19:436:28 | call to source : | call to source : | +| array_flow.rb:445:10:445:16 | call to first | array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:445:10:445:16 | call to first | $@ | array_flow.rb:443:10:443:21 | call to source : | call to source : | +| array_flow.rb:445:10:445:16 | call to first | array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:445:10:445:16 | call to first | $@ | array_flow.rb:444:12:444:23 | call to source : | call to source : | +| array_flow.rb:447:10:447:13 | ...[...] | array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:447:10:447:13 | ...[...] | $@ | array_flow.rb:443:10:443:21 | call to source : | call to source : | +| array_flow.rb:447:10:447:13 | ...[...] | array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:447:10:447:13 | ...[...] | $@ | array_flow.rb:444:12:444:23 | call to source : | call to source : | +| array_flow.rb:448:10:448:13 | ...[...] | array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:448:10:448:13 | ...[...] | $@ | array_flow.rb:444:12:444:23 | call to source : | call to source : | +| array_flow.rb:450:10:450:13 | ...[...] | array_flow.rb:443:10:443:21 | call to source : | array_flow.rb:450:10:450:13 | ...[...] | $@ | array_flow.rb:443:10:443:21 | call to source : | call to source : | +| array_flow.rb:450:10:450:13 | ...[...] | array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:450:10:450:13 | ...[...] | $@ | array_flow.rb:444:12:444:23 | call to source : | call to source : | +| array_flow.rb:451:10:451:13 | ...[...] | array_flow.rb:443:30:443:41 | call to source : | array_flow.rb:451:10:451:13 | ...[...] | $@ | array_flow.rb:443:30:443:41 | call to source : | call to source : | +| array_flow.rb:451:10:451:13 | ...[...] | array_flow.rb:444:12:444:23 | call to source : | array_flow.rb:451:10:451:13 | ...[...] | $@ | array_flow.rb:444:12:444:23 | call to source : | call to source : | +| array_flow.rb:457:14:457:14 | x | array_flow.rb:455:19:455:30 | call to source : | array_flow.rb:457:14:457:14 | x | $@ | array_flow.rb:455:19:455:30 | call to source : | call to source : | +| array_flow.rb:460:10:460:13 | ...[...] | array_flow.rb:455:19:455:30 | call to source : | array_flow.rb:460:10:460:13 | ...[...] | $@ | array_flow.rb:455:19:455:30 | call to source : | call to source : | +| array_flow.rb:460:10:460:13 | ...[...] | array_flow.rb:458:13:458:24 | call to source : | array_flow.rb:460:10:460:13 | ...[...] | $@ | array_flow.rb:458:13:458:24 | call to source : | call to source : | +| array_flow.rb:466:10:466:13 | ...[...] | array_flow.rb:464:20:464:29 | call to source : | array_flow.rb:466:10:466:13 | ...[...] | $@ | array_flow.rb:464:20:464:29 | call to source : | call to source : | +| array_flow.rb:471:10:471:16 | ...[...] | array_flow.rb:470:20:470:29 | call to source : | array_flow.rb:471:10:471:16 | ...[...] | $@ | array_flow.rb:470:20:470:29 | call to source : | call to source : | +| array_flow.rb:473:10:473:13 | ...[...] | array_flow.rb:470:20:470:29 | call to source : | array_flow.rb:473:10:473:13 | ...[...] | $@ | array_flow.rb:470:20:470:29 | call to source : | call to source : | +| array_flow.rb:474:10:474:16 | ...[...] | array_flow.rb:470:20:470:29 | call to source : | array_flow.rb:474:10:474:16 | ...[...] | $@ | array_flow.rb:470:20:470:29 | call to source : | call to source : | +| array_flow.rb:480:10:480:13 | ...[...] | array_flow.rb:478:19:478:30 | call to source : | array_flow.rb:480:10:480:13 | ...[...] | $@ | array_flow.rb:478:19:478:30 | call to source : | call to source : | +| array_flow.rb:482:14:482:14 | x | array_flow.rb:478:19:478:30 | call to source : | array_flow.rb:482:14:482:14 | x | $@ | array_flow.rb:478:19:478:30 | call to source : | call to source : | +| array_flow.rb:485:10:485:13 | ...[...] | array_flow.rb:483:9:483:20 | call to source : | array_flow.rb:485:10:485:13 | ...[...] | $@ | array_flow.rb:483:9:483:20 | call to source : | call to source : | +| array_flow.rb:491:10:491:13 | ...[...] | array_flow.rb:489:19:489:30 | call to source : | array_flow.rb:491:10:491:13 | ...[...] | $@ | array_flow.rb:489:19:489:30 | call to source : | call to source : | +| array_flow.rb:493:14:493:14 | x | array_flow.rb:489:19:489:30 | call to source : | array_flow.rb:493:14:493:14 | x | $@ | array_flow.rb:489:19:489:30 | call to source : | call to source : | +| array_flow.rb:496:10:496:13 | ...[...] | array_flow.rb:494:9:494:20 | call to source : | array_flow.rb:496:10:496:13 | ...[...] | $@ | array_flow.rb:494:9:494:20 | call to source : | call to source : | +| array_flow.rb:502:14:502:14 | x | array_flow.rb:500:19:500:28 | call to source : | array_flow.rb:502:14:502:14 | x | $@ | array_flow.rb:500:19:500:28 | call to source : | call to source : | +| array_flow.rb:509:10:509:13 | ...[...] | array_flow.rb:508:24:508:35 | call to source : | array_flow.rb:509:10:509:13 | ...[...] | $@ | array_flow.rb:508:24:508:35 | call to source : | call to source : | +| array_flow.rb:519:10:519:13 | ...[...] | array_flow.rb:516:21:516:34 | call to source : | array_flow.rb:519:10:519:13 | ...[...] | $@ | array_flow.rb:516:21:516:34 | call to source : | call to source : | +| array_flow.rb:522:10:522:13 | ...[...] | array_flow.rb:515:16:515:29 | call to source : | array_flow.rb:522:10:522:13 | ...[...] | $@ | array_flow.rb:515:16:515:29 | call to source : | call to source : | diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.ql b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.ql new file mode 100644 index 00000000000..842d591a3e5 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.ql @@ -0,0 +1,15 @@ +/** + * @kind path-problem + */ + +import ruby +import TestUtilities.InlineFlowTest +import PathGraph + +class HasFlowTest extends InlineFlowTest { + override DataFlow::Configuration getTaintFlowConfig() { none() } +} + +from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf +where conf.hasFlowPath(source, sink) +select sink, source, sink, "$@", source, source.toString() diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb b/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb new file mode 100644 index 00000000000..5a5cef4ea81 --- /dev/null +++ b/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb @@ -0,0 +1,523 @@ +def m0(i) + a = *source(0) + sink(a[0]) # $ hasValueFlow=0 + sink(a[1]) + sink(a[i]) # $ hasValueFlow=0 +end + +def m1(i) + a = [0, source(1), 2] + sink(a[0]) + sink(a[1]) # $ hasValueFlow=1 + sink(a[2]) + sink(a[i]) # $ hasValueFlow=1 +end + +def m2(i) + a = Array.new(0, source(2.1)) + sink(a[0]) # $ hasValueFlow=2.1 + sink(a[i]) # $ hasValueFlow=2.1 + + b = Array.new(a) + sink(b[0]) # $ hasValueFlow=2.1 + sink(b[i]) # $ hasValueFlow=2.1 + + c = Array.new(1) do |x| + source(2.2) + end + sink(c[0]) # $ hasValueFlow=2.2 + sink(c[i]) # $ hasValueFlow=2.2 +end + +def m3 + a = [source(3), 1] + b = Array.try_convert(a) + sink(b[0]) # $ hasValueFlow=3 + sink(b[1]) +end + +def m4 + a = [source(4.1), 1] + b = [2, 3, source(4.2)] + c = a & b + sink(c[0]) # $ hasValueFlow=4.1 $ hasValueFlow=4.2 + sink(c[1]) # $ hasValueFlow=4.1 $ hasValueFlow=4.2 +end + +def m5 + a = [source(5), 1] + b = a * 3 + sink(b[0]) # $ hasValueFlow=5 + sink(b[1]) # $ hasValueFlow=5 +end + +def m6 + a = [source(6.1), 1] + b = [2, source(6.2)] + c = a + b + sink(c[0]) # $ hasValueFlow=6.1 $ hasValueFlow=6.2 + sink(c[1]) # $ hasValueFlow=6.2 +end + +def m7 + a = [source(7.1), 1] + b = [2, source(7.2)] + c = a - b + sink(c[0]) # $ hasValueFlow=7.1 + sink(c[1]) # $ hasValueFlow=7.1 +end + +def m8 + a = [source(8.1), 1] + b = a << source(8.2) + sink(b[0]) # $ hasValueFlow=8.1 $ hasValueFlow=8.2 + sink(b[1]) # $ hasValueFlow=8.2 +end + +def m9(i) + a = [0, source(9), 2] + b, c, d = a + sink(b) + sink(c) # $ hasValueFlow=9 + sink(d) +end + +def m10(i) + a = [0, source(10), 2] + b = a[0, 2] + sink(b[0]) # $ hasValueFlow=10 + sink(b[1]) # $ hasValueFlow=10 + sink(b[i]) # $ hasValueFlow=10 +end + +def m11(i) + a = [0, source(11), 2] + b = a[0..2] + sink(b[0]) # $ hasValueFlow=11 + sink(b[1]) # $ hasValueFlow=11 + sink(b[i]) # $ hasValueFlow=11 +end + +def m12(i) + a = [0, 1] + a[0, 1] = source(12) + sink(a[0]) # $ hasValueFlow=12 + sink(a[1]) # $ hasValueFlow=12 + sink(a[i]) # $ hasValueFlow=12 +end + +def m13(i) + a = [0, 1] + a[0, 1] = [0, source(13), 2] + sink(a[0]) # $ hasValueFlow=13 + sink(a[1]) # $ hasValueFlow=13 + sink(a[i]) # $ hasValueFlow=13 +end + +def m14(i) + a = [0, 1] + a[0..1] = source(14) + sink(a[0]) # $ hasValueFlow=14 + sink(a[1]) # $ hasValueFlow=14 + sink(a[i]) # $ hasValueFlow=14 +end + +def m15(i) + a = [0, 1] + a[0..1] = [0, source(15), 2] + sink(a[0]) # $ hasValueFlow=15 + sink(a[1]) # $ hasValueFlow=15 + sink(a[i]) # $ hasValueFlow=15 +end + +def m16 + a = [0, 1, source(16)] + a.all? do |x| + sink x # $ hasValueFlow=16 + end +end + +def m17 + a = [0, 1, source(17)] + a.any? do |x| + sink x # $ hasValueFlow=17 + end +end + +def m18 + a = ["a", 0] + b = ["b", 1] + c = ["c", source(18)] + d = [a, b, c] + sink (d.assoc("a")[0]) # $ hasValueFlow=18 + sink (d.assoc("c")[0]) # $ hasValueFlow=18 +end + +def m19(i) + a = [0, source(19), 2] + sink(a.at(0)) + sink(a.at(1)) # $ hasValueFlow=19 + sink(a.at(2)) + sink(a.at(i)) # $ hasValueFlow=19 +end + +def m20 + a = [0, 1, source(20)] + b = a.bsearch do |x| + sink x # $ hasValueFlow=20 + end + sink b # $ hasValueFlow=20 +end + +def m21 + a = [0, 1, source(21)] + b = a.bsearch_index do |x| + sink x # $ hasValueFlow=21 + end + sink b +end + +def m22 + a = [0, 1, source(22)] + a.clear() + sink(a[2]) +end + +def m23 + a = [0, 1, source(23)] + b = a.collect do |x| + sink x # $ hasValueFlow=23 + x + end + sink(b[0]) # $ hasValueFlow=23 +end + +def m24 + a = [0, 1, source(24)] + b = a.collect_concat do |x| + sink x # $ hasValueFlow=24 + [x, x] + end + sink(b[0]) # $ hasValueFlow=24 +end + +def m25 + a = [0, 1, source(25)] + a.combination(1) do |x| + sink(x[0]) # $ hasValueFlow=25 + end +end + +def m26 + a = [0, 1, source(26)] + b = a.compact + sink(b[0]) # $ hasValueFlow=26 +end + +def m27 + a = [0, 1, source(27.1)] + b = [0, 1, source(27.2)] + a.concat(b) + sink(a[0]) # $ hasValueFlow=27.2 + sink(a[2]) # $ hasValueFlow=27.1 $ hasValueFlow=27.2 +end + +def m28 + a = [0, 1, source(28)] + a.count do |x| + sink x # $ hasValueFlow=28 + end +end + +def m29 + a = [0, 1, source(29)] + a.cycle(2) do |x| + sink x # $ hasValueFlow=29 + end +end + +def m30 + a = [0, 1, source(30.1)] + b = a.delete(2) { source(30.2) } + sink b # $ hasValueFlow=30.1 $ hasValueFlow=30.2 +end + +def m31 + a = [0, 1, source(31)] + b = a.delete_at(2) + sink b # $ hasValueFlow=31 +end + +def m32 + a = [0, 1, source(32)] + b = a.delete_if do |x| + sink x # $ hasValueFlow=32 + end + sink(b[0]) # $ hasValueFlow=32 +end + +def m33 + a = [0, 1, source(33)] + b = a.difference([1]) + sink(b[0]) # $ hasValueFlow=33 +end + +def m34(i) + a = [0, 1, source(34.1), [0, source(34.2)]] + sink(a.dig(0)) + sink(a.dig(2)) # $ hasValueFlow=34.1 + sink(a.dig(i)) # $ hasValueFlow=34.1 + sink(a.dig(3,0)) + sink(a.dig(3,1)) # $ hasValueFlow=34.2 +end + +def m35 + a = [0, 1, source(35.1)] + b = a.detect(-> { source(35.2) }) do |x| + sink x # $ hasValueFlow=35.1 + end + sink b # $ hasValueFlow=35.1 $ hasValueFlow=35.2 +end + +def m36(i) + a = [0, 1, source(36.1), source(36.2)] + b = a.drop(i) + sink(b[0]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.2 + b = a.drop(1) + sink(b[0]) + sink(b[1]) # $ hasValueFlow=36.1 + sink(b[i]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.2 + a[i] = source(36.3) + b = a.drop(1) + sink(b[1]) # $ hasValueFlow=36.1 # $ hasValueFlow=36.3 + c = b.drop(100) + sink(c[1]) # $ hasValueFlow=36.3 +end + +def m37 + a = [0, 1, source(37.1), source(37.2)] + b = a.drop_while do |x| + sink x # $ hasValueFlow=37.1 # $ hasValueFlow=37.2 + end + sink(b[0]) # $ hasValueFlow=37.1 # $ hasValueFlow=37.2 +end + +def m38 + a = [0, 1, source(38)] + b = a.each do |x| + sink x # $ hasValueFlow=38 + end + sink(b[2]) # $ hasValueFlow=38 +end + +def m39 + a = [0, 1, source(39)] + b = for x in a # desugars to an `each` call + sink x # $ hasValueFlow=39 + end + sink x # $ hasValueFlow=39 + sink(b[2]) # $ hasValueFlow=39 +end + +def m40 + a = [0, 1, source(40)] + a.each_cons(2) do |x| + sink (x[0]) # $ hasValueFlow=40 + end +end + +def m41 + a = [0, 1, source(41)] + b = a.each_entry do |x| + sink x # $ hasValueFlow=41 + end + sink(b[2]) # $ hasValueFlow=41 +end + +def m42 + a = [0, 1, source(42)] + b = a.each_index do |x| + sink x + end + sink(b[2]) # $ hasValueFlow=42 +end + +def m43 + a = [0, 1, 2, source(43)] + b = a.each_slice do |x| + sink(x[0]) # $ hasValueFlow=43 + end + sink(b[3]) # $ hasValueFlow=43 +end + +def m44 + a = [0, 1, 2, source(44)] + b = a.each_with_index do |x,i| + sink(x) # $ hasValueFlow=44 + sink(i) + end + sink(b[3]) # $ hasValueFlow=44 +end + +def m45 + a = [0, 1, 2, source(45.1)] + b = a.each_with_object(source(45.2)) do |x,a| + sink(x) # $ hasValueFlow=45.1 + sink(a) # $ hasValueFlow=45.2 + end + sink(b) # $ hasValueFlow=45.2 +end + +def m46(i) + a = [0, 1, 2, source(46.1)] + b = a.fetch(source(46.2)) do |x| + sink(x) # $ hasValueFlow=46.2 + end + sink(b) # $ hasValueFlow=46.1 +end + +def m47 + a = [0, 1, 2, source(47.1)] + a.fill(source(47.2), 1, 1) + sink(a[3]) # $ hasValueFlow=47.1 $ hasValueFlow=47.2 + a.fill(source(47.3)) + sink(a[0]) # $ hasValueFlow=47.3 + a.fill do |i| + source(47.4) + end + sink(a[0]) # $ hasValueFlow=47.4 + a.fill(2) do |i| + source(47.5) + end + sink(a[0]) # $ hasValueFlow=47.4 $ hasValueFlow=47.5 +end + +def m48 + a = [0, 1, 2, source(48)] + b = a.filter do |x| + sink(x) # $ hasValueFlow=48 + end + sink(b[0]) # $ hasValueFlow=48 +end + +def m49 + a = [0, 1, 2, source(49)] + b = a.filter_map do |x| + sink(x) # $ hasValueFlow=49 + end + sink(b[0]) # $ hasValueFlow=49 +end + +def m50 + a = [0, 1, 2, source(50)] + b = a.filter! do |x| + sink(x) # $ hasValueFlow=50 + end + sink(b[0]) # $ hasValueFlow=50 +end + +def m51 + a = [0, 1, 2, source(51.1)] + b = a.find(-> { source(51.2) }) do |x| + sink(x) # $ hasValueFlow=51.1 + end + sink(b) # $ hasValueFlow=51.1 $ hasValueFlow=51.2 +end + +def m52 + a = [0, 1, 2, source(52)] + b = a.find_all do |x| + sink(x) # $ hasValueFlow=52 + end + sink(b[0]) # $ hasValueFlow=52 +end + +def m53 + a = [0, 1, 2, source(53)] + a.find_index do |x| + sink(x) # $ hasValueFlow=53 + end +end + +def m54(i) + a = [source(54.1), 1, 2, source(54.2)] + a[i] = source(54.3) + sink(a.first) # $ hasValueFlow=54.1 $ hasValueFlow=54.3 + b = a.first(2) + sink(b[0]) # $ hasValueFlow=54.1 $ hasValueFlow=54.3 + sink(b[4]) # $ hasValueFlow=54.3 + c = a.first(i) + sink(c[0]) # $ hasValueFlow=54.1 $ hasValueFlow=54.3 + sink(c[3]) # $ hasValueFlow=54.2 $ hasValueFlow=54.3 +end + +def m55 + a = [0, 1, 2, source(55.1)] + b = a.flat_map do |x| + sink(x) # $ hasValueFlow=55.1 + [x, source(55.2)] + end + sink(b[0]) # $ hasValueFlow=55.1 $ hasValueFlow=55.2 +end + +def m56 + a = [0, 1, [2, source(56)]] + b = a.flatten + sink(b[0]) # $ hasValueFlow=56 +end + +def m57 + a = [0, 1, [2, source(57)]] + sink(a[2][1]) # $ hasValueFlow=57 + a.flatten! + sink(a[0]) # $ hasValueFlow=57 + sink(a[2][1]) # $ SPURIOUS: hasValueFlow=57 +end + +def m58 + a = [0, 1, 2, source(58.1)] + b = a.grep(/.*/) + sink(b[0]) # $ hasValueFlow=58.1 + b = a.grep(/.*/) do |x| + sink x # $ hasValueFlow=58.1 + source(58.2) + end + sink(b[0]) # $ hasValueFlow=58.2 +end + +def m59 + a = [0, 1, 2, source(59.1)] + b = a.grep_v(/A/) + sink(b[0]) # $ hasValueFlow=59.1 + b = a.grep_v(/A/) do |x| + sink x # $ hasValueFlow=59.1 + source(59.2) + end + sink(b[0]) # $ hasValueFlow=59.2 +end + +def m60 + a = [0, 1, 2, source(60)] + a.index do |x| + sink x # $ hasValueFlow=60 + end +end + +def m61 + a = [0, 1, 2, source(61.1)] + a.initialize_copy([source(61.2)]) + sink(a[0]) # $ hasValueFlow=61.2 +end + + +# TODO: assign appropriate number when reached in the alphabetical ordering +def m2600 + a = [0, 1, source(2600.1)] + a.prepend(2, 3, source(2600.2)) + sink(a[0]) + sink(a[1]) + sink(a[2]) # $ hasValueFlow=2600.2 + sink(a[3]) + sink(a[4]) + sink(a[5]) # $ hasValueFlow=2600.1 +end diff --git a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected index 5ac1c88d6f4..23f28e1e630 100644 --- a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected @@ -1,5 +1,6 @@ edges -| tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:5:26:5:29 | path | +| tainted_path.rb:4:12:4:17 | call to params : | tainted_path.rb:4:12:4:24 | ...[...] : | +| tainted_path.rb:4:12:4:24 | ...[...] : | tainted_path.rb:5:26:5:29 | path | | tainted_path.rb:10:12:10:43 | call to absolute_path : | tainted_path.rb:11:26:11:29 | path | | tainted_path.rb:10:31:10:36 | call to params : | tainted_path.rb:10:31:10:43 | ...[...] : | | tainted_path.rb:10:31:10:43 | ...[...] : | tainted_path.rb:10:12:10:43 | call to absolute_path : | @@ -23,6 +24,7 @@ edges | tainted_path.rb:47:43:47:55 | ...[...] : | tainted_path.rb:47:12:47:63 | call to join : | nodes | tainted_path.rb:4:12:4:17 | call to params : | semmle.label | call to params : | +| tainted_path.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : | | tainted_path.rb:5:26:5:29 | path | semmle.label | path | | tainted_path.rb:10:12:10:43 | call to absolute_path : | semmle.label | call to absolute_path : | | tainted_path.rb:10:31:10:36 | call to params : | semmle.label | call to params : | diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected index d3338f6cd56..8849322976c 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection.expected @@ -1,15 +1,18 @@ edges -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:7:10:7:15 | #{...} | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:8:16:8:18 | cmd | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:10:14:10:16 | cmd | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:11:17:11:22 | #{...} | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:13:9:13:14 | #{...} | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:29:19:29:24 | #{...} | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:33:24:33:36 | "echo #{...}" | -| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:34:39:34:51 | "grep #{...}" | -| CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:50:24:50:36 | "echo #{...}" | +| CommandInjection.rb:6:15:6:20 | call to params : | CommandInjection.rb:6:15:6:26 | ...[...] : | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:7:10:7:15 | #{...} | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:8:16:8:18 | cmd | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:10:14:10:16 | cmd | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:11:17:11:22 | #{...} | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:13:9:13:14 | #{...} | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:29:19:29:24 | #{...} | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:33:24:33:36 | "echo #{...}" | +| CommandInjection.rb:6:15:6:26 | ...[...] : | CommandInjection.rb:34:39:34:51 | "grep #{...}" | +| CommandInjection.rb:46:15:46:20 | call to params : | CommandInjection.rb:46:15:46:26 | ...[...] : | +| CommandInjection.rb:46:15:46:26 | ...[...] : | CommandInjection.rb:50:24:50:36 | "echo #{...}" | nodes | CommandInjection.rb:6:15:6:20 | call to params : | semmle.label | call to params : | +| CommandInjection.rb:6:15:6:26 | ...[...] : | semmle.label | ...[...] : | | CommandInjection.rb:7:10:7:15 | #{...} | semmle.label | #{...} | | CommandInjection.rb:8:16:8:18 | cmd | semmle.label | cmd | | CommandInjection.rb:10:14:10:16 | cmd | semmle.label | cmd | @@ -19,6 +22,7 @@ nodes | CommandInjection.rb:33:24:33:36 | "echo #{...}" | semmle.label | "echo #{...}" | | CommandInjection.rb:34:39:34:51 | "grep #{...}" | semmle.label | "grep #{...}" | | CommandInjection.rb:46:15:46:20 | call to params : | semmle.label | call to params : | +| CommandInjection.rb:46:15:46:26 | ...[...] : | semmle.label | ...[...] : | | CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" | subpaths #select diff --git a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected index ccdd73f58c7..5659fceb1e7 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected +++ b/ruby/ql/test/query-tests/security/cwe-078/KernelOpen.expected @@ -1,8 +1,10 @@ edges -| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:4:10:4:13 | file | -| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:5:13:5:16 | file | +| KernelOpen.rb:3:12:3:17 | call to params : | KernelOpen.rb:3:12:3:24 | ...[...] : | +| KernelOpen.rb:3:12:3:24 | ...[...] : | KernelOpen.rb:4:10:4:13 | file | +| KernelOpen.rb:3:12:3:24 | ...[...] : | KernelOpen.rb:5:13:5:16 | file | nodes | KernelOpen.rb:3:12:3:17 | call to params : | semmle.label | call to params : | +| KernelOpen.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : | | KernelOpen.rb:4:10:4:13 | file | semmle.label | file | | KernelOpen.rb:5:13:5:16 | file | semmle.label | file | subpaths diff --git a/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected b/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected index 0678f3896df..503e9ec0529 100644 --- a/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected +++ b/ruby/ql/test/query-tests/security/cwe-079/ReflectedXSS.expected @@ -1,11 +1,13 @@ edges | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | app/views/foo/bars/show.html.erb:47:5:47:13 | call to user_name | -| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | +| app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | +| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | app/views/foo/bars/show.html.erb:51:5:51:18 | call to user_name_memo | | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | app/views/foo/bars/show.html.erb:2:18:2:30 | @user_website | -| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | -| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | +| app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | +| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | +| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | app/views/foo/bars/show.html.erb:41:3:41:16 | @instance_text | | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:5:9:5:20 | call to display_text | | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | app/views/foo/bars/show.html.erb:8:9:8:36 | ...[...] | @@ -21,9 +23,11 @@ nodes | app/controllers/foo/bars_controller.rb:9:12:9:17 | call to params : | semmle.label | call to params : | | app/controllers/foo/bars_controller.rb:9:12:9:29 | ...[...] : | semmle.label | ...[...] : | | app/controllers/foo/bars_controller.rb:13:20:13:25 | call to params : | semmle.label | call to params : | +| app/controllers/foo/bars_controller.rb:13:20:13:37 | ...[...] : | semmle.label | ...[...] : | | app/controllers/foo/bars_controller.rb:17:21:17:26 | call to params : | semmle.label | call to params : | | app/controllers/foo/bars_controller.rb:17:21:17:36 | ...[...] : | semmle.label | ...[...] : | | app/controllers/foo/bars_controller.rb:18:10:18:15 | call to params : | semmle.label | call to params : | +| app/controllers/foo/bars_controller.rb:18:10:18:22 | ...[...] : | semmle.label | ...[...] : | | app/controllers/foo/bars_controller.rb:19:22:19:23 | dt : | semmle.label | dt : | | app/controllers/foo/bars_controller.rb:23:53:23:54 | dt : | semmle.label | dt : | | app/views/foo/bars/_widget.html.erb:5:9:5:20 | call to display_text | semmle.label | call to display_text | diff --git a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected index aca755ba998..6a9f5f771fb 100644 --- a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected @@ -4,22 +4,31 @@ edges | ActiveRecordInjection.rb:20:22:20:30 | condition : | ActiveRecordInjection.rb:23:16:23:24 | condition | | ActiveRecordInjection.rb:35:30:35:35 | call to params : | ActiveRecordInjection.rb:35:30:35:44 | ...[...] | | ActiveRecordInjection.rb:39:18:39:23 | call to params : | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | -| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | -| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | -| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | -| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | -| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | -| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | +| ActiveRecordInjection.rb:43:29:43:34 | call to params : | ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | +| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | +| ActiveRecordInjection.rb:48:30:48:35 | call to params : | ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | +| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | +| ActiveRecordInjection.rb:52:31:52:36 | call to params : | ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | +| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | +| ActiveRecordInjection.rb:57:32:57:37 | call to params : | ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | +| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | +| ActiveRecordInjection.rb:62:21:62:26 | call to params : | ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | +| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | +| ActiveRecordInjection.rb:68:34:68:39 | call to params : | ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | +| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | | ActiveRecordInjection.rb:70:23:70:28 | call to params : | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | ActiveRecordInjection.rb:8:25:8:28 | name : | | ActiveRecordInjection.rb:70:38:70:43 | call to params : | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | ActiveRecordInjection.rb:8:31:8:34 | pass : | -| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | +| ActiveRecordInjection.rb:74:41:74:46 | call to params : | ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | +| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | | ActiveRecordInjection.rb:83:17:83:22 | call to params : | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | | ActiveRecordInjection.rb:84:19:84:24 | call to params : | ActiveRecordInjection.rb:84:19:84:33 | ...[...] | | ActiveRecordInjection.rb:88:18:88:23 | call to params : | ActiveRecordInjection.rb:88:18:88:35 | ...[...] | | ActiveRecordInjection.rb:92:21:92:26 | call to params : | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | -| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | +| ActiveRecordInjection.rb:98:10:98:15 | call to params : | ActiveRecordInjection.rb:99:11:99:12 | ps : | +| ActiveRecordInjection.rb:99:11:99:12 | ps : | ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | +| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | | ActiveRecordInjection.rb:137:21:137:26 | call to params : | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | ActiveRecordInjection.rb:20:22:20:30 | condition : | nodes @@ -34,22 +43,29 @@ nodes | ActiveRecordInjection.rb:39:18:39:32 | ...[...] | semmle.label | ...[...] | | ActiveRecordInjection.rb:43:20:43:42 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | | ActiveRecordInjection.rb:43:29:43:34 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:43:29:43:39 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:48:21:48:43 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | | ActiveRecordInjection.rb:48:30:48:35 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:48:30:48:40 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:52:22:52:44 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | | ActiveRecordInjection.rb:52:31:52:36 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:52:31:52:41 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:57:23:57:45 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | | ActiveRecordInjection.rb:57:32:57:37 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:57:32:57:42 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:61:16:61:21 | <<-SQL | semmle.label | <<-SQL | | ActiveRecordInjection.rb:62:21:62:26 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:62:21:62:35 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:68:20:68:47 | "user.id = '#{...}'" | semmle.label | "user.id = '#{...}'" | | ActiveRecordInjection.rb:68:34:68:39 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:68:34:68:44 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:70:23:70:28 | call to params : | semmle.label | call to params : | | ActiveRecordInjection.rb:70:23:70:35 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:70:38:70:43 | call to params : | semmle.label | call to params : | | ActiveRecordInjection.rb:70:38:70:50 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:74:32:74:54 | "id = '#{...}'" | semmle.label | "id = '#{...}'" | | ActiveRecordInjection.rb:74:41:74:46 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:74:41:74:51 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:83:17:83:22 | call to params : | semmle.label | call to params : | | ActiveRecordInjection.rb:83:17:83:31 | ...[...] | semmle.label | ...[...] | | ActiveRecordInjection.rb:84:19:84:24 | call to params : | semmle.label | call to params : | @@ -59,6 +75,8 @@ nodes | ActiveRecordInjection.rb:92:21:92:26 | call to params : | semmle.label | call to params : | | ActiveRecordInjection.rb:92:21:92:35 | ...[...] | semmle.label | ...[...] | | ActiveRecordInjection.rb:98:10:98:15 | call to params : | semmle.label | call to params : | +| ActiveRecordInjection.rb:99:11:99:12 | ps : | semmle.label | ps : | +| ActiveRecordInjection.rb:99:11:99:17 | ...[...] : | semmle.label | ...[...] : | | ActiveRecordInjection.rb:104:20:104:32 | ... + ... | semmle.label | ... + ... | | ActiveRecordInjection.rb:137:21:137:26 | call to params : | semmle.label | call to params : | | ActiveRecordInjection.rb:137:21:137:44 | ...[...] : | semmle.label | ...[...] : | diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected index 834fd1d1db7..f9e4dd35642 100644 --- a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected @@ -1,9 +1,11 @@ edges -| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:6:10:6:13 | code | -| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:18:20:18:23 | code | -| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:21:21:21:24 | code | +| CodeInjection.rb:3:12:3:17 | call to params : | CodeInjection.rb:3:12:3:24 | ...[...] : | +| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:6:10:6:13 | code | +| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:18:20:18:23 | code | +| CodeInjection.rb:3:12:3:24 | ...[...] : | CodeInjection.rb:21:21:21:24 | code | nodes | CodeInjection.rb:3:12:3:17 | call to params : | semmle.label | call to params : | +| CodeInjection.rb:3:12:3:24 | ...[...] : | semmle.label | ...[...] : | | CodeInjection.rb:6:10:6:13 | code | semmle.label | code | | CodeInjection.rb:9:10:9:15 | call to params | semmle.label | call to params | | CodeInjection.rb:18:20:18:23 | code | semmle.label | code | diff --git a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected index 938758f9db1..64c0c919427 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected +++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected @@ -1,24 +1,29 @@ edges -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:10:5:10:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:11:5:11:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:12:5:12:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:13:5:13:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:14:5:14:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:15:5:15:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:16:5:16:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:17:5:17:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:18:5:18:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:19:5:19:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:20:5:20:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:21:5:21:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:22:5:22:8 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:23:17:23:20 | name | -| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:24:18:24:21 | name | -| PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:28:5:28:5 | a | -| PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:30:5:30:5 | b | -| PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:32:5:32:5 | c | +| PolynomialReDoS.rb:4:12:4:17 | call to params : | PolynomialReDoS.rb:4:12:4:24 | ...[...] : | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:10:5:10:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:11:5:11:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:12:5:12:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:13:5:13:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:14:5:14:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:15:5:15:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:16:5:16:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:17:5:17:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:18:5:18:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:19:5:19:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:20:5:20:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:21:5:21:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:22:5:22:8 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:23:17:23:20 | name | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | PolynomialReDoS.rb:24:18:24:21 | name | +| PolynomialReDoS.rb:27:9:27:14 | call to params : | PolynomialReDoS.rb:27:9:27:18 | ...[...] : | +| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | PolynomialReDoS.rb:28:5:28:5 | a | +| PolynomialReDoS.rb:29:9:29:14 | call to params : | PolynomialReDoS.rb:29:9:29:18 | ...[...] : | +| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | PolynomialReDoS.rb:30:5:30:5 | b | +| PolynomialReDoS.rb:31:9:31:14 | call to params : | PolynomialReDoS.rb:31:9:31:18 | ...[...] : | +| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | PolynomialReDoS.rb:32:5:32:5 | c | nodes | PolynomialReDoS.rb:4:12:4:17 | call to params : | semmle.label | call to params : | +| PolynomialReDoS.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : | | PolynomialReDoS.rb:10:5:10:8 | name | semmle.label | name | | PolynomialReDoS.rb:11:5:11:8 | name | semmle.label | name | | PolynomialReDoS.rb:12:5:12:8 | name | semmle.label | name | @@ -35,10 +40,13 @@ nodes | PolynomialReDoS.rb:23:17:23:20 | name | semmle.label | name | | PolynomialReDoS.rb:24:18:24:21 | name | semmle.label | name | | PolynomialReDoS.rb:27:9:27:14 | call to params : | semmle.label | call to params : | +| PolynomialReDoS.rb:27:9:27:18 | ...[...] : | semmle.label | ...[...] : | | PolynomialReDoS.rb:28:5:28:5 | a | semmle.label | a | | PolynomialReDoS.rb:29:9:29:14 | call to params : | semmle.label | call to params : | +| PolynomialReDoS.rb:29:9:29:18 | ...[...] : | semmle.label | ...[...] : | | PolynomialReDoS.rb:30:5:30:5 | b | semmle.label | b | | PolynomialReDoS.rb:31:9:31:14 | call to params : | semmle.label | call to params : | +| PolynomialReDoS.rb:31:9:31:18 | ...[...] : | semmle.label | ...[...] : | | PolynomialReDoS.rb:32:5:32:5 | c | semmle.label | c | subpaths #select diff --git a/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected b/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected index 4f2b3af777f..5f64a891749 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-1333-regexp-injection/RegExpInjection.expected @@ -1,19 +1,29 @@ edges -| RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:5:13:5:21 | /#{...}/ | -| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | -| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:17:24:17:27 | name | -| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:23:24:23:33 | ... + ... | -| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:55:28:55:37 | ... + ... | +| RegExpInjection.rb:4:12:4:17 | call to params : | RegExpInjection.rb:4:12:4:24 | ...[...] : | +| RegExpInjection.rb:4:12:4:24 | ...[...] : | RegExpInjection.rb:5:13:5:21 | /#{...}/ | +| RegExpInjection.rb:10:12:10:17 | call to params : | RegExpInjection.rb:10:12:10:24 | ...[...] : | +| RegExpInjection.rb:10:12:10:24 | ...[...] : | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | +| RegExpInjection.rb:16:12:16:17 | call to params : | RegExpInjection.rb:16:12:16:24 | ...[...] : | +| RegExpInjection.rb:16:12:16:24 | ...[...] : | RegExpInjection.rb:17:24:17:27 | name | +| RegExpInjection.rb:22:12:22:17 | call to params : | RegExpInjection.rb:22:12:22:24 | ...[...] : | +| RegExpInjection.rb:22:12:22:24 | ...[...] : | RegExpInjection.rb:23:24:23:33 | ... + ... | +| RegExpInjection.rb:54:12:54:17 | call to params : | RegExpInjection.rb:54:12:54:24 | ...[...] : | +| RegExpInjection.rb:54:12:54:24 | ...[...] : | RegExpInjection.rb:55:28:55:37 | ... + ... | nodes | RegExpInjection.rb:4:12:4:17 | call to params : | semmle.label | call to params : | +| RegExpInjection.rb:4:12:4:24 | ...[...] : | semmle.label | ...[...] : | | RegExpInjection.rb:5:13:5:21 | /#{...}/ | semmle.label | /#{...}/ | | RegExpInjection.rb:10:12:10:17 | call to params : | semmle.label | call to params : | +| RegExpInjection.rb:10:12:10:24 | ...[...] : | semmle.label | ...[...] : | | RegExpInjection.rb:11:13:11:27 | /foo#{...}bar/ | semmle.label | /foo#{...}bar/ | | RegExpInjection.rb:16:12:16:17 | call to params : | semmle.label | call to params : | +| RegExpInjection.rb:16:12:16:24 | ...[...] : | semmle.label | ...[...] : | | RegExpInjection.rb:17:24:17:27 | name | semmle.label | name | | RegExpInjection.rb:22:12:22:17 | call to params : | semmle.label | call to params : | +| RegExpInjection.rb:22:12:22:24 | ...[...] : | semmle.label | ...[...] : | | RegExpInjection.rb:23:24:23:33 | ... + ... | semmle.label | ... + ... | | RegExpInjection.rb:54:12:54:17 | call to params : | semmle.label | call to params : | +| RegExpInjection.rb:54:12:54:24 | ...[...] : | semmle.label | ...[...] : | | RegExpInjection.rb:55:28:55:37 | ... + ... | semmle.label | ... + ... | subpaths #select diff --git a/ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected b/ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected index 8e4e62d4476..c42e5e42e8c 100644 --- a/ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected +++ b/ruby/ql/test/query-tests/security/cwe-502/oj-global-options/UnsafeDeserialization.expected @@ -1,7 +1,9 @@ edges -| OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:14:22:14:30 | json_data | +| OjGlobalOptions.rb:13:17:13:22 | call to params : | OjGlobalOptions.rb:13:17:13:28 | ...[...] : | +| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | OjGlobalOptions.rb:14:22:14:30 | json_data | nodes | OjGlobalOptions.rb:13:17:13:22 | call to params : | semmle.label | call to params : | +| OjGlobalOptions.rb:13:17:13:28 | ...[...] : | semmle.label | ...[...] : | | OjGlobalOptions.rb:14:22:14:30 | json_data | semmle.label | json_data | subpaths #select diff --git a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected index b2fde305145..42cc4d0a099 100644 --- a/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected +++ b/ruby/ql/test/query-tests/security/cwe-502/unsafe-deserialization/UnsafeDeserialization.expected @@ -1,27 +1,41 @@ edges -| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | -| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | -| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:22:24:22:32 | json_data | -| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:28:27:28:35 | json_data | -| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | -| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:52:22:52:30 | json_data | -| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:53:22:53:30 | json_data | -| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:68:23:68:31 | json_data | +| UnsafeDeserialization.rb:9:39:9:44 | call to params : | UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | +| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | +| UnsafeDeserialization.rb:15:39:15:44 | call to params : | UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | +| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | +| UnsafeDeserialization.rb:21:17:21:22 | call to params : | UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | +| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | UnsafeDeserialization.rb:22:24:22:32 | json_data | +| UnsafeDeserialization.rb:27:17:27:22 | call to params : | UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | +| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | UnsafeDeserialization.rb:28:27:28:35 | json_data | +| UnsafeDeserialization.rb:39:17:39:22 | call to params : | UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | +| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | +| UnsafeDeserialization.rb:51:17:51:22 | call to params : | UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | +| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:52:22:52:30 | json_data | +| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | UnsafeDeserialization.rb:53:22:53:30 | json_data | +| UnsafeDeserialization.rb:58:17:58:22 | call to params : | UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | +| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | UnsafeDeserialization.rb:68:23:68:31 | json_data | nodes | UnsafeDeserialization.rb:9:39:9:44 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:9:39:9:50 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:10:27:10:41 | serialized_data | semmle.label | serialized_data | | UnsafeDeserialization.rb:15:39:15:44 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:15:39:15:50 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:16:30:16:44 | serialized_data | semmle.label | serialized_data | | UnsafeDeserialization.rb:21:17:21:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:21:17:21:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:22:24:22:32 | json_data | semmle.label | json_data | | UnsafeDeserialization.rb:27:17:27:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:27:17:27:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:28:27:28:35 | json_data | semmle.label | json_data | | UnsafeDeserialization.rb:39:17:39:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:39:17:39:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:40:24:40:32 | yaml_data | semmle.label | yaml_data | | UnsafeDeserialization.rb:51:17:51:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:51:17:51:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:52:22:52:30 | json_data | semmle.label | json_data | | UnsafeDeserialization.rb:53:22:53:30 | json_data | semmle.label | json_data | | UnsafeDeserialization.rb:58:17:58:22 | call to params : | semmle.label | call to params : | +| UnsafeDeserialization.rb:58:17:58:28 | ...[...] : | semmle.label | ...[...] : | | UnsafeDeserialization.rb:68:23:68:31 | json_data | semmle.label | json_data | subpaths #select diff --git a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected index 2684c3ff180..0805fd2c627 100644 --- a/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected +++ b/ruby/ql/test/query-tests/security/cwe-601/UrlRedirect.expected @@ -4,7 +4,8 @@ edges | UrlRedirect.rb:19:17:19:22 | call to params : | UrlRedirect.rb:19:17:19:37 | call to to_unsafe_hash | | UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:24:17:24:37 | call to filter_params | | UrlRedirect.rb:24:31:24:36 | call to params : | UrlRedirect.rb:56:21:56:32 | input_params : | -| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | +| UrlRedirect.rb:34:20:34:25 | call to params : | UrlRedirect.rb:34:20:34:31 | ...[...] : | +| UrlRedirect.rb:34:20:34:31 | ...[...] : | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | | UrlRedirect.rb:56:21:56:32 | input_params : | UrlRedirect.rb:57:5:57:29 | call to permit : | nodes | UrlRedirect.rb:4:17:4:22 | call to params | semmle.label | call to params | @@ -18,6 +19,7 @@ nodes | UrlRedirect.rb:24:31:24:36 | call to params : | semmle.label | call to params : | | UrlRedirect.rb:34:17:34:37 | "#{...}/foo" | semmle.label | "#{...}/foo" | | UrlRedirect.rb:34:20:34:25 | call to params : | semmle.label | call to params : | +| UrlRedirect.rb:34:20:34:31 | ...[...] : | semmle.label | ...[...] : | | UrlRedirect.rb:56:21:56:32 | input_params : | semmle.label | input_params : | | UrlRedirect.rb:57:5:57:29 | call to permit : | semmle.label | call to permit : | subpaths diff --git a/ruby/ql/test/query-tests/security/cwe-611/Xxe.expected b/ruby/ql/test/query-tests/security/cwe-611/Xxe.expected index 0db8bb55da4..44732d9a7a7 100644 --- a/ruby/ql/test/query-tests/security/cwe-611/Xxe.expected +++ b/ruby/ql/test/query-tests/security/cwe-611/Xxe.expected @@ -1,29 +1,32 @@ edges -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:4:34:4:40 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:5:32:5:38 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:6:30:6:36 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:7:32:7:38 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:8:30:8:36 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:9:28:9:34 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:11:26:11:32 | content | -| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:12:24:12:30 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:5:26:5:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:6:26:6:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:7:26:7:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:8:26:8:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:9:26:9:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:11:26:11:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:12:26:12:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:15:26:15:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:16:26:16:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:18:26:18:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:19:26:19:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:22:26:22:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:25:26:25:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:27:26:27:32 | content | -| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:28:26:28:32 | content | +| LibXmlRuby.rb:3:15:3:20 | call to params : | LibXmlRuby.rb:3:15:3:26 | ...[...] : | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:4:34:4:40 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:5:32:5:38 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:6:30:6:36 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:7:32:7:38 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:8:30:8:36 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:9:28:9:34 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:11:26:11:32 | content | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | LibXmlRuby.rb:12:24:12:30 | content | +| Nokogiri.rb:3:15:3:20 | call to params : | Nokogiri.rb:3:15:3:26 | ...[...] : | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:5:26:5:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:6:26:6:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:7:26:7:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:8:26:8:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:9:26:9:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:11:26:11:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:12:26:12:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:15:26:15:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:16:26:16:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:18:26:18:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:19:26:19:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:22:26:22:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:25:26:25:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:27:26:27:32 | content | +| Nokogiri.rb:3:15:3:26 | ...[...] : | Nokogiri.rb:28:26:28:32 | content | nodes | LibXmlRuby.rb:3:15:3:20 | call to params : | semmle.label | call to params : | +| LibXmlRuby.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : | | LibXmlRuby.rb:4:34:4:40 | content | semmle.label | content | | LibXmlRuby.rb:5:32:5:38 | content | semmle.label | content | | LibXmlRuby.rb:6:30:6:36 | content | semmle.label | content | @@ -33,6 +36,7 @@ nodes | LibXmlRuby.rb:11:26:11:32 | content | semmle.label | content | | LibXmlRuby.rb:12:24:12:30 | content | semmle.label | content | | Nokogiri.rb:3:15:3:20 | call to params : | semmle.label | call to params : | +| Nokogiri.rb:3:15:3:26 | ...[...] : | semmle.label | ...[...] : | | Nokogiri.rb:5:26:5:32 | content | semmle.label | content | | Nokogiri.rb:6:26:6:32 | content | semmle.label | content | | Nokogiri.rb:7:26:7:32 | content | semmle.label | content | diff --git a/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected b/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected index f019d969f37..af6ecf00059 100644 --- a/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected +++ b/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.expected @@ -1,7 +1,9 @@ edges -| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | +| ServerSideRequestForgery.rb:9:32:9:37 | call to params : | ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | +| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | nodes | ServerSideRequestForgery.rb:9:32:9:37 | call to params : | semmle.label | call to params : | +| ServerSideRequestForgery.rb:9:32:9:60 | ...[...] : | semmle.label | ...[...] : | | ServerSideRequestForgery.rb:10:31:10:62 | "#{...}/logins" | semmle.label | "#{...}/logins" | subpaths #select From 3a30f58f745f6d8273d38baf89860d78621dd263 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 17 Dec 2021 13:08:44 +0100 Subject: [PATCH 25/31] Address review comments --- ruby/ql/lib/codeql/ruby/ApiGraphs.qll | 2 +- .../ruby/frameworks/StandardLibrary.qll | 4 +- .../dataflow/array-flow/array-flow.expected | 281 +++++++++--------- .../dataflow/array-flow/array_flow.rb | 8 +- 4 files changed, 144 insertions(+), 151 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll index 1647536be3e..a93f39de196 100644 --- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll +++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll @@ -98,7 +98,7 @@ module API { /** * Gets a `new` call to the function represented by this API component. */ - DataFlow::ExprNode getAnInstantiation() { result = getInstance().getAnImmediateUse() } + DataFlow::ExprNode getAnInstantiation() { result = this.getInstance().getAnImmediateUse() } /** * Gets a node representing a subclass of the class represented by this node. diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll index 07f1a4cfe9a..a0aa1b9fa0b 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll @@ -1110,8 +1110,8 @@ module Array { } } - private class InitializeCopySummary extends SimpleSummarizedCallable { - InitializeCopySummary() { this = "initialize_copy" } + private class ReplaceSummary extends SimpleSummarizedCallable { + ReplaceSummary() { this = "replace" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected index 29f99d38f94..36b0ae5b7b2 100644 --- a/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected +++ b/ruby/ql/test/library-tests/dataflow/array-flow/array-flow.expected @@ -271,63 +271,60 @@ edges | array_flow.rb:339:9:339:9 | a [array element 2] : | array_flow.rb:339:9:341:7 | call to each_index [array element 2] : | | array_flow.rb:339:9:341:7 | call to each_index [array element 2] : | array_flow.rb:342:10:342:10 | b [array element 2] : | | array_flow.rb:342:10:342:10 | b [array element 2] : | array_flow.rb:342:10:342:13 | ...[...] | -| array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:347:9:347:9 | a [array element 3] : | -| array_flow.rb:347:9:347:9 | a [array element 3] : | array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | -| array_flow.rb:347:9:347:9 | a [array element 3] : | array_flow.rb:347:26:347:26 | x [array element] : | -| array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | array_flow.rb:350:10:350:10 | b [array element 3] : | -| array_flow.rb:347:26:347:26 | x [array element] : | array_flow.rb:348:14:348:14 | x [array element] : | +| array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:347:5:347:5 | a [array element 3] : | +| array_flow.rb:347:5:347:5 | a [array element 3] : | array_flow.rb:347:25:347:25 | x [array element] : | +| array_flow.rb:347:25:347:25 | x [array element] : | array_flow.rb:348:14:348:14 | x [array element] : | | array_flow.rb:348:14:348:14 | x [array element] : | array_flow.rb:348:14:348:17 | ...[...] | -| array_flow.rb:350:10:350:10 | b [array element 3] : | array_flow.rb:350:10:350:13 | ...[...] | -| array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:355:9:355:9 | a [array element 3] : | -| array_flow.rb:355:9:355:9 | a [array element 3] : | array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | -| array_flow.rb:355:9:355:9 | a [array element 3] : | array_flow.rb:355:31:355:31 | x : | -| array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | array_flow.rb:359:10:359:10 | b [array element 3] : | -| array_flow.rb:355:31:355:31 | x : | array_flow.rb:356:14:356:14 | x | -| array_flow.rb:359:10:359:10 | b [array element 3] : | array_flow.rb:359:10:359:13 | ...[...] | -| array_flow.rb:363:19:363:30 | call to source : | array_flow.rb:364:9:364:9 | a [array element 3] : | -| array_flow.rb:364:9:364:9 | a [array element 3] : | array_flow.rb:364:46:364:46 | x : | -| array_flow.rb:364:9:367:7 | call to each_with_object : | array_flow.rb:368:10:368:10 | b | -| array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:364:9:367:7 | call to each_with_object : | -| array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:364:48:364:48 | a : | -| array_flow.rb:364:46:364:46 | x : | array_flow.rb:365:14:365:14 | x | -| array_flow.rb:364:48:364:48 | a : | array_flow.rb:366:14:366:14 | a | -| array_flow.rb:372:19:372:30 | call to source : | array_flow.rb:373:9:373:9 | a [array element 3] : | -| array_flow.rb:373:9:373:9 | a [array element 3] : | array_flow.rb:373:9:375:7 | call to fetch : | -| array_flow.rb:373:9:375:7 | call to fetch : | array_flow.rb:376:10:376:10 | b | -| array_flow.rb:373:17:373:28 | call to source : | array_flow.rb:373:35:373:35 | x : | -| array_flow.rb:373:35:373:35 | x : | array_flow.rb:374:14:374:14 | x | -| array_flow.rb:380:19:380:30 | call to source : | array_flow.rb:382:10:382:10 | a [array element 3] : | -| array_flow.rb:381:5:381:5 | [post] a [array element] : | array_flow.rb:382:10:382:10 | a [array element] : | -| array_flow.rb:381:12:381:23 | call to source : | array_flow.rb:381:5:381:5 | [post] a [array element] : | -| array_flow.rb:382:10:382:10 | a [array element 3] : | array_flow.rb:382:10:382:13 | ...[...] | -| array_flow.rb:382:10:382:10 | a [array element] : | array_flow.rb:382:10:382:13 | ...[...] | -| array_flow.rb:383:5:383:5 | [post] a [array element] : | array_flow.rb:384:10:384:10 | a [array element] : | -| array_flow.rb:383:12:383:23 | call to source : | array_flow.rb:383:5:383:5 | [post] a [array element] : | -| array_flow.rb:384:10:384:10 | a [array element] : | array_flow.rb:384:10:384:13 | ...[...] | -| array_flow.rb:385:5:385:5 | [post] a [array element] : | array_flow.rb:388:10:388:10 | a [array element] : | -| array_flow.rb:385:5:385:5 | [post] a [array element] : | array_flow.rb:392:10:392:10 | a [array element] : | -| array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:385:5:385:5 | [post] a [array element] : | -| array_flow.rb:388:10:388:10 | a [array element] : | array_flow.rb:388:10:388:13 | ...[...] | -| array_flow.rb:389:5:389:5 | [post] a [array element] : | array_flow.rb:392:10:392:10 | a [array element] : | -| array_flow.rb:390:9:390:20 | call to source : | array_flow.rb:389:5:389:5 | [post] a [array element] : | -| array_flow.rb:392:10:392:10 | a [array element] : | array_flow.rb:392:10:392:13 | ...[...] | -| array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:397:9:397:9 | a [array element 3] : | -| array_flow.rb:397:9:397:9 | a [array element 3] : | array_flow.rb:397:9:399:7 | call to filter [array element] : | -| array_flow.rb:397:9:397:9 | a [array element 3] : | array_flow.rb:397:22:397:22 | x : | -| array_flow.rb:397:9:399:7 | call to filter [array element] : | array_flow.rb:400:10:400:10 | b [array element] : | -| array_flow.rb:397:22:397:22 | x : | array_flow.rb:398:14:398:14 | x | -| array_flow.rb:400:10:400:10 | b [array element] : | array_flow.rb:400:10:400:13 | ...[...] | -| array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:405:9:405:9 | a [array element 3] : | -| array_flow.rb:405:9:405:9 | a [array element 3] : | array_flow.rb:405:9:407:7 | call to filter_map [array element] : | -| array_flow.rb:405:9:405:9 | a [array element 3] : | array_flow.rb:405:26:405:26 | x : | -| array_flow.rb:405:9:407:7 | call to filter_map [array element] : | array_flow.rb:408:10:408:10 | b [array element] : | -| array_flow.rb:405:26:405:26 | x : | array_flow.rb:406:14:406:14 | x | -| array_flow.rb:408:10:408:10 | b [array element] : | array_flow.rb:408:10:408:13 | ...[...] | -| array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:413:9:413:9 | a [array element 3] : | -| array_flow.rb:413:9:413:9 | a [array element 3] : | array_flow.rb:413:9:415:7 | call to filter! [array element] : | -| array_flow.rb:413:9:413:9 | a [array element 3] : | array_flow.rb:413:23:413:23 | x : | -| array_flow.rb:413:9:415:7 | call to filter! [array element] : | array_flow.rb:416:10:416:10 | b [array element] : | -| array_flow.rb:413:23:413:23 | x : | array_flow.rb:414:14:414:14 | x | +| array_flow.rb:353:19:353:28 | call to source : | array_flow.rb:354:9:354:9 | a [array element 3] : | +| array_flow.rb:354:9:354:9 | a [array element 3] : | array_flow.rb:354:9:357:7 | call to each_with_index [array element 3] : | +| array_flow.rb:354:9:354:9 | a [array element 3] : | array_flow.rb:354:31:354:31 | x : | +| array_flow.rb:354:9:357:7 | call to each_with_index [array element 3] : | array_flow.rb:358:10:358:10 | b [array element 3] : | +| array_flow.rb:354:31:354:31 | x : | array_flow.rb:355:14:355:14 | x | +| array_flow.rb:358:10:358:10 | b [array element 3] : | array_flow.rb:358:10:358:13 | ...[...] | +| array_flow.rb:362:19:362:30 | call to source : | array_flow.rb:363:9:363:9 | a [array element 3] : | +| array_flow.rb:363:9:363:9 | a [array element 3] : | array_flow.rb:363:46:363:46 | x : | +| array_flow.rb:363:9:366:7 | call to each_with_object : | array_flow.rb:367:10:367:10 | b | +| array_flow.rb:363:28:363:39 | call to source : | array_flow.rb:363:9:366:7 | call to each_with_object : | +| array_flow.rb:363:28:363:39 | call to source : | array_flow.rb:363:48:363:48 | a : | +| array_flow.rb:363:46:363:46 | x : | array_flow.rb:364:14:364:14 | x | +| array_flow.rb:363:48:363:48 | a : | array_flow.rb:365:14:365:14 | a | +| array_flow.rb:371:19:371:30 | call to source : | array_flow.rb:372:9:372:9 | a [array element 3] : | +| array_flow.rb:372:9:372:9 | a [array element 3] : | array_flow.rb:372:9:374:7 | call to fetch : | +| array_flow.rb:372:9:374:7 | call to fetch : | array_flow.rb:375:10:375:10 | b | +| array_flow.rb:372:17:372:28 | call to source : | array_flow.rb:372:35:372:35 | x : | +| array_flow.rb:372:35:372:35 | x : | array_flow.rb:373:14:373:14 | x | +| array_flow.rb:379:19:379:30 | call to source : | array_flow.rb:381:10:381:10 | a [array element 3] : | +| array_flow.rb:380:5:380:5 | [post] a [array element] : | array_flow.rb:381:10:381:10 | a [array element] : | +| array_flow.rb:380:12:380:23 | call to source : | array_flow.rb:380:5:380:5 | [post] a [array element] : | +| array_flow.rb:381:10:381:10 | a [array element 3] : | array_flow.rb:381:10:381:13 | ...[...] | +| array_flow.rb:381:10:381:10 | a [array element] : | array_flow.rb:381:10:381:13 | ...[...] | +| array_flow.rb:382:5:382:5 | [post] a [array element] : | array_flow.rb:383:10:383:10 | a [array element] : | +| array_flow.rb:382:12:382:23 | call to source : | array_flow.rb:382:5:382:5 | [post] a [array element] : | +| array_flow.rb:383:10:383:10 | a [array element] : | array_flow.rb:383:10:383:13 | ...[...] | +| array_flow.rb:384:5:384:5 | [post] a [array element] : | array_flow.rb:387:10:387:10 | a [array element] : | +| array_flow.rb:384:5:384:5 | [post] a [array element] : | array_flow.rb:391:10:391:10 | a [array element] : | +| array_flow.rb:385:9:385:20 | call to source : | array_flow.rb:384:5:384:5 | [post] a [array element] : | +| array_flow.rb:387:10:387:10 | a [array element] : | array_flow.rb:387:10:387:13 | ...[...] | +| array_flow.rb:388:5:388:5 | [post] a [array element] : | array_flow.rb:391:10:391:10 | a [array element] : | +| array_flow.rb:389:9:389:20 | call to source : | array_flow.rb:388:5:388:5 | [post] a [array element] : | +| array_flow.rb:391:10:391:10 | a [array element] : | array_flow.rb:391:10:391:13 | ...[...] | +| array_flow.rb:395:19:395:28 | call to source : | array_flow.rb:396:9:396:9 | a [array element 3] : | +| array_flow.rb:396:9:396:9 | a [array element 3] : | array_flow.rb:396:9:398:7 | call to filter [array element] : | +| array_flow.rb:396:9:396:9 | a [array element 3] : | array_flow.rb:396:22:396:22 | x : | +| array_flow.rb:396:9:398:7 | call to filter [array element] : | array_flow.rb:399:10:399:10 | b [array element] : | +| array_flow.rb:396:22:396:22 | x : | array_flow.rb:397:14:397:14 | x | +| array_flow.rb:399:10:399:10 | b [array element] : | array_flow.rb:399:10:399:13 | ...[...] | +| array_flow.rb:403:19:403:28 | call to source : | array_flow.rb:404:9:404:9 | a [array element 3] : | +| array_flow.rb:404:9:404:9 | a [array element 3] : | array_flow.rb:404:9:406:7 | call to filter_map [array element] : | +| array_flow.rb:404:9:404:9 | a [array element 3] : | array_flow.rb:404:26:404:26 | x : | +| array_flow.rb:404:9:406:7 | call to filter_map [array element] : | array_flow.rb:407:10:407:10 | b [array element] : | +| array_flow.rb:404:26:404:26 | x : | array_flow.rb:405:14:405:14 | x | +| array_flow.rb:407:10:407:10 | b [array element] : | array_flow.rb:407:10:407:13 | ...[...] | +| array_flow.rb:411:19:411:28 | call to source : | array_flow.rb:412:9:412:9 | a [array element 3] : | +| array_flow.rb:412:9:412:9 | a [array element 3] : | array_flow.rb:412:9:415:7 | call to filter! [array element] : | +| array_flow.rb:412:9:412:9 | a [array element 3] : | array_flow.rb:412:23:412:23 | x : | +| array_flow.rb:412:9:415:7 | call to filter! [array element] : | array_flow.rb:416:10:416:10 | b [array element] : | +| array_flow.rb:412:23:412:23 | x : | array_flow.rb:413:14:413:14 | x | | array_flow.rb:416:10:416:10 | b [array element] : | array_flow.rb:416:10:416:13 | ...[...] | | array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:421:9:421:9 | a [array element 3] : | | array_flow.rb:421:9:421:9 | a [array element 3] : | array_flow.rb:421:9:423:7 | call to find : | @@ -419,7 +416,7 @@ edges | array_flow.rb:501:5:501:5 | a [array element 3] : | array_flow.rb:501:17:501:17 | x : | | array_flow.rb:501:17:501:17 | x : | array_flow.rb:502:14:502:14 | x | | array_flow.rb:508:5:508:5 | [post] a [array element 0] : | array_flow.rb:509:10:509:10 | a [array element 0] : | -| array_flow.rb:508:24:508:35 | call to source : | array_flow.rb:508:5:508:5 | [post] a [array element 0] : | +| array_flow.rb:508:16:508:27 | call to source : | array_flow.rb:508:5:508:5 | [post] a [array element 0] : | | array_flow.rb:509:10:509:10 | a [array element 0] : | array_flow.rb:509:10:509:13 | ...[...] | | array_flow.rb:515:16:515:29 | call to source : | array_flow.rb:516:5:516:5 | a [array element 2] : | | array_flow.rb:516:5:516:5 | [post] a [array element 2] : | array_flow.rb:519:10:519:10 | a [array element 2] : | @@ -743,73 +740,70 @@ nodes | array_flow.rb:342:10:342:10 | b [array element 2] : | semmle.label | b [array element 2] : | | array_flow.rb:342:10:342:13 | ...[...] | semmle.label | ...[...] | | array_flow.rb:346:19:346:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:347:9:347:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:347:9:349:7 | call to each_slice [array element 3] : | semmle.label | call to each_slice [array element 3] : | -| array_flow.rb:347:26:347:26 | x [array element] : | semmle.label | x [array element] : | +| array_flow.rb:347:5:347:5 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:347:25:347:25 | x [array element] : | semmle.label | x [array element] : | | array_flow.rb:348:14:348:14 | x [array element] : | semmle.label | x [array element] : | | array_flow.rb:348:14:348:17 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:350:10:350:10 | b [array element 3] : | semmle.label | b [array element 3] : | -| array_flow.rb:350:10:350:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:354:19:354:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:355:9:355:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:355:9:358:7 | call to each_with_index [array element 3] : | semmle.label | call to each_with_index [array element 3] : | -| array_flow.rb:355:31:355:31 | x : | semmle.label | x : | -| array_flow.rb:356:14:356:14 | x | semmle.label | x | -| array_flow.rb:359:10:359:10 | b [array element 3] : | semmle.label | b [array element 3] : | -| array_flow.rb:359:10:359:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:363:19:363:30 | call to source : | semmle.label | call to source : | -| array_flow.rb:364:9:364:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:364:9:367:7 | call to each_with_object : | semmle.label | call to each_with_object : | -| array_flow.rb:364:28:364:39 | call to source : | semmle.label | call to source : | -| array_flow.rb:364:46:364:46 | x : | semmle.label | x : | -| array_flow.rb:364:48:364:48 | a : | semmle.label | a : | -| array_flow.rb:365:14:365:14 | x | semmle.label | x | -| array_flow.rb:366:14:366:14 | a | semmle.label | a | -| array_flow.rb:368:10:368:10 | b | semmle.label | b | -| array_flow.rb:372:19:372:30 | call to source : | semmle.label | call to source : | -| array_flow.rb:373:9:373:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:373:9:375:7 | call to fetch : | semmle.label | call to fetch : | -| array_flow.rb:373:17:373:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:373:35:373:35 | x : | semmle.label | x : | -| array_flow.rb:374:14:374:14 | x | semmle.label | x | -| array_flow.rb:376:10:376:10 | b | semmle.label | b | -| array_flow.rb:380:19:380:30 | call to source : | semmle.label | call to source : | -| array_flow.rb:381:5:381:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | -| array_flow.rb:381:12:381:23 | call to source : | semmle.label | call to source : | -| array_flow.rb:382:10:382:10 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:382:10:382:10 | a [array element] : | semmle.label | a [array element] : | -| array_flow.rb:382:10:382:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:383:5:383:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | -| array_flow.rb:383:12:383:23 | call to source : | semmle.label | call to source : | -| array_flow.rb:384:10:384:10 | a [array element] : | semmle.label | a [array element] : | -| array_flow.rb:384:10:384:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:385:5:385:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | -| array_flow.rb:386:9:386:20 | call to source : | semmle.label | call to source : | -| array_flow.rb:388:10:388:10 | a [array element] : | semmle.label | a [array element] : | -| array_flow.rb:388:10:388:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:389:5:389:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | -| array_flow.rb:390:9:390:20 | call to source : | semmle.label | call to source : | -| array_flow.rb:392:10:392:10 | a [array element] : | semmle.label | a [array element] : | -| array_flow.rb:392:10:392:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:396:19:396:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:397:9:397:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:397:9:399:7 | call to filter [array element] : | semmle.label | call to filter [array element] : | -| array_flow.rb:397:22:397:22 | x : | semmle.label | x : | -| array_flow.rb:398:14:398:14 | x | semmle.label | x | -| array_flow.rb:400:10:400:10 | b [array element] : | semmle.label | b [array element] : | -| array_flow.rb:400:10:400:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:404:19:404:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:405:9:405:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:405:9:407:7 | call to filter_map [array element] : | semmle.label | call to filter_map [array element] : | -| array_flow.rb:405:26:405:26 | x : | semmle.label | x : | -| array_flow.rb:406:14:406:14 | x | semmle.label | x | -| array_flow.rb:408:10:408:10 | b [array element] : | semmle.label | b [array element] : | -| array_flow.rb:408:10:408:13 | ...[...] | semmle.label | ...[...] | -| array_flow.rb:412:19:412:28 | call to source : | semmle.label | call to source : | -| array_flow.rb:413:9:413:9 | a [array element 3] : | semmle.label | a [array element 3] : | -| array_flow.rb:413:9:415:7 | call to filter! [array element] : | semmle.label | call to filter! [array element] : | -| array_flow.rb:413:23:413:23 | x : | semmle.label | x : | -| array_flow.rb:414:14:414:14 | x | semmle.label | x | +| array_flow.rb:353:19:353:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:354:9:354:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:354:9:357:7 | call to each_with_index [array element 3] : | semmle.label | call to each_with_index [array element 3] : | +| array_flow.rb:354:31:354:31 | x : | semmle.label | x : | +| array_flow.rb:355:14:355:14 | x | semmle.label | x | +| array_flow.rb:358:10:358:10 | b [array element 3] : | semmle.label | b [array element 3] : | +| array_flow.rb:358:10:358:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:362:19:362:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:363:9:363:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:363:9:366:7 | call to each_with_object : | semmle.label | call to each_with_object : | +| array_flow.rb:363:28:363:39 | call to source : | semmle.label | call to source : | +| array_flow.rb:363:46:363:46 | x : | semmle.label | x : | +| array_flow.rb:363:48:363:48 | a : | semmle.label | a : | +| array_flow.rb:364:14:364:14 | x | semmle.label | x | +| array_flow.rb:365:14:365:14 | a | semmle.label | a | +| array_flow.rb:367:10:367:10 | b | semmle.label | b | +| array_flow.rb:371:19:371:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:372:9:372:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:372:9:374:7 | call to fetch : | semmle.label | call to fetch : | +| array_flow.rb:372:17:372:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:372:35:372:35 | x : | semmle.label | x : | +| array_flow.rb:373:14:373:14 | x | semmle.label | x | +| array_flow.rb:375:10:375:10 | b | semmle.label | b | +| array_flow.rb:379:19:379:30 | call to source : | semmle.label | call to source : | +| array_flow.rb:380:5:380:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:380:12:380:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:381:10:381:10 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:381:10:381:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:381:10:381:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:382:5:382:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:382:12:382:23 | call to source : | semmle.label | call to source : | +| array_flow.rb:383:10:383:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:383:10:383:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:384:5:384:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:385:9:385:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:387:10:387:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:387:10:387:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:388:5:388:5 | [post] a [array element] : | semmle.label | [post] a [array element] : | +| array_flow.rb:389:9:389:20 | call to source : | semmle.label | call to source : | +| array_flow.rb:391:10:391:10 | a [array element] : | semmle.label | a [array element] : | +| array_flow.rb:391:10:391:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:395:19:395:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:396:9:396:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:396:9:398:7 | call to filter [array element] : | semmle.label | call to filter [array element] : | +| array_flow.rb:396:22:396:22 | x : | semmle.label | x : | +| array_flow.rb:397:14:397:14 | x | semmle.label | x | +| array_flow.rb:399:10:399:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:399:10:399:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:403:19:403:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:404:9:404:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:404:9:406:7 | call to filter_map [array element] : | semmle.label | call to filter_map [array element] : | +| array_flow.rb:404:26:404:26 | x : | semmle.label | x : | +| array_flow.rb:405:14:405:14 | x | semmle.label | x | +| array_flow.rb:407:10:407:10 | b [array element] : | semmle.label | b [array element] : | +| array_flow.rb:407:10:407:13 | ...[...] | semmle.label | ...[...] | +| array_flow.rb:411:19:411:28 | call to source : | semmle.label | call to source : | +| array_flow.rb:412:9:412:9 | a [array element 3] : | semmle.label | a [array element 3] : | +| array_flow.rb:412:9:415:7 | call to filter! [array element] : | semmle.label | call to filter! [array element] : | +| array_flow.rb:412:23:412:23 | x : | semmle.label | x : | +| array_flow.rb:413:14:413:14 | x | semmle.label | x | | array_flow.rb:416:10:416:10 | b [array element] : | semmle.label | b [array element] : | | array_flow.rb:416:10:416:13 | ...[...] | semmle.label | ...[...] | | array_flow.rb:420:19:420:30 | call to source : | semmle.label | call to source : | @@ -912,7 +906,7 @@ nodes | array_flow.rb:501:17:501:17 | x : | semmle.label | x : | | array_flow.rb:502:14:502:14 | x | semmle.label | x | | array_flow.rb:508:5:508:5 | [post] a [array element 0] : | semmle.label | [post] a [array element 0] : | -| array_flow.rb:508:24:508:35 | call to source : | semmle.label | call to source : | +| array_flow.rb:508:16:508:27 | call to source : | semmle.label | call to source : | | array_flow.rb:509:10:509:10 | a [array element 0] : | semmle.label | a [array element 0] : | | array_flow.rb:509:10:509:13 | ...[...] | semmle.label | ...[...] | | array_flow.rb:515:16:515:29 | call to source : | semmle.label | call to source : | @@ -1024,26 +1018,25 @@ subpaths | array_flow.rb:334:10:334:13 | ...[...] | array_flow.rb:330:16:330:25 | call to source : | array_flow.rb:334:10:334:13 | ...[...] | $@ | array_flow.rb:330:16:330:25 | call to source : | call to source : | | array_flow.rb:342:10:342:13 | ...[...] | array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:342:10:342:13 | ...[...] | $@ | array_flow.rb:338:16:338:25 | call to source : | call to source : | | array_flow.rb:348:14:348:17 | ...[...] | array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:348:14:348:17 | ...[...] | $@ | array_flow.rb:346:19:346:28 | call to source : | call to source : | -| array_flow.rb:350:10:350:13 | ...[...] | array_flow.rb:346:19:346:28 | call to source : | array_flow.rb:350:10:350:13 | ...[...] | $@ | array_flow.rb:346:19:346:28 | call to source : | call to source : | -| array_flow.rb:356:14:356:14 | x | array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:356:14:356:14 | x | $@ | array_flow.rb:354:19:354:28 | call to source : | call to source : | -| array_flow.rb:359:10:359:13 | ...[...] | array_flow.rb:354:19:354:28 | call to source : | array_flow.rb:359:10:359:13 | ...[...] | $@ | array_flow.rb:354:19:354:28 | call to source : | call to source : | -| array_flow.rb:365:14:365:14 | x | array_flow.rb:363:19:363:30 | call to source : | array_flow.rb:365:14:365:14 | x | $@ | array_flow.rb:363:19:363:30 | call to source : | call to source : | -| array_flow.rb:366:14:366:14 | a | array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:366:14:366:14 | a | $@ | array_flow.rb:364:28:364:39 | call to source : | call to source : | -| array_flow.rb:368:10:368:10 | b | array_flow.rb:364:28:364:39 | call to source : | array_flow.rb:368:10:368:10 | b | $@ | array_flow.rb:364:28:364:39 | call to source : | call to source : | -| array_flow.rb:374:14:374:14 | x | array_flow.rb:373:17:373:28 | call to source : | array_flow.rb:374:14:374:14 | x | $@ | array_flow.rb:373:17:373:28 | call to source : | call to source : | -| array_flow.rb:376:10:376:10 | b | array_flow.rb:372:19:372:30 | call to source : | array_flow.rb:376:10:376:10 | b | $@ | array_flow.rb:372:19:372:30 | call to source : | call to source : | -| array_flow.rb:382:10:382:13 | ...[...] | array_flow.rb:380:19:380:30 | call to source : | array_flow.rb:382:10:382:13 | ...[...] | $@ | array_flow.rb:380:19:380:30 | call to source : | call to source : | -| array_flow.rb:382:10:382:13 | ...[...] | array_flow.rb:381:12:381:23 | call to source : | array_flow.rb:382:10:382:13 | ...[...] | $@ | array_flow.rb:381:12:381:23 | call to source : | call to source : | -| array_flow.rb:384:10:384:13 | ...[...] | array_flow.rb:383:12:383:23 | call to source : | array_flow.rb:384:10:384:13 | ...[...] | $@ | array_flow.rb:383:12:383:23 | call to source : | call to source : | -| array_flow.rb:388:10:388:13 | ...[...] | array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:388:10:388:13 | ...[...] | $@ | array_flow.rb:386:9:386:20 | call to source : | call to source : | -| array_flow.rb:392:10:392:13 | ...[...] | array_flow.rb:386:9:386:20 | call to source : | array_flow.rb:392:10:392:13 | ...[...] | $@ | array_flow.rb:386:9:386:20 | call to source : | call to source : | -| array_flow.rb:392:10:392:13 | ...[...] | array_flow.rb:390:9:390:20 | call to source : | array_flow.rb:392:10:392:13 | ...[...] | $@ | array_flow.rb:390:9:390:20 | call to source : | call to source : | -| array_flow.rb:398:14:398:14 | x | array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:398:14:398:14 | x | $@ | array_flow.rb:396:19:396:28 | call to source : | call to source : | -| array_flow.rb:400:10:400:13 | ...[...] | array_flow.rb:396:19:396:28 | call to source : | array_flow.rb:400:10:400:13 | ...[...] | $@ | array_flow.rb:396:19:396:28 | call to source : | call to source : | -| array_flow.rb:406:14:406:14 | x | array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:406:14:406:14 | x | $@ | array_flow.rb:404:19:404:28 | call to source : | call to source : | -| array_flow.rb:408:10:408:13 | ...[...] | array_flow.rb:404:19:404:28 | call to source : | array_flow.rb:408:10:408:13 | ...[...] | $@ | array_flow.rb:404:19:404:28 | call to source : | call to source : | -| array_flow.rb:414:14:414:14 | x | array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:414:14:414:14 | x | $@ | array_flow.rb:412:19:412:28 | call to source : | call to source : | -| array_flow.rb:416:10:416:13 | ...[...] | array_flow.rb:412:19:412:28 | call to source : | array_flow.rb:416:10:416:13 | ...[...] | $@ | array_flow.rb:412:19:412:28 | call to source : | call to source : | +| array_flow.rb:355:14:355:14 | x | array_flow.rb:353:19:353:28 | call to source : | array_flow.rb:355:14:355:14 | x | $@ | array_flow.rb:353:19:353:28 | call to source : | call to source : | +| array_flow.rb:358:10:358:13 | ...[...] | array_flow.rb:353:19:353:28 | call to source : | array_flow.rb:358:10:358:13 | ...[...] | $@ | array_flow.rb:353:19:353:28 | call to source : | call to source : | +| array_flow.rb:364:14:364:14 | x | array_flow.rb:362:19:362:30 | call to source : | array_flow.rb:364:14:364:14 | x | $@ | array_flow.rb:362:19:362:30 | call to source : | call to source : | +| array_flow.rb:365:14:365:14 | a | array_flow.rb:363:28:363:39 | call to source : | array_flow.rb:365:14:365:14 | a | $@ | array_flow.rb:363:28:363:39 | call to source : | call to source : | +| array_flow.rb:367:10:367:10 | b | array_flow.rb:363:28:363:39 | call to source : | array_flow.rb:367:10:367:10 | b | $@ | array_flow.rb:363:28:363:39 | call to source : | call to source : | +| array_flow.rb:373:14:373:14 | x | array_flow.rb:372:17:372:28 | call to source : | array_flow.rb:373:14:373:14 | x | $@ | array_flow.rb:372:17:372:28 | call to source : | call to source : | +| array_flow.rb:375:10:375:10 | b | array_flow.rb:371:19:371:30 | call to source : | array_flow.rb:375:10:375:10 | b | $@ | array_flow.rb:371:19:371:30 | call to source : | call to source : | +| array_flow.rb:381:10:381:13 | ...[...] | array_flow.rb:379:19:379:30 | call to source : | array_flow.rb:381:10:381:13 | ...[...] | $@ | array_flow.rb:379:19:379:30 | call to source : | call to source : | +| array_flow.rb:381:10:381:13 | ...[...] | array_flow.rb:380:12:380:23 | call to source : | array_flow.rb:381:10:381:13 | ...[...] | $@ | array_flow.rb:380:12:380:23 | call to source : | call to source : | +| array_flow.rb:383:10:383:13 | ...[...] | array_flow.rb:382:12:382:23 | call to source : | array_flow.rb:383:10:383:13 | ...[...] | $@ | array_flow.rb:382:12:382:23 | call to source : | call to source : | +| array_flow.rb:387:10:387:13 | ...[...] | array_flow.rb:385:9:385:20 | call to source : | array_flow.rb:387:10:387:13 | ...[...] | $@ | array_flow.rb:385:9:385:20 | call to source : | call to source : | +| array_flow.rb:391:10:391:13 | ...[...] | array_flow.rb:385:9:385:20 | call to source : | array_flow.rb:391:10:391:13 | ...[...] | $@ | array_flow.rb:385:9:385:20 | call to source : | call to source : | +| array_flow.rb:391:10:391:13 | ...[...] | array_flow.rb:389:9:389:20 | call to source : | array_flow.rb:391:10:391:13 | ...[...] | $@ | array_flow.rb:389:9:389:20 | call to source : | call to source : | +| array_flow.rb:397:14:397:14 | x | array_flow.rb:395:19:395:28 | call to source : | array_flow.rb:397:14:397:14 | x | $@ | array_flow.rb:395:19:395:28 | call to source : | call to source : | +| array_flow.rb:399:10:399:13 | ...[...] | array_flow.rb:395:19:395:28 | call to source : | array_flow.rb:399:10:399:13 | ...[...] | $@ | array_flow.rb:395:19:395:28 | call to source : | call to source : | +| array_flow.rb:405:14:405:14 | x | array_flow.rb:403:19:403:28 | call to source : | array_flow.rb:405:14:405:14 | x | $@ | array_flow.rb:403:19:403:28 | call to source : | call to source : | +| array_flow.rb:407:10:407:13 | ...[...] | array_flow.rb:403:19:403:28 | call to source : | array_flow.rb:407:10:407:13 | ...[...] | $@ | array_flow.rb:403:19:403:28 | call to source : | call to source : | +| array_flow.rb:413:14:413:14 | x | array_flow.rb:411:19:411:28 | call to source : | array_flow.rb:413:14:413:14 | x | $@ | array_flow.rb:411:19:411:28 | call to source : | call to source : | +| array_flow.rb:416:10:416:13 | ...[...] | array_flow.rb:411:19:411:28 | call to source : | array_flow.rb:416:10:416:13 | ...[...] | $@ | array_flow.rb:411:19:411:28 | call to source : | call to source : | | array_flow.rb:422:14:422:14 | x | array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:422:14:422:14 | x | $@ | array_flow.rb:420:19:420:30 | call to source : | call to source : | | array_flow.rb:424:10:424:10 | b | array_flow.rb:420:19:420:30 | call to source : | array_flow.rb:424:10:424:10 | b | $@ | array_flow.rb:420:19:420:30 | call to source : | call to source : | | array_flow.rb:424:10:424:10 | b | array_flow.rb:421:21:421:32 | call to source : | array_flow.rb:424:10:424:10 | b | $@ | array_flow.rb:421:21:421:32 | call to source : | call to source : | @@ -1073,6 +1066,6 @@ subpaths | array_flow.rb:493:14:493:14 | x | array_flow.rb:489:19:489:30 | call to source : | array_flow.rb:493:14:493:14 | x | $@ | array_flow.rb:489:19:489:30 | call to source : | call to source : | | array_flow.rb:496:10:496:13 | ...[...] | array_flow.rb:494:9:494:20 | call to source : | array_flow.rb:496:10:496:13 | ...[...] | $@ | array_flow.rb:494:9:494:20 | call to source : | call to source : | | array_flow.rb:502:14:502:14 | x | array_flow.rb:500:19:500:28 | call to source : | array_flow.rb:502:14:502:14 | x | $@ | array_flow.rb:500:19:500:28 | call to source : | call to source : | -| array_flow.rb:509:10:509:13 | ...[...] | array_flow.rb:508:24:508:35 | call to source : | array_flow.rb:509:10:509:13 | ...[...] | $@ | array_flow.rb:508:24:508:35 | call to source : | call to source : | +| array_flow.rb:509:10:509:13 | ...[...] | array_flow.rb:508:16:508:27 | call to source : | array_flow.rb:509:10:509:13 | ...[...] | $@ | array_flow.rb:508:16:508:27 | call to source : | call to source : | | array_flow.rb:519:10:519:13 | ...[...] | array_flow.rb:516:21:516:34 | call to source : | array_flow.rb:519:10:519:13 | ...[...] | $@ | array_flow.rb:516:21:516:34 | call to source : | call to source : | | array_flow.rb:522:10:522:13 | ...[...] | array_flow.rb:515:16:515:29 | call to source : | array_flow.rb:522:10:522:13 | ...[...] | $@ | array_flow.rb:515:16:515:29 | call to source : | call to source : | diff --git a/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb b/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb index 5a5cef4ea81..e457108f0d4 100644 --- a/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb +++ b/ruby/ql/test/library-tests/dataflow/array-flow/array_flow.rb @@ -14,7 +14,7 @@ def m1(i) end def m2(i) - a = Array.new(0, source(2.1)) + a = Array.new(1, source(2.1)) sink(a[0]) # $ hasValueFlow=2.1 sink(a[i]) # $ hasValueFlow=2.1 @@ -344,10 +344,9 @@ end def m43 a = [0, 1, 2, source(43)] - b = a.each_slice do |x| + a.each_slice(1) do |x| sink(x[0]) # $ hasValueFlow=43 end - sink(b[3]) # $ hasValueFlow=43 end def m44 @@ -412,6 +411,7 @@ def m50 a = [0, 1, 2, source(50)] b = a.filter! do |x| sink(x) # $ hasValueFlow=50 + x > 2 end sink(b[0]) # $ hasValueFlow=50 end @@ -505,7 +505,7 @@ end def m61 a = [0, 1, 2, source(61.1)] - a.initialize_copy([source(61.2)]) + a.replace([source(61.2)]) sink(a[0]) # $ hasValueFlow=61.2 end From 118d0d9ff50503e805569b7acd0f7557b6dda62a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 22 Dec 2021 10:58:11 +0100 Subject: [PATCH 26/31] Ruby: Use "Receiver" instead of "Self" in flow summaries Flow summaries use the "outside view", i.e., the call sites, so "receiver" is better than "self", as the latter uses the "inside view", i.e. the callees. --- .../lib/codeql/ruby/dataflow/FlowSummary.qll | 8 +- .../internal/FlowSummaryImplSpecific.qll | 4 +- .../ruby/frameworks/StandardLibrary.qll | 160 +++++++++--------- 3 files changed, 86 insertions(+), 86 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll index 678a2421386..1139bcd1f17 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll @@ -23,8 +23,8 @@ module SummaryComponent { predicate content = SC::content/1; - /** Gets a summary component that represents a `self` argument. */ - SummaryComponent self() { result = argument(any(ParameterPosition pos | pos.isSelf())) } + /** Gets a summary component that represents a receiver. */ + SummaryComponent receiver() { result = argument(any(ParameterPosition pos | pos.isSelf())) } /** Gets a summary component that represents a block argument. */ SummaryComponent block() { result = argument(any(ParameterPosition pos | pos.isBlock())) } @@ -67,8 +67,8 @@ module SummaryComponentStack { predicate argument = SCS::argument/1; - /** Gets a singleton stack representing a `self` argument. */ - SummaryComponentStack self() { result = singleton(SummaryComponent::self()) } + /** Gets a singleton stack representing a receiver. */ + SummaryComponentStack receiver() { result = singleton(SummaryComponent::receiver()) } /** Gets a singleton stack representing a block argument. */ SummaryComponentStack block() { result = singleton(SummaryComponent::block()) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll index 127e15edc03..defcccdef06 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll @@ -60,8 +60,8 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string */ bindingset[c] SummaryComponent interpretComponentSpecific(string c) { - c = "Self" and - result = FlowSummary::SummaryComponent::self() + c = "Receiver" and + result = FlowSummary::SummaryComponent::receiver() or c = "BlockArgument" and result = FlowSummary::SummaryComponent::block() diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll index a0aa1b9fa0b..ce8c443dda2 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll @@ -458,11 +458,11 @@ private class SplatSummary extends SummarizedCallable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( // *1 = [1] - input = "Self" and + input = "Receiver" and output = "ArrayElement[0] of ReturnValue" or // *[1] = [1] - input = "Self" and + input = "Receiver" and output = "ReturnValue" ) and preservesValue = true @@ -563,7 +563,7 @@ module Array { override BitwiseAndExpr getACall() { any() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = ["ArrayElement of Self", "ArrayElement of Argument[0]"] and + input = ["ArrayElement of Receiver", "ArrayElement of Argument[0]"] and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -575,7 +575,7 @@ module Array { override MulExpr getACall() { any() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -589,11 +589,11 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) or - input = ["ArrayElement[?] of Self", "ArrayElement of Argument[0]"] and + input = ["ArrayElement[?] of Receiver", "ArrayElement of Argument[0]"] and output = "ArrayElement[?] of ReturnValue" ) and preservesValue = true @@ -606,7 +606,7 @@ module Array { override SubExpr getACall() { any() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -620,11 +620,11 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) or - input = ["ArrayElement[?] of Self", "Argument[0]"] and + input = ["ArrayElement[?] of Receiver", "Argument[0]"] and output = "ArrayElement[?] of ReturnValue" ) and preservesValue = true @@ -652,7 +652,7 @@ module Array { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement[" + [i.toString(), "?"] + "] of Self" and + input = "ArrayElement[" + [i.toString(), "?"] + "] of Receiver" and output = "ReturnValue" and preservesValue = true } @@ -667,7 +667,7 @@ module Array { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ReturnValue" and preservesValue = true } @@ -686,7 +686,7 @@ module Array { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -714,7 +714,7 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { input = "Argument[1]" and - output = "ArrayElement[" + c.getIndex() + "] of Self" and + output = "ArrayElement[" + c.getIndex() + "] of Receiver" and preservesValue = true } @@ -734,7 +734,7 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { input = "Argument[1]" and - output = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of Receiver" and preservesValue = true } } @@ -754,8 +754,8 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { exists(string arg | arg = "Argument[" + (mc.getNumberOfArguments() - 1) + "]" and - input = ["ArrayElement of " + arg, arg, "ArrayElement of Self"] and - output = "ArrayElement[?] of Self" and + input = ["ArrayElement of " + arg, arg, "ArrayElement of Receiver"] and + output = "ArrayElement[?] of Receiver" and preservesValue = true ) } @@ -770,7 +770,7 @@ module Array { AssocSummary() { this = "assoc" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of ArrayElement of Self" and + input = "ArrayElement of ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -795,7 +795,7 @@ module Array { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement[" + [i.toString(), "?"] + "] of Self" and + input = "ArrayElement[" + [i.toString(), "?"] + "] of Receiver" and output = "ReturnValue" and preservesValue = true } @@ -809,7 +809,7 @@ module Array { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ReturnValue" and preservesValue = true } @@ -819,7 +819,7 @@ module Array { BSearchSummary() { this = "bsearch" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ReturnValue"] and preservesValue = true } @@ -829,7 +829,7 @@ module Array { BSearchIndexSummary() { this = "bsearch_index" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true } @@ -848,7 +848,7 @@ module Array { CombinationSummary() { this = "combination" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of Parameter[0] of BlockArgument" and preservesValue = true } @@ -858,7 +858,7 @@ module Array { CompactSummary() { this = "compact" + ["", "!"] } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -869,7 +869,7 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { input = "ArrayElement of Argument[_]" and - output = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of Receiver" and preservesValue = true } } @@ -878,7 +878,7 @@ module Array { DeleteSummary() { this = "delete" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = ["ArrayElement of Self", "ReturnValue of BlockArgument"] and + input = ["ArrayElement of Receiver", "ReturnValue of BlockArgument"] and output = "ReturnValue" and preservesValue = true } @@ -888,7 +888,7 @@ module Array { DeleteAtSummary() { this = "delete_at" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ReturnValue" and preservesValue = true } @@ -898,7 +898,7 @@ module Array { DeleteIfSummary() { this = "delete_if" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and preservesValue = true } @@ -961,7 +961,7 @@ module Array { override MethodCall getACall() { result = dig } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = buildDigInputSpec(dig) + "Self" and + input = buildDigInputSpec(dig) + "Receiver" and output = "ReturnValue" and preservesValue = true } @@ -972,14 +972,14 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) ) and @@ -992,11 +992,11 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) ) and @@ -1009,7 +1009,7 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ReturnValue" or input = "Argument[0]" and @@ -1029,7 +1029,7 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { input = ["Argument[0]", "ReturnValue of BlockArgument"] and - output = "ArrayElement[?] of Self" and + output = "ArrayElement[?] of Receiver" and preservesValue = true } } @@ -1057,7 +1057,7 @@ module Array { FilterBangSummary() { this = "filter!" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and preservesValue = true } @@ -1070,8 +1070,8 @@ module Array { ( input = [ - "ArrayElement of Self", "ArrayElement of ArrayElement of Self", - "ArrayElement of ArrayElement of ArrayElement of Self" + "ArrayElement of Receiver", "ArrayElement of ArrayElement of Receiver", + "ArrayElement of ArrayElement of ArrayElement of Receiver" ] and output = "ArrayElement[?] of ReturnValue" ) and @@ -1086,10 +1086,10 @@ module Array { ( input = [ - "ArrayElement of Self", "ArrayElement of ArrayElement of Self", - "ArrayElement of ArrayElement of ArrayElement of Self" + "ArrayElement of Receiver", "ArrayElement of ArrayElement of Receiver", + "ArrayElement of ArrayElement of ArrayElement of Receiver" ] and - output = "ArrayElement[?] of Self" + output = "ArrayElement[?] of Receiver" ) and preservesValue = true } @@ -1104,7 +1104,7 @@ module Array { IndexSummary() { this = "index" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true } @@ -1116,11 +1116,11 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( input = "ArrayElement[?] of Argument[0]" and - output = "ArrayElement[?] of Self" + output = "ArrayElement[?] of Receiver" or exists(ArrayIndex i | input = "ArrayElement[" + i + "] of Argument[0]" and - output = "ArrayElement[" + i + "] of Self" + output = "ArrayElement[" + i + "] of Receiver" ) ) and preservesValue = true @@ -1144,11 +1144,11 @@ module Array { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { exists(ArrayIndex i, int num | num = mc.getNumberOfArguments() and preservesValue = true | - input = "ArrayElement[" + i + "] of Self" and - output = "ArrayElement[" + (i + num) + "] of Self" + input = "ArrayElement[" + i + "] of Receiver" and + output = "ArrayElement[" + (i + num) + "] of Receiver" or input = "Argument[" + i + "]" and - output = "ArrayElement[" + i + "] of Self" + output = "ArrayElement[" + i + "] of Receiver" ) } @@ -1170,7 +1170,7 @@ module Enumerable { AllSummary() { this = "all?" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true or @@ -1184,7 +1184,7 @@ module Enumerable { AnySummary() { this = "any?" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true or @@ -1198,7 +1198,7 @@ module Enumerable { CollectSummary() { this = ["collect", "collect!"] } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true or @@ -1212,7 +1212,7 @@ module Enumerable { CollectConcatSummary() { this = "collect_concat" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true or @@ -1226,7 +1226,7 @@ module Enumerable { CountSummary() { this = "count" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true } @@ -1236,7 +1236,7 @@ module Enumerable { CycleSummary() { this = "cycle" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true } @@ -1247,7 +1247,7 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ReturnValue"] or input = "ReturnValue of Argument[0]" and @@ -1276,11 +1276,11 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex j | - input = "ArrayElement[" + j + "] of Self" and + input = "ArrayElement[" + j + "] of Receiver" and output = "ArrayElement[" + (j - i) + "] of ReturnValue" ) ) and @@ -1295,7 +1295,7 @@ module Enumerable { } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } @@ -1305,7 +1305,7 @@ module Enumerable { DropWhileSummary() { this = "drop_while" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["ArrayElement[?] of ReturnValue", "Parameter[0] of BlockArgument"] and preservesValue = true } @@ -1315,7 +1315,7 @@ module Enumerable { EachConsSummary() { this = "each_cons" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of Parameter[0] of BlockArgument" and preservesValue = true } @@ -1326,14 +1326,14 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) ) and @@ -1346,14 +1346,14 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of Parameter[0] of BlockArgument" or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) ) and @@ -1366,14 +1366,14 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" or exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) ) and @@ -1386,7 +1386,7 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or input = "Argument[0]" and @@ -1400,7 +1400,7 @@ module Enumerable { FilterSummary() { this = ["filter", "filter_map"] } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ArrayElement[?] of ReturnValue"] and preservesValue = true } @@ -1411,7 +1411,7 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = ["Parameter[0] of BlockArgument", "ReturnValue"] or input = "ReturnValue of Argument[0]" and @@ -1433,7 +1433,7 @@ module Enumerable { FindIndexSummary() { this = "find_index" } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" and preservesValue = true } @@ -1452,7 +1452,7 @@ module Enumerable { FirstNoArgSummary() { this = "first(no_arg)" and mc.getNumberOfArguments() = 0 } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = ["ArrayElement[0] of Self", "ArrayElement[?] of Self"] and + input = ["ArrayElement[0] of Receiver", "ArrayElement[?] of Receiver"] and output = "ReturnValue" and preservesValue = true } @@ -1469,11 +1469,11 @@ module Enumerable { ( exists(ArrayIndex i | i < n and - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" ) and preservesValue = true @@ -1490,11 +1490,11 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( exists(ArrayIndex i | - input = "ArrayElement[" + i + "] of Self" and + input = "ArrayElement[" + i + "] of Receiver" and output = "ArrayElement[" + i + "] of ReturnValue" ) or - input = "ArrayElement[?] of Self" and + input = "ArrayElement[?] of Receiver" and output = "ArrayElement[?] of ReturnValue" ) and preservesValue = true @@ -1506,7 +1506,7 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or input = "ArrayElement of ReturnValue of BlockArgument" and @@ -1530,7 +1530,7 @@ module Enumerable { override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { ( - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "Parameter[0] of BlockArgument" or input = "ReturnValue of BlockArgument" and @@ -1544,7 +1544,7 @@ module Enumerable { GrepNoBlockSummary() { this = "grep(no_block)" and not exists(mc.getBlock()) } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - input = "ArrayElement of Self" and + input = "ArrayElement of Receiver" and output = "ArrayElement[?] of ReturnValue" and preservesValue = true } From 55492ef348dd55d26b6044aa94f5e483d8afae93 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 22 Dec 2021 11:42:15 +0100 Subject: [PATCH 27/31] Ruby: Update expected test output after rebase --- .../ConditionalBypass.expected | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected b/ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected index 489f5fa6977..3026c823650 100644 --- a/ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected +++ b/ruby/ql/test/query-tests/security/cwe-807-user-controlled-bypass/ConditionalBypass.expected @@ -1,12 +1,13 @@ edges -| ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:6:8:6:12 | check | +| ConditionalBypass.rb:3:13:3:18 | call to params : | ConditionalBypass.rb:3:13:3:26 | ...[...] : | +| ConditionalBypass.rb:3:13:3:26 | ...[...] : | ConditionalBypass.rb:6:8:6:12 | check | | ConditionalBypass.rb:14:14:14:19 | call to params : | ConditionalBypass.rb:14:14:14:27 | ...[...] | | ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] | | ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:25:10:25:22 | ...[...] : | -| ConditionalBypass.rb:25:10:25:15 | call to params : | ConditionalBypass.rb:27:8:27:8 | p | | ConditionalBypass.rb:25:10:25:22 | ...[...] : | ConditionalBypass.rb:27:8:27:8 | p | nodes | ConditionalBypass.rb:3:13:3:18 | call to params : | semmle.label | call to params : | +| ConditionalBypass.rb:3:13:3:26 | ...[...] : | semmle.label | ...[...] : | | ConditionalBypass.rb:6:8:6:12 | check | semmle.label | check | | ConditionalBypass.rb:14:14:14:19 | call to params : | semmle.label | call to params : | | ConditionalBypass.rb:14:14:14:27 | ...[...] | semmle.label | ...[...] | From 884552954880a057450cb50d2baef66d52dcb245 Mon Sep 17 00:00:00 2001 From: Taus Date: Mon, 3 Jan 2022 13:16:56 +0000 Subject: [PATCH 28/31] QL: Support trailing comma in set literals See https://github.com/tausbn/tree-sitter-ql/commit/725395405e65814f10095a451404b0ced5dc6289 for the grammar changes and corresponding test. --- ql/Cargo.lock | Bin 14087 -> 14087 bytes ql/extractor/Cargo.toml | 2 +- ql/generator/Cargo.toml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 1a49563fcb80bf61ca055307910127e3f13adf37..bfb99e71cbe5f7af520e4662c93a5d874428b5db 100644 GIT binary patch delta 98 zcmZqAYtP%zV;E>|WNK__YGPoTYG!I-Xp&}VU|?yQXkuz;VqlVFker%gnv!g0WMQdH Qtis8S{Gyvb8H%z305gvolmGw# delta 97 zcmZqAYtP%zV;Ep;mXwlgkeZlkXla&aX<=+^XknC`YMf?aX>62~YG!O|Y+`6+m}IO> Qq{7J!{9>Cw8H%z30FJvG;s5{u diff --git a/ql/extractor/Cargo.toml b/ql/extractor/Cargo.toml index cafaef144a5..c1bf39941f4 100644 --- a/ql/extractor/Cargo.toml +++ b/ql/extractor/Cargo.toml @@ -10,7 +10,7 @@ edition = "2018" flate2 = "1.0" node-types = { path = "../node-types" } tree-sitter = "0.19" -tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "36bdc0eae196f9833182ce3f8932be63534121b3" } +tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "725395405e65814f10095a451404b0ced5dc6289" } clap = "2.33" tracing = "0.1" tracing-subscriber = { version = "0.3.3", features = ["env-filter"] } diff --git a/ql/generator/Cargo.toml b/ql/generator/Cargo.toml index 4ff796cb218..49dfff1352b 100644 --- a/ql/generator/Cargo.toml +++ b/ql/generator/Cargo.toml @@ -11,4 +11,4 @@ clap = "2.33" node-types = { path = "../node-types" } tracing = "0.1" tracing-subscriber = { version = "0.3.3", features = ["env-filter"] } -tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "36bdc0eae196f9833182ce3f8932be63534121b3" } +tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "725395405e65814f10095a451404b0ced5dc6289" } From 1334d207fae515d0dbb141bb69b2749b4ca72770 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 3 Jan 2022 20:11:15 +0000 Subject: [PATCH 29/31] Post-release version bumps --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- cpp/upgrades/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- csharp/upgrades/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- java/upgrades/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- javascript/upgrades/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- python/upgrades/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 68e31e2eaf9..aea7c0c875f 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.0.5 +version: 0.0.6-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 0f431aa0200..ad680689af7 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.0.5 +version: 0.0.6-dev groups: cpp dependencies: codeql/cpp-all: "*" diff --git a/cpp/upgrades/qlpack.yml b/cpp/upgrades/qlpack.yml index a1b792bb60a..7ee852547d2 100644 --- a/cpp/upgrades/qlpack.yml +++ b/cpp/upgrades/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-upgrades groups: cpp upgrades: . -version: 0.0.5 +version: 0.0.6-dev library: true diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 928f7d5bb53..5ec9cd49b76 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.0.5 +version: 0.0.6-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 15a776b73d8..a6a9e038f4e 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.0.5 +version: 0.0.6-dev groups: csharp suites: codeql-suites extractor: csharp diff --git a/csharp/upgrades/qlpack.yml b/csharp/upgrades/qlpack.yml index cf3a3506c01..1c200ce647c 100644 --- a/csharp/upgrades/qlpack.yml +++ b/csharp/upgrades/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-upgrades groups: csharp -version: 0.0.5 +version: 0.0.6-dev upgrades: . library: true diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c3e1981278e..13bd8b93fe9 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.0.5 +version: 0.0.6-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 00bc7da584b..4362018759a 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.0.5 +version: 0.0.6-dev groups: java suites: codeql-suites extractor: java diff --git a/java/upgrades/qlpack.yml b/java/upgrades/qlpack.yml index 22f5c51f7d0..ab52a2d7488 100644 --- a/java/upgrades/qlpack.yml +++ b/java/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/java-upgrades groups: java upgrades: . library: true -version: 0.0.5 +version: 0.0.6-dev diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 66756d92702..ad2e8f16464 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.0.6 +version: 0.0.7-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 48b4b4d3c53..7d03e6f372d 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.0.6 +version: 0.0.7-dev groups: javascript suites: codeql-suites extractor: javascript diff --git a/javascript/upgrades/qlpack.yml b/javascript/upgrades/qlpack.yml index 25df9685769..970854465c7 100644 --- a/javascript/upgrades/qlpack.yml +++ b/javascript/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/javascript-upgrades groups: javascript upgrades: . library: true -version: 0.0.6 +version: 0.0.7-dev diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index ca4f7c8b23b..a95190890fa 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.0.5 +version: 0.0.6-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 5001a802ad9..cd47a35e967 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.0.5 +version: 0.0.6-dev groups: python dependencies: codeql/python-all: "*" diff --git a/python/upgrades/qlpack.yml b/python/upgrades/qlpack.yml index 052a69ae22c..c2cb763786e 100644 --- a/python/upgrades/qlpack.yml +++ b/python/upgrades/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/python-upgrades groups: python upgrades: . library: true -version: 0.0.5 +version: 0.0.6-dev diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index efa35ab6a5e..78a396f3910 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.0.5 +version: 0.0.6-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 65946fd8085..052787da6da 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.0.5 +version: 0.0.6-dev groups: ruby suites: codeql-suites defaultSuiteFile: codeql-suites/ruby-code-scanning.qls From 5f5af4a29e81955f76da5a13c3281bdbc0468a0d Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Mon, 3 Jan 2022 18:21:16 -0500 Subject: [PATCH 30/31] Move change notes to correct location A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `\ql\[src|lib]\change-notes` for current change notes. --- .../2021-10-07-cleartext-transmission.md | 0 .../{ => ql/src}/change-notes/2021-11-08-routing-trees.md | 4 +++- .../2021-12-07-handlebars-more-raw-interpolation.md | 4 +++- python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md | 4 ++++ .../{ => ql/src}/change-notes/2021-12-17-add-SSRF-queries.md | 5 +++-- ruby/{ => ql/lib}/change-notes/2021-12-21-constants.md | 4 +++- 6 files changed, 16 insertions(+), 5 deletions(-) rename cpp/{change-notes => old-change-notes}/2021-10-07-cleartext-transmission.md (100%) rename javascript/{ => ql/src}/change-notes/2021-11-08-routing-trees.md (89%) rename javascript/{ => ql/src}/change-notes/2021-12-07-handlebars-more-raw-interpolation.md (84%) create mode 100644 python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md rename python/{ => ql/src}/change-notes/2021-12-17-add-SSRF-queries.md (67%) rename ruby/{ => ql/lib}/change-notes/2021-12-21-constants.md (86%) diff --git a/cpp/change-notes/2021-10-07-cleartext-transmission.md b/cpp/old-change-notes/2021-10-07-cleartext-transmission.md similarity index 100% rename from cpp/change-notes/2021-10-07-cleartext-transmission.md rename to cpp/old-change-notes/2021-10-07-cleartext-transmission.md diff --git a/javascript/change-notes/2021-11-08-routing-trees.md b/javascript/ql/src/change-notes/2021-11-08-routing-trees.md similarity index 89% rename from javascript/change-notes/2021-11-08-routing-trees.md rename to javascript/ql/src/change-notes/2021-11-08-routing-trees.md index 5fa13a1bef6..e51ce23f70f 100644 --- a/javascript/change-notes/2021-11-08-routing-trees.md +++ b/javascript/ql/src/change-notes/2021-11-08-routing-trees.md @@ -1,3 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +--- * Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are `express` and `fastify`. * `js/missing-token-validation` has been made more precise, yielding both fewer false positives and more true positives. diff --git a/javascript/change-notes/2021-12-07-handlebars-more-raw-interpolation.md b/javascript/ql/src/change-notes/2021-12-07-handlebars-more-raw-interpolation.md similarity index 84% rename from javascript/change-notes/2021-12-07-handlebars-more-raw-interpolation.md rename to javascript/ql/src/change-notes/2021-12-07-handlebars-more-raw-interpolation.md index 7eb075550fa..e72b4adc2a6 100644 --- a/javascript/change-notes/2021-12-07-handlebars-more-raw-interpolation.md +++ b/javascript/ql/src/change-notes/2021-12-07-handlebars-more-raw-interpolation.md @@ -1,3 +1,5 @@ -lgtm,codescanning +--- +category: minorAnalysis +--- * Support for handlebars templates has improved. Raw interpolation tags of the form `{{& ... }}` are now recognized, as well as whitespace-trimming tags like `{{~ ... }}`. diff --git a/python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md b/python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md new file mode 100644 index 00000000000..1b50aa9ace8 --- /dev/null +++ b/python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md @@ -0,0 +1,4 @@ +--- +catgegory: minorAnalysis +--- +* To support the new SSRF queries, the PyPI package `requests` has been modeled, along with `http.client.HTTP[S]Connection` from the standard library. diff --git a/python/change-notes/2021-12-17-add-SSRF-queries.md b/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md similarity index 67% rename from python/change-notes/2021-12-17-add-SSRF-queries.md rename to python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md index d2a5e3b5312..af7da32ead4 100644 --- a/python/change-notes/2021-12-17-add-SSRF-queries.md +++ b/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md @@ -1,3 +1,4 @@ -lgtm,codescanning +--- +catgegory: newQuery +--- * Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default. -* To support the new SSRF queries, the PyPI package `requests` have been modeled, along with `http.client.HTTP[S]Connection` from the standard library. diff --git a/ruby/change-notes/2021-12-21-constants.md b/ruby/ql/lib/change-notes/2021-12-21-constants.md similarity index 86% rename from ruby/change-notes/2021-12-21-constants.md rename to ruby/ql/lib/change-notes/2021-12-21-constants.md index 29ee123d914..331078917e9 100644 --- a/ruby/change-notes/2021-12-21-constants.md +++ b/ruby/ql/lib/change-notes/2021-12-21-constants.md @@ -1,2 +1,4 @@ -lgtm,codescanning +--- +category: deprecated +--- * `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access. From 23fb3455c00c15e923ad79cdc723692c2d0dfe2e Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 4 Jan 2022 11:06:23 +0100 Subject: [PATCH 31/31] Python: Fix typo in change note --- python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md b/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md index af7da32ead4..aec0df66aa0 100644 --- a/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md +++ b/python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md @@ -1,4 +1,4 @@ --- -catgegory: newQuery +category: newQuery --- * Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default.